Skip to content

Commit

Permalink
Merge pull request #257 from capeprivacy/ben/verify-backwards-compat
Browse files Browse the repository at this point in the history 
only verify runtime verification if it is sent
  • Loading branch information
@justin1121
justin1121 authored Mar 28, 2023
2 parents b155b6f + 2163bb2 commit c5c53fd
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 15 deletions.
2 changes: 1 addition & 1 deletion sdk/key.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ type AttestationUserData struct {
FuncChecksum []byte `json:"func_checksum"`
KeyChecksum []byte `json:"key_checksum"`
CapeKey []byte `json:"key"`
SignatureVerificationKey []byte `json:"signature_verification_public_key"`
SignatureVerificationKey []byte `json:"signature_verification_public_key,omitempty"`
}

type KeyRequest struct {
Expand Down
29 changes: 15 additions & 14 deletions sdk/run.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -152,29 +152,30 @@ func invoke(attestDoc *attestationDoc, conn *websocket.Conn, data []byte) (*cli.
resData.DecodedAttestationDocument = attestDoc.decoded
resData.RawAttestationDocument = attestDoc.raw

log.Debugf("* Verifying Function Results.")

// TODO -- connect is already doing this
var ud AttestationUserData
if err := json.Unmarshal(attestDoc.decoded.UserData, &ud); err != nil {
return nil, err
}

publicKey, err := x509.ParsePKCS1PublicKey(ud.SignatureVerificationKey)
if err != nil {
return nil, err
}
if ud.SignatureVerificationKey != nil {
log.Debugf("* Verifying Function Results.")
publicKey, err := x509.ParsePKCS1PublicKey(ud.SignatureVerificationKey)
if err != nil {
return nil, err
}

c := sha256.New()
if err := json.NewEncoder(c).Encode(resData.Checksums); err != nil {
return nil, err
}
c := sha256.New()
if err := json.NewEncoder(c).Encode(resData.Checksums); err != nil {
return nil, err
}

if err := rsa.VerifyPSS(publicKey, crypto.SHA256, c.Sum(nil), resData.SignedChecksums, nil); err != nil {
return nil, err
}
if err := rsa.VerifyPSS(publicKey, crypto.SHA256, c.Sum(nil), resData.SignedChecksums, nil); err != nil {
return nil, err
}

log.Debugf("* Function Results Verified")
log.Debugf("* Function Results Verified")
}

return resData, nil
}
Expand Down

0 comments on commit c5c53fd

Please sign in to comment.