Skip to content

Commit a5f223c

Browse files
peternosepeternose
authored
Merge pull request #6516 from oasisprotocol/peternose/trivial/pcs-quote-errors
go/common/sgx/pcs/quote: Improve error messages
2 parents 7db1ccb + 2bdc760 commit a5f223c

2 files changed

Lines changed: 23 additions & 9 deletions

File tree

.changelog/6516.trivial.md

Whitespace-only changes.

go/common/sgx/pcs/quote.go

Lines changed: 23 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -474,37 +474,51 @@ func (qe *CertificationData_QEReport) CertificationDataType() CertificationDataT
474474

475475
// UnmarshalBinary decodes CertificationData_QEReport from a byte array.
476476
func (qe *CertificationData_QEReport) UnmarshalBinary(data []byte) error {
477+
var offset int
478+
477479
if len(data) < reportBodySgxLen {
478-
return fmt.Errorf("pcs/quote: malformed certification data")
480+
return fmt.Errorf("pcs/quote: missing report body")
479481
}
480-
481-
var offset int
482482
if err := qe.QEReport.UnmarshalBinary(data[offset : offset+reportBodySgxLen]); err != nil {
483483
return err
484484
}
485485
offset += reportBodySgxLen
486486

487487
if len(data) < offset+len(qe.QEReportSignature[:]) {
488-
return fmt.Errorf("pcs/quote: malformed certification data")
488+
return fmt.Errorf("pcs/quote: missing report signature")
489489
}
490490
copy(qe.QEReportSignature[:], data[offset:])
491491
offset += len(qe.QEReportSignature)
492492

493+
if len(data) < offset+2 {
494+
return fmt.Errorf("pcs/quote: missing authentication data size")
495+
}
493496
authDataSize := int(binary.LittleEndian.Uint16(data[offset:]))
494497
offset += 2
498+
495499
if len(data) < offset+authDataSize {
496-
return fmt.Errorf("pcs/quote: invalid ECDSA-P256 quote signature authentication data size")
500+
return fmt.Errorf("pcs/quote: invalid authentication data size")
497501
}
498502
qe.AuthenticationData = make([]byte, authDataSize)
499503
copy(qe.AuthenticationData[:], data[offset:offset+authDataSize])
500504
offset += authDataSize
501505

506+
if len(data) < offset+2 {
507+
return fmt.Errorf("pcs/quote: missing certification data type")
508+
}
502509
certificationDataType := CertificationDataType(binary.LittleEndian.Uint16(data[offset:]))
503-
certDataSize := int(binary.LittleEndian.Uint32(data[offset+2:]))
504-
if len(data) < offset+6+certDataSize {
505-
return fmt.Errorf("pcs/quote: invalid ECDSA-P256 quote signature certification data size")
510+
offset += 2
511+
512+
if len(data) < offset+4 {
513+
return fmt.Errorf("pcs/quote: missing certification data size")
514+
}
515+
certDataSize := int(binary.LittleEndian.Uint32(data[offset:]))
516+
offset += 4
517+
518+
if len(data) < offset+certDataSize {
519+
return fmt.Errorf("pcs/quote: invalid certification data size")
506520
}
507-
certData := data[offset+6 : offset+6+certDataSize]
521+
certData := data[offset : offset+certDataSize]
508522

509523
switch certificationDataType {
510524
case CertificationDataPPIDCleartext, CertificationDataPPIDEncryptedRSA2048, CertificationDataPPIDEncryptedRSA3072:

0 commit comments

Comments
 (0)