This is an automated email from the ASF dual-hosted git repository.
mssun pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/incubator-teaclave.git
The following commit(s) were added to refs/heads/develop by this push:
new cab1418 [attestation] Re-organize visibility of structures
cab1418 is described below
commit cab14189748bb0efa7a0df7a88d6f90d7aff8789
Author: Mingshen Sun <[email protected]>
AuthorDate: Mon Jan 20 14:58:52 2020 -0800
[attestation] Re-organize visibility of structures
---
attestation/src/ias.rs | 30 ++++++------------------------
attestation/src/lib.rs | 30 +++++++++++++++++++-----------
attestation/src/platform.rs | 10 +++++-----
attestation/src/report.rs | 23 ++++++-----------------
4 files changed, 36 insertions(+), 57 deletions(-)
diff --git a/attestation/src/ias.rs b/attestation/src/ias.rs
index 50ef0c7..bfec65a 100644
--- a/attestation/src/ias.rs
+++ b/attestation/src/ias.rs
@@ -16,12 +16,12 @@
// under the License.
use crate::AttestationError;
+use crate::IasReport;
use anyhow::Error;
use anyhow::Result;
use anyhow::{anyhow, bail};
use log::{debug, trace};
use percent_encoding;
-use serde::{Deserialize, Serialize};
use sgx_types::*;
use std::collections::HashMap;
use std::io::{Read, Write};
@@ -30,21 +30,12 @@ use std::os::unix::io::FromRawFd;
use std::prelude::v1::*;
use std::sync::Arc;
-#[cfg(feature = "mesalock_sgx")]
extern "C" {
fn ocall_sgx_get_ias_socket(p_retval: *mut i32) -> sgx_status_t;
}
-#[derive(Default, Serialize, Deserialize)]
-pub struct IasReport {
- pub report: Vec<u8>,
- pub signature: Vec<u8>,
- pub signing_cert: Vec<u8>,
-}
-
impl IasReport {
- #[cfg(feature = "mesalock_sgx")]
- pub fn new(
+ pub(crate) fn new(
pub_k: sgx_types::sgx_ec256_public_t,
ias_key: &str,
ias_spid: &str,
@@ -60,13 +51,13 @@ impl IasReport {
}
}
-pub struct IasClient {
+struct IasClient {
ias_key: String,
ias_hostname: &'static str,
}
impl IasClient {
- pub fn new(ias_key: &str) -> Self {
+ fn new(ias_key: &str) -> Self {
#[cfg(production)]
let ias_hostname = "as.sgx.trustedservices.intel.com";
#[cfg(not(production))]
@@ -92,7 +83,7 @@ impl IasClient {
Ok(stream)
}
- pub fn get_sigrl(&mut self, epid_group_id: u32) -> Result<Vec<u8>> {
+ fn get_sigrl(&mut self, epid_group_id: u32) -> Result<Vec<u8>> {
let sigrl_uri = format!("/sgx/dev/attestation/v3/sigrl/{:08x}",
epid_group_id);
let request = format!(
"GET {} HTTP/1.1\r\n\
@@ -136,7 +127,7 @@ impl IasClient {
}
}
- pub fn get_report(&mut self, quote: &[u8]) -> Result<IasReport> {
+ fn get_report(&mut self, quote: &[u8]) -> Result<IasReport> {
debug!("get_report");
let report_uri = "/sgx/dev/attestation/v3/report";
let encoded_quote = base64::encode(quote);
@@ -228,7 +219,6 @@ fn parse_headers(resp: &httparse::Response) ->
HashMap<String, String> {
header_map
}
-#[cfg(feature = "mesalock_sgx")]
fn get_ias_socket() -> Result<c_int> {
debug!("get_ias_socket");
let mut fd: c_int = -1;
@@ -240,11 +230,3 @@ fn get_ias_socket() -> Result<c_int> {
Ok(fd)
}
}
-
-#[cfg(not(feature = "mesalock_sgx"))]
-fn get_ias_socket() -> Result<c_int> {
- use std::os::unix::io::IntoRawFd;
- let ias_addr = "api.trustedservices.intel.com:443";
- let stream = TcpStream::connect(ias_addr)?;
- Ok(stream.into_raw_fd())
-}
diff --git a/attestation/src/lib.rs b/attestation/src/lib.rs
index a3dcc94..d9f70e5 100644
--- a/attestation/src/lib.rs
+++ b/attestation/src/lib.rs
@@ -20,31 +20,39 @@
#[macro_use]
extern crate sgx_tstd as std;
-use thiserror::Error;
+use serde::{Deserialize, Serialize};
+use std::prelude::v1::*;
-#[derive(Error, Debug)]
+#[derive(thiserror::Error, Debug)]
pub enum AttestationError {
- #[error("OCall failed")]
+ #[error("OCall error")]
OCallError,
- #[error("Ias error")]
+ #[error("IAS error")]
IasError,
- #[error("Get quote error")]
- QuoteError,
+ #[error("Platform error")]
+ PlatformError,
+ #[error("Report error")]
+ ReportError,
+}
+
+#[derive(Default, Serialize, Deserialize)]
+pub(crate) struct IasReport {
+ pub report: Vec<u8>,
+ pub signature: Vec<u8>,
+ pub signing_cert: Vec<u8>,
}
#[macro_use]
mod cert;
-pub mod ias;
pub mod report;
pub mod verifier;
-use cfg_if::cfg_if;
-cfg_if! {
+cfg_if::cfg_if! {
if #[cfg(feature = "mesalock_sgx")] {
- pub mod key;
+ mod ias;
+ mod key;
mod platform;
mod attestation;
- pub use ias::IasReport;
pub use attestation::RemoteAttestation;
}
}
diff --git a/attestation/src/platform.rs b/attestation/src/platform.rs
index 5743299..f8fe306 100644
--- a/attestation/src/platform.rs
+++ b/attestation/src/platform.rs
@@ -68,7 +68,7 @@ pub(crate) fn create_sgx_report(
report_data.d[32..].clone_from_slice(&pub_k_gy);
rsgx_create_report(&target_info, &report_data)
- .map_err(|_| Error::new(AttestationError::IasError))
+ .map_err(|_| Error::new(AttestationError::PlatformError))
}
pub(crate) fn get_sgx_quote(
@@ -127,14 +127,14 @@ pub(crate) fn get_sgx_quote(
debug!("rsgx_verify_report");
// Perform a check on qe_report to verify if the qe_report is valid.
- rsgx_verify_report(&qe_report).map_err(|_|
Error::new(AttestationError::IasError))?;
+ rsgx_verify_report(&qe_report).map_err(|_|
Error::new(AttestationError::PlatformError))?;
// Check if the qe_report is produced on the same platform.
if target_info.mr_enclave.m != qe_report.body.mr_enclave.m
|| target_info.attributes.flags != qe_report.body.attributes.flags
|| target_info.attributes.xfrm != qe_report.body.attributes.xfrm
{
- bail!(AttestationError::QuoteError);
+ bail!(AttestationError::PlatformError);
}
// Check qe_report to defend against replay attack. The purpose of
@@ -149,10 +149,10 @@ pub(crate) fn get_sgx_quote(
rhs_vec.extend("e);
debug!("rsgx_sha256_slice");
let rhs_hash =
- rsgx_sha256_slice(&rhs_vec).map_err(|_|
Error::new(AttestationError::IasError))?;
+ rsgx_sha256_slice(&rhs_vec).map_err(|_|
Error::new(AttestationError::PlatformError))?;
let lhs_hash = &qe_report.body.report_data.d[..32];
if rhs_hash != lhs_hash {
- bail!(AttestationError::QuoteError);
+ bail!(AttestationError::PlatformError);
}
Ok(quote)
diff --git a/attestation/src/report.rs b/attestation/src/report.rs
index 9dd9abc..4a079d0 100644
--- a/attestation/src/report.rs
+++ b/attestation/src/report.rs
@@ -19,7 +19,8 @@
#[cfg(feature = "mesalock_sgx")]
use std::prelude::v1::*;
-use crate::ias::IasReport;
+use crate::AttestationError;
+use crate::IasReport;
use anyhow::{anyhow, bail, ensure};
use anyhow::{Error, Result};
use chrono::DateTime;
@@ -49,16 +50,6 @@ static SUPPORTED_SIG_ALGS: SignatureAlgorithms = &[
&webpki::RSA_PKCS1_3072_8192_SHA384,
];
-use thiserror::Error;
-
-#[derive(Error, Debug)]
-pub enum QuoteParsingError {
- #[error("Invalid cert format")]
- InvalidCertFormat,
- #[error("Bad attestation report")]
- BadAttnReport,
-}
-
pub struct SgxReport {
pub cpu_svn: [u8; 16],
pub misc_select: u32,
@@ -113,8 +104,6 @@ pub struct SgxQuoteBody {
impl SgxQuoteBody {
fn parse_from<'a>(bytes: &'a [u8]) -> Result<Self> {
let mut pos: usize = 0;
- // TODO: It is really unnecessary to construct a Vec<u8> each time.
- // Try to optimize this.
let mut take = |n: usize| -> Result<&'a [u8]> {
if n > 0 && bytes.len() >= pos + n {
let ret = &bytes[pos..pos + n];
@@ -284,7 +273,7 @@ impl AttestationReport {
let quote_freshness = {
let time = attn_report["timestamp"]
.as_str()
- .ok_or_else(|| Error::new(QuoteParsingError::BadAttnReport))?;
+ .ok_or_else(|| Error::new(AttestationError::ReportError))?;
let time_fixed = String::from(time) + "+0000";
let date_time = DateTime::parse_from_str(&time_fixed,
"%Y-%m-%dT%H:%M:%S%.f%z")?;
let ts = date_time.naive_utc();
@@ -296,7 +285,7 @@ impl AttestationReport {
let sgx_quote_status = {
let status_string = attn_report["isvEnclaveQuoteStatus"]
.as_str()
- .ok_or_else(|| Error::new(QuoteParsingError::BadAttnReport))?;
+ .ok_or_else(|| Error::new(AttestationError::ReportError))?;
SgxQuoteStatus::from(status_string)
};
@@ -305,7 +294,7 @@ impl AttestationReport {
let sgx_quote_body = {
let quote_encoded = attn_report["isvEnclaveQuoteBody"]
.as_str()
- .ok_or_else(|| Error::new(QuoteParsingError::BadAttnReport))?;
+ .ok_or_else(|| Error::new(AttestationError::ReportError))?;
let quote_raw = base64::decode("e_encoded.as_bytes())?;
SgxQuoteBody::parse_from(quote_raw.as_slice())?
};
@@ -324,7 +313,7 @@ impl AttestationReport {
let is_uncompressed = raw_pub_k[0] == 4;
let pub_k = &raw_pub_k.as_slice()[1..];
if !is_uncompressed || pub_k !=
&sgx_quote_body.report_body.report_data[..] {
- bail!(QuoteParsingError::BadAttnReport);
+ bail!(AttestationError::ReportError);
}
Ok(Self {
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
