From eb1d842732ec02c3f5ac8d4fa7b092c85bd466da Mon Sep 17 00:00:00 2001 From: Kalpita Mandal Date: Thu, 7 Nov 2024 16:59:33 +0530 Subject: [PATCH 1/2] Updates to handle 4532 bytes length attestations --- contracts/periphery/AttestationVerifierZK.sol | 2 ++ package-lock.json | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/contracts/periphery/AttestationVerifierZK.sol b/contracts/periphery/AttestationVerifierZK.sol index cd69cbd..debc389 100644 --- a/contracts/periphery/AttestationVerifierZK.sol +++ b/contracts/periphery/AttestationVerifierZK.sol @@ -109,11 +109,13 @@ contract AttestationVerifierZK is (sha256(journal[56:104]) == sha256(attestation[155:203])) && // Checking PCR1 (sha256(journal[104:152]) == sha256(attestation[206:254])) && // Checking PCR2 ( + sha256(journal[152:249]) == sha256(attestation[1834:1931]) || sha256(journal[152:249]) == sha256(attestation[1835:1932]) || sha256(journal[152:249]) == sha256(attestation[1836:1933]) ) // Checking certificate root key && ( + sha256(journal[249:313]) == sha256(attestation[4352:4416]) || sha256(journal[249:313]) == sha256(attestation[4353:4417]) || sha256(journal[249:313]) == sha256(attestation[4354:4418]) || sha256(journal[249:313]) == sha256(attestation[4356:4420])) // Checking enclave public key, but not proper diff --git a/package-lock.json b/package-lock.json index d3cead8..34107ac 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12,7 +12,7 @@ "@nomicfoundation/hardhat-chai-matchers": "^2.0.6", "@nomicfoundation/hardhat-ethers": "^3.0.5", "@nomicfoundation/hardhat-toolbox": "^5.0.0", - "@openzeppelin/contracts": "^5.0.2", + "@openzeppelin/contracts": "^5.1.0", "@openzeppelin/contracts-upgradeable": "^5.0.2", "@openzeppelin/hardhat-upgrades": "^3.0.5", "bignumber.js": "^9.1.1", From 4f1db25524c0c05de4775e70b0709ba1b4bd24f2 Mon Sep 17 00:00:00 2001 From: Kalpita Mandal Date: Thu, 7 Nov 2024 18:05:01 +0530 Subject: [PATCH 2/2] Checking only timestamp and PCRs for validating attestations --- contracts/periphery/AttestationVerifierZK.sol | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/contracts/periphery/AttestationVerifierZK.sol b/contracts/periphery/AttestationVerifierZK.sol index debc389..c6a379e 100644 --- a/contracts/periphery/AttestationVerifierZK.sol +++ b/contracts/periphery/AttestationVerifierZK.sol @@ -107,18 +107,7 @@ contract AttestationVerifierZK is (sha256(journal[:8]) == sha256(attestation[87:95])) && // Checking timestamp (sha256(journal[8:56]) == sha256(attestation[104:152])) && // Checking PCR0 (sha256(journal[56:104]) == sha256(attestation[155:203])) && // Checking PCR1 - (sha256(journal[104:152]) == sha256(attestation[206:254])) && // Checking PCR2 - ( - sha256(journal[152:249]) == sha256(attestation[1834:1931]) || - sha256(journal[152:249]) == sha256(attestation[1835:1932]) || - sha256(journal[152:249]) == sha256(attestation[1836:1933]) - ) // Checking certificate root key - && - ( - sha256(journal[249:313]) == sha256(attestation[4352:4416]) || - sha256(journal[249:313]) == sha256(attestation[4353:4417]) || - sha256(journal[249:313]) == sha256(attestation[4354:4418]) || - sha256(journal[249:313]) == sha256(attestation[4356:4420])) // Checking enclave public key, but not proper + (sha256(journal[104:152]) == sha256(attestation[206:254])) // Checking PCR2 ) ) revert AttestationVerifierAttestationTooOld(); }