[incubator-teaclave] branch develop updated: [dcap] der-format files are no longer needed

Mon, 10 Feb 2020 00:06:00 -0800 

This is an automated email from the ASF dual-hosted git repository.

mssun pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/incubator-teaclave.git


The following commit(s) were added to refs/heads/develop by this push:
     new 2f54db9  [dcap] der-format files are no longer needed
2f54db9 is described below

commit 2f54db9df797c899c1bda6a1b6dfc1517118b905
Author: Mingshen Sun <[email protected]>
AuthorDate: Sun Feb 9 22:55:26 2020 -0800

    [dcap] der-format files are no longer needed
---
 .drone.yml                 |   1 +
 attestation/src/service.rs |   6 +++---
 dcap/Cargo.toml            |   1 +
 dcap/src/main.rs           |  21 ++++++++++++---------
 keys/dcap_root_ca_cert.der | Bin 1403 -> 0 bytes
 keys/dcap_server_key.der   | Bin 2350 -> 0 bytes
 6 files changed, 17 insertions(+), 12 deletions(-)

diff --git a/.drone.yml b/.drone.yml
index 5fa934e..ff16647 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -563,6 +563,7 @@ trigger:
 
 depends_on:
   - sgx-debug-ubuntu-1804
+  - sgx-dcap-debug-ubuntu-1804
   - sgx-release-ubuntu-1804
   - sim-debug-ubuntu-1804
   - sim-release-ubuntu-1804
diff --git a/attestation/src/service.rs b/attestation/src/service.rs
index 6b489b7..e2127b2 100644
--- a/attestation/src/service.rs
+++ b/attestation/src/service.rs
@@ -34,6 +34,8 @@ use std::os::unix::io::FromRawFd;
 use std::prelude::v1::*;
 use std::sync::Arc;
 
+const DCAP_ROOT_CA_CERT: &str = 
include_str!("../../keys/dcap_root_ca_cert.pem");
+
 impl EndorsedAttestationReport {
     pub(crate) fn new(
         att_service_cfg: &AttestationServiceConfig,
@@ -65,9 +67,7 @@ fn new_tls_stream(url: &url::Url) -> 
Result<rustls::StreamOwned<rustls::ClientSe
     let mut config = rustls::ClientConfig::new();
     config
         .root_store
-        .add(&rustls::Certificate(
-            include_bytes!("../../keys/dcap_root_ca_cert.der").to_vec(),
-        ))
+        .add_pem_file(&mut DCAP_ROOT_CA_CERT.to_string().as_bytes())
         .unwrap();
     config
         .root_store
diff --git a/dcap/Cargo.toml b/dcap/Cargo.toml
index 086aece..c6c8980 100644
--- a/dcap/Cargo.toml
+++ b/dcap/Cargo.toml
@@ -20,6 +20,7 @@ uuid             = { version = "0.8.1", features = ["v4"] }
 chrono           = { version = "0.4.10" }
 lazy_static      = { version = "1.4.0" }
 percent-encoding = { version = "2.1.0" }
+pem              = { version = "0.7.0" }
 
 sgx_types        = { git = 
"https://github.com/apache/incubator-teaclave-sgx-sdk"; }
 sgx_ucrypto      = { git = 
"https://github.com/apache/incubator-teaclave-sgx-sdk"; }
diff --git a/dcap/src/main.rs b/dcap/src/main.rs
index 871b31c..8d529d3 100644
--- a/dcap/src/main.rs
+++ b/dcap/src/main.rs
@@ -20,7 +20,15 @@ use ring::signature;
 use rocket::{http, response};
 use sgx_types::*;
 
-const REPORT_SIGNING_CERT: &'static str = 
include_str!("../../keys/dcap_server_cert.pem");
+const REPORT_SIGNING_CERT: &str = 
include_str!("../../keys/dcap_server_cert.pem");
+const REPORT_SIGNING_KEY: &str = 
include_str!("../../keys/dcap_server_key.pem");
+
+lazy_static! {
+    static ref SIGNER: signature::RsaKeyPair = {
+        let der = pem::parse(REPORT_SIGNING_KEY).unwrap().contents;
+        signature::RsaKeyPair::from_pkcs8(&der).unwrap()
+    };
+}
 
 #[link(name = "dcap_quoteverify")]
 #[link(name = "sgx_dcap_ql")]
@@ -40,11 +48,6 @@ extern "C" {
     ) -> sgx_quote3_error_t;
 }
 
-lazy_static! {
-    static ref SIGNER: signature::RsaKeyPair =
-        
signature::RsaKeyPair::from_der(include_bytes!("../../keys/dcap_server_key.der")).unwrap();
-}
-
 enum QuoteVerificationResponse {
     BadRequest,
     InternalError,
@@ -65,7 +68,7 @@ impl QuoteVerificationResponse {
     }
 }
 
-fn to_report(rst: &sgx_ql_qv_result_t) -> &'static str {
+fn to_report(rst: sgx_ql_qv_result_t) -> &'static str {
     use sgx_ql_qv_result_t::*;
     match rst {
         SGX_QL_QV_RESULT_OK => "OK",
@@ -79,11 +82,11 @@ fn to_report(rst: &sgx_ql_qv_result_t) -> &'static str {
 }
 
 impl QuoteVerificationResult {
-    pub fn to_json(self) -> String {
+    pub fn to_json(&self) -> String {
         serde_json::json!({
             "id": uuid::Uuid::new_v4().to_simple().to_string(),
             "timestamp": Utc::now().format("%Y-%m-%dT%H:%M:%S%.f").to_string(),
-            "isvEnclaveQuoteStatus": to_report(&self.quote_status),
+            "isvEnclaveQuoteStatus": to_report(self.quote_status),
             "isvEnclaveQuoteBody": self.isv_enclave_quote,
         })
         .to_string()
diff --git a/keys/dcap_root_ca_cert.der b/keys/dcap_root_ca_cert.der
deleted file mode 100644
index 29686e4..0000000
Binary files a/keys/dcap_root_ca_cert.der and /dev/null differ
diff --git a/keys/dcap_server_key.der b/keys/dcap_server_key.der
deleted file mode 100644
index fe7e5b2..0000000
Binary files a/keys/dcap_server_key.der and /dev/null differ


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to