Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PccsAdminTool depends on order of elements in JSON response of PCS #420

Open
daniel-weisse opened this issue Sep 13, 2024 · 0 comments
Open

Comments

@daniel-weisse
Copy link

The PccsAdminTool does not follow the JSON specification when parsing the response of the PCS when retrieving QE/QVE/TD_QE identity.

Specifically this section performs manual parsing of the JSON data:

spos= datastr.find('"enclaveIdentity":{')
if spos == -1:
self.error("Could not extract enclave identity from JSON")
return None
spos+= len('"enclaveIdentity":')
epos= datastr.find('},"signature":')
msg= bytes(datastr[spos:epos+1], 'ascii')

This code only works correctly when the response is ordered like the following:

{
  "tcbInfo": {
    //...
  },
  "signature"; "<signature>"
}

This only works correctly when the JSON data returned by the PCS always follows the same order, which seems to be no longer the case.

It is also not guaranteed by the JSON specification.
To quote from the specification:

JSON is built on two structures:
A collection of name/value pairs. In various languages, this is realized as an object, record, struct, dictionary, hash table, keyed list, or associative array.
An ordered list of values. In most languages, this is realized as an array, vector, list, or sequence.

Since the PCS does not return an ordered list (array), but a collection of name/value pairs, the PccsAdminTool should not depend on the ordering of said values.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant