Skip to content

Commit 17e56c3

Browse files
ameba23ameba23
committed
Length prefixing for attestations
1 parent 4f0cf97 commit 17e56c3

File tree

1 file changed

+22
-3
lines changed

1 file changed

+22
-3
lines changed

src/lib.rs

Lines changed: 22 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -45,6 +45,7 @@ impl ProxyServer {
4545
server
4646
}
4747

48+
/// Start with preconfigured TLS
4849
pub async fn new_with_tls_config(
4950
cert_chain: Vec<CertificateDer<'static>>,
5051
server_config: Arc<ServerConfig>,
@@ -84,6 +85,14 @@ impl ProxyServer {
8485
)
8586
.unwrap();
8687

88+
let attestation = attestation_platform.create_attestation(&cert_chain, exporter);
89+
let attestation_length_prefix = length_prefix(&attestation);
90+
91+
tls_stream
92+
.write_all(&attestation_length_prefix)
93+
.await
94+
.unwrap();
95+
8796
tls_stream
8897
.write_all(&attestation_platform.create_attestation(&cert_chain, exporter))
8998
.await
@@ -172,7 +181,12 @@ impl ProxyClient {
172181
.unwrap();
173182

174183
let cert_chain = server_connection.peer_certificates().unwrap().to_owned();
175-
let mut buf = [0; 64];
184+
185+
let mut length_bytes = [0; 4];
186+
tls_stream.read_exact(&mut length_bytes).await.unwrap();
187+
let length: usize = u32::from_be_bytes(length_bytes).try_into().unwrap();
188+
189+
let mut buf = vec![0; length];
176190
tls_stream.read_exact(&mut buf).await.unwrap();
177191

178192
if !attestation_platform.verify_attestation(buf, &cert_chain, exporter) {
@@ -196,7 +210,7 @@ pub trait AttestationPlatform {
196210

197211
fn verify_attestation(
198212
&self,
199-
input: [u8; 64],
213+
input: Vec<u8>,
200214
cert_chain: &[CertificateDer<'_>],
201215
exporter: [u8; 32],
202216
) -> bool;
@@ -218,7 +232,7 @@ impl AttestationPlatform for MockAttestation {
218232
/// Mocks verifying an attestation
219233
fn verify_attestation(
220234
&self,
221-
input: [u8; 64],
235+
input: Vec<u8>,
222236
cert_chain: &[CertificateDer<'_>],
223237
exporter: [u8; 32],
224238
) -> bool {
@@ -231,6 +245,11 @@ impl AttestationPlatform for MockAttestation {
231245
}
232246
}
233247

248+
fn length_prefix(input: &[u8]) -> [u8; 4] {
249+
let len = input.len() as u32;
250+
len.to_be_bytes()
251+
}
252+
234253
/// Given a certificate chain, get the [Sha256] hash of the public key of the leaf certificate
235254
fn get_pki_hash_from_certificate_chain(
236255
cert_chain: &[CertificateDer<'_>],

0 commit comments

Comments
 (0)