Description:
The Falcon::verify call in the attestation module is incorrectly implemented, leading to a complete breakdown of the Root of Trust.
Details:
In src/attestation/quote.rs:55-56, the function Falcon::verify(pk, msg, sig) is being called with swapped arguments:
The signature is being passed as pk.
The public Attestation Key (AK) is being passed as sig.
Impact:
This makes verification either always invalid or trivially spoofable. Forged quotes could be accepted, or valid ones rejected, destroying the attestation provider's credibility.
Location: /src/attestation/quote.rs:55-56
Description:
The Falcon::verify call in the attestation module is incorrectly implemented, leading to a complete breakdown of the Root of Trust.
Details:
In src/attestation/quote.rs:55-56, the function Falcon::verify(pk, msg, sig) is being called with swapped arguments:
The signature is being passed as pk.
The public Attestation Key (AK) is being passed as sig.
Impact:
This makes verification either always invalid or trivially spoofable. Forged quotes could be accepted, or valid ones rejected, destroying the attestation provider's credibility.
Location: /src/attestation/quote.rs:55-56