This is an automated email from the ASF dual-hosted git repository.
mssun pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/incubator-teaclave.git
The following commit(s) were added to refs/heads/develop by this push:
new 0fab794 [attestation] Code polishing
0fab794 is described below
commit 0fab794ae2e6967f10a9822ee3114fb8b6e13b4b
Author: Mingshen Sun <[email protected]>
AuthorDate: Fri Jan 17 23:53:48 2020 -0800
[attestation] Code polishing
---
attestation/src/attestation.rs | 2 +-
attestation/src/ias.rs | 24 +++++++++++-------------
attestation/src/lib.rs | 1 -
attestation/src/platform.rs | 10 +++++-----
attestation/src/report.rs | 6 ++----
services/authentication/enclave/src/lib.rs | 8 +++-----
services/database/enclave/src/lib.rs | 8 +++-----
7 files changed, 25 insertions(+), 34 deletions(-)
diff --git a/attestation/src/attestation.rs b/attestation/src/attestation.rs
index 92d5e06..d2d6a70 100644
--- a/attestation/src/attestation.rs
+++ b/attestation/src/attestation.rs
@@ -20,7 +20,7 @@ impl RemoteAttestation {
let report = if cfg!(sgx_sim) {
IasReport::default()
} else {
- IasReport::new(key_pair.pub_k, ias_key, ias_spid, false)?
+ IasReport::new(key_pair.pub_k, ias_key, ias_spid)?
};
let cert_extension = serde_json::to_vec(&report)?;
diff --git a/attestation/src/ias.rs b/attestation/src/ias.rs
index 9af7186..50ef0c7 100644
--- a/attestation/src/ias.rs
+++ b/attestation/src/ias.rs
@@ -48,14 +48,13 @@ impl IasReport {
pub_k: sgx_types::sgx_ec256_public_t,
ias_key: &str,
ias_spid: &str,
- production: bool,
) -> anyhow::Result<Self> {
use crate::platform;
- let (target_info, epid_group_id) = platform::init_quote()?;
- let mut ias_client = IasClient::new(ias_key, production);
+ let (target_info, epid_group_id) = platform::init_sgx_quote()?;
+ let mut ias_client = IasClient::new(ias_key);
let sigrl = ias_client.get_sigrl(u32::from_le_bytes(epid_group_id))?;
- let sgx_report = platform::create_report(pub_k, target_info)?;
- let quote = platform::get_quote(&sigrl, sgx_report, target_info,
ias_spid)?;
+ let sgx_report = platform::create_sgx_report(pub_k, target_info)?;
+ let quote = platform::get_sgx_quote(&sigrl, sgx_report, target_info,
ias_spid)?;
let ias_report = ias_client.get_report("e)?;
Ok(ias_report)
}
@@ -67,12 +66,11 @@ pub struct IasClient {
}
impl IasClient {
- pub fn new(ias_key: &str, production: bool) -> Self {
- let ias_hostname = if production {
- "as.sgx.trustedservices.intel.com"
- } else {
- "api.trustedservices.intel.com"
- };
+ pub fn new(ias_key: &str) -> Self {
+ #[cfg(production)]
+ let ias_hostname = "as.sgx.trustedservices.intel.com";
+ #[cfg(not(production))]
+ let ias_hostname = "api.trustedservices.intel.com";
Self {
ias_key: ias_key.to_owned(),
@@ -116,7 +114,7 @@ impl IasClient {
.map_err(|_| Error::new(AttestationError::IasError))?
{
httparse::Status::Complete(s) => s,
- _ => bail!(Error::new(AttestationError::IasError)),
+ _ => bail!(AttestationError::IasError),
};
let header_map = parse_headers(&http_response);
@@ -189,7 +187,7 @@ impl IasClient {
.unwrap_or(0)
== 0
{
- bail!(Error::new(AttestationError::IasError));
+ bail!(AttestationError::IasError);
}
debug!("get_signature");
diff --git a/attestation/src/lib.rs b/attestation/src/lib.rs
index 81dd8eb..a3dcc94 100644
--- a/attestation/src/lib.rs
+++ b/attestation/src/lib.rs
@@ -46,6 +46,5 @@ cfg_if! {
mod attestation;
pub use ias::IasReport;
pub use attestation::RemoteAttestation;
- } else {
}
}
diff --git a/attestation/src/platform.rs b/attestation/src/platform.rs
index fda919a..5743299 100644
--- a/attestation/src/platform.rs
+++ b/attestation/src/platform.rs
@@ -39,7 +39,7 @@ extern "C" {
) -> sgx_status_t;
}
-pub(crate) fn init_quote() -> Result<(sgx_target_info_t, sgx_epid_group_id_t)>
{
+pub(crate) fn init_sgx_quote() -> Result<(sgx_target_info_t,
sgx_epid_group_id_t)> {
debug!("init_quote");
let mut ti: sgx_target_info_t = sgx_target_info_t::default();
let mut eg: sgx_epid_group_id_t = sgx_epid_group_id_t::default();
@@ -54,7 +54,7 @@ pub(crate) fn init_quote() -> Result<(sgx_target_info_t,
sgx_epid_group_id_t)> {
}
}
-pub(crate) fn create_report(
+pub(crate) fn create_sgx_report(
pub_k: sgx_ec256_public_t,
target_info: sgx_target_info_t,
) -> Result<sgx_report_t> {
@@ -71,7 +71,7 @@ pub(crate) fn create_report(
.map_err(|_| Error::new(AttestationError::IasError))
}
-pub(crate) fn get_quote(
+pub(crate) fn get_sgx_quote(
sigrl: &[u8],
report: sgx_report_t,
target_info: sgx_target_info_t,
@@ -93,8 +93,8 @@ pub(crate) fn get_quote(
}
let mut quote_nonce = sgx_quote_nonce_t { rand: [0; 16] };
- let mut os_rng = SgxRng::new()?;
- os_rng.fill_bytes(&mut quote_nonce.rand);
+ let mut rng = SgxRng::new()?;
+ rng.fill_bytes(&mut quote_nonce.rand);
let mut qe_report = sgx_report_t::default();
let quote_type = sgx_quote_sign_type_t::SGX_LINKABLE_SIGNATURE;
diff --git a/attestation/src/report.rs b/attestation/src/report.rs
index 71331b5..7237fde 100644
--- a/attestation/src/report.rs
+++ b/attestation/src/report.rs
@@ -15,8 +15,6 @@
// specific language governing permissions and limitations
// under the License.
-#![allow(clippy::redundant_closure)]
-
// Insert std prelude in the top for the sgx feature
#[cfg(feature = "mesalock_sgx")]
use std::prelude::v1::*;
@@ -235,6 +233,7 @@ impl AttestationReport {
// Before we reach here, Webpki already verifed the cert is properly
signed
use super::cert::*;
+ #[allow(clippy::redundant_closure)]
let x509 = yasna::parse_der(cert, |reader| X509::load(reader))?;
let tbs_cert: <TbsCert as Asn1Ty>::ValueTy = x509.0;
@@ -247,7 +246,6 @@ impl AttestationReport {
let payload: Vec<u8> = ((sgx_ra_cert_ext.0).1).0;
- // Extract each field
let report: IasReport = serde_json::from_slice(&payload)?;
let signing_cert = webpki::EndEntityCert::from(&report.signing_cert)?;
@@ -310,7 +308,7 @@ impl AttestationReport {
let quote_encoded = attn_report["isvEnclaveQuoteBody"]
.as_str()
.ok_or_else(|| Error::new(QuoteParsingError::BadAttnReport))?;
- let quote_raw = base64::decode(&(quote_encoded.as_bytes()))?;
+ let quote_raw = base64::decode("e_encoded.as_bytes())?;
SgxQuoteBody::parse_from(quote_raw.as_slice())?
};
diff --git a/services/authentication/enclave/src/lib.rs
b/services/authentication/enclave/src/lib.rs
index b75dc8c..3ca0932 100644
--- a/services/authentication/enclave/src/lib.rs
+++ b/services/authentication/enclave/src/lib.rs
@@ -49,12 +49,10 @@ mod service;
#[handle_ecall]
fn handle_start_service(args: &StartServiceInput) ->
Result<StartServiceOutput> {
debug!("handle_start_service");
+ let config = config::runtime_config();
let listener = std::net::TcpListener::new(args.fd)?;
- let attestation = RemoteAttestation::generate_and_endorse(
- &config::runtime_config().env.ias_key,
- &config::runtime_config().env.ias_spid,
- )
- .unwrap();
+ let attestation =
+ RemoteAttestation::generate_and_endorse(&config.env.ias_key,
&config.env.ias_spid).unwrap();
let config = SgxTrustedTlsServerConfig::new_without_verifier(
&attestation.cert,
&attestation.private_key,
diff --git a/services/database/enclave/src/lib.rs
b/services/database/enclave/src/lib.rs
index ea1d8bb..5b470ab 100644
--- a/services/database/enclave/src/lib.rs
+++ b/services/database/enclave/src/lib.rs
@@ -55,12 +55,10 @@ use std::thread;
#[handle_ecall]
fn handle_start_service(args: &StartServiceInput) ->
Result<StartServiceOutput> {
debug!("handle_start_service");
+ let config = config::runtime_config();
let listener = std::net::TcpListener::new(args.fd)?;
- let attestation = RemoteAttestation::generate_and_endorse(
- &config::runtime_config().env.ias_key,
- &config::runtime_config().env.ias_spid,
- )
- .unwrap();
+ let attestation =
+ RemoteAttestation::generate_and_endorse(&config.env.ias_key,
&config.env.ias_spid).unwrap();
let config = SgxTrustedTlsServerConfig::new_without_verifier(
&attestation.cert,
&attestation.private_key,
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
