Skip to content
This repository has been archived by the owner on Nov 21, 2023. It is now read-only.

Commit

Permalink
Validate the freshness of session nonce
Browse files Browse the repository at this point in the history
According to the RMM spec, A7.2.3 Attestation token format [1], the CCA token
has a client challenge sealed in the token, the challenge is generated
when the CCA token is got from AA (attestation agent).

When the CCA token is validated by the veraison, a session nonce is created as well,
semantically, the session nonce should be equal with the client challenge, this logic
has been validated inside veraison service [2].

While the freshness also implies the session nonce key should equal with the nonce
enveloped in the ear which is the format of attestation result [3], by this, we have:
```
client challenge in token == session nonce == ear's nonce
```
and thus avoid the replay attack.

NOTE: If the "client challenge in token != session nonce key", vts service from Veraison
takes it as a warning, this is debatable and should be further discuss with Veraison
team, `rust-client` should return an error instead.

fix: https://github.com/confidential-containers/attestation-service/issues/127

> WARN    vts     {"detail":["freshness: realm challenge (00000000000...) does not match session nonce
> ... "detail-type":"error","error":"bad evidence"}

Signed-off-by: Dave Chen <[email protected]>

[1] https://documentation-service.arm.com/static/63a16f163f28e5456434c719?token=
[2] https://github.com/veraison/services/blob/dfb068204473cad9c412337d5abef7ad88b8bc3b/scheme/cca-ssd-platform/evidence_handler.go#L120-L126
[3] https://github.com/veraison/docs/blob/main/architecture/verifier/freshness.md
  • Loading branch information
chendave committed Oct 16, 2023
1 parent 5ec1624 commit 605492e
Show file tree
Hide file tree
Showing 3 changed files with 510 additions and 316 deletions.
Loading

0 comments on commit 605492e

Please sign in to comment.