[incubator-teaclave] branch develop updated: [attestation] Supporting passing root_cert and verifier when constructing AttestaionReportVerifier

Mon, 20 Jan 2020 11:06:26 -0800 

This is an automated email from the ASF dual-hosted git repository.

mssun pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/incubator-teaclave.git


The following commit(s) were added to refs/heads/develop by this push:
     new 64c8ad6  [attestation] Supporting passing root_cert and verifier when 
constructing AttestaionReportVerifier
64c8ad6 is described below

commit 64c8ad6a0482be77bc3cef607464ab4cad32f227
Author: Mingshen Sun <[email protected]>
AuthorDate: Mon Jan 20 10:59:03 2020 -0800

    [attestation] Supporting passing root_cert and verifier when constructing 
AttestaionReportVerifier
---
 attestation/src/verifier.rs                               | 15 ++++++++++-----
 rpc/src/config.rs                                         | 13 +++++++++++--
 .../enclave/src/teaclave_authentication_service.rs        | 11 ++++++++---
 3 files changed, 29 insertions(+), 10 deletions(-)

diff --git a/attestation/src/verifier.rs b/attestation/src/verifier.rs
index aee8a8e..62f03c9 100644
--- a/attestation/src/verifier.rs
+++ b/attestation/src/verifier.rs
@@ -19,7 +19,6 @@ use crate::report::AttestationReport;
 use log::{debug, error};
 use std::hash::{Hash, Hasher};
 use std::vec::Vec;
-use teaclave_config::build_config::BUILD_CONFIG;
 use teaclave_types::EnclaveMeasurement;
 
 #[derive(Clone)]
@@ -45,6 +44,7 @@ impl Hash for EnclaveAttr {
 #[derive(Clone)]
 pub struct AttestationReportVerifier {
     pub enclave_attr: EnclaveAttr,
+    pub root_ca: Vec<u8>,
     pub verifier: fn(&AttestationReport) -> bool,
 }
 
@@ -63,15 +63,20 @@ impl Hash for AttestationReportVerifier {
     }
 }
 
-fn universal_quote_verifier(report: &AttestationReport) -> bool {
+pub fn universal_quote_verifier(report: &AttestationReport) -> bool {
     report.sgx_quote_status != crate::report::SgxQuoteStatus::UnknownBadStatus
 }
 
 impl AttestationReportVerifier {
-    pub fn new(enclave_attr: EnclaveAttr) -> Self {
+    pub fn new(
+        enclave_attr: EnclaveAttr,
+        root_ca: &[u8],
+        verifier: fn(&AttestationReport) -> bool,
+    ) -> Self {
         Self {
             enclave_attr,
-            verifier: universal_quote_verifier,
+            root_ca: root_ca.to_vec(),
+            verifier,
         }
     }
 
@@ -95,7 +100,7 @@ impl AttestationReportVerifier {
             return true;
         }
 
-        let report = match AttestationReport::from_cert(&cert_der, 
BUILD_CONFIG.ias_root_ca_cert) {
+        let report = match AttestationReport::from_cert(&cert_der, 
&self.root_ca) {
             Ok(report) => report,
             Err(e) => {
                 error!("{:?}", e);
diff --git a/rpc/src/config.rs b/rpc/src/config.rs
index 3395616..41f6bf1 100644
--- a/rpc/src/config.rs
+++ b/rpc/src/config.rs
@@ -1,6 +1,7 @@
 use anyhow::Result;
 use rustls;
 use std::sync::Arc;
+use teaclave_attestation::report::AttestationReport;
 use teaclave_attestation::verifier::AttestationReportVerifier;
 use teaclave_attestation::verifier::EnclaveAttr;
 
@@ -64,9 +65,17 @@ impl SgxTrustedTlsClientConfig {
         }
     }
 
-    pub fn new_with_attestation_report_verifier(enclave_attr: EnclaveAttr) -> 
Self {
+    pub fn new_with_attestation_report_verifier(
+        enclave_attr: EnclaveAttr,
+        root_ca: &[u8],
+        verifier: fn(&AttestationReport) -> bool,
+    ) -> Self {
         let mut config = rustls::ClientConfig::new();
-        let verifier = Arc::new(AttestationReportVerifier::new(enclave_attr));
+        let verifier = Arc::new(AttestationReportVerifier::new(
+            enclave_attr,
+            root_ca,
+            verifier,
+        ));
 
         config.dangerous().set_certificate_verifier(verifier);
         config.versions.clear();
diff --git 
a/tests/functional_tests/enclave/src/teaclave_authentication_service.rs 
b/tests/functional_tests/enclave/src/teaclave_authentication_service.rs
index 8cf3d70..40c4632 100644
--- a/tests/functional_tests/enclave/src/teaclave_authentication_service.rs
+++ b/tests/functional_tests/enclave/src/teaclave_authentication_service.rs
@@ -1,6 +1,7 @@
 use sgx_tunittest::*;
 use std::prelude::v1::*;
-use teaclave_attestation::verifier::EnclaveAttr;
+use teaclave_attestation::verifier;
+use teaclave_config::build_config::BUILD_CONFIG;
 use teaclave_config::runtime_config::RuntimeConfig;
 use teaclave_proto::teaclave_authentication_service::*;
 use teaclave_proto::teaclave_common::*;
@@ -24,10 +25,14 @@ fn test_login_success() {
         .measurements
         .get("teaclave_authentication_service")
         .expect("authentication");
-    let enclave_attr = EnclaveAttr {
+    let enclave_attr = verifier::EnclaveAttr {
         measures: vec![*measure],
     };
-    let config = 
SgxTrustedTlsClientConfig::new_with_attestation_report_verifier(enclave_attr);
+    let config = 
SgxTrustedTlsClientConfig::new_with_attestation_report_verifier(
+        enclave_attr,
+        BUILD_CONFIG.ias_root_ca_cert,
+        verifier::universal_quote_verifier,
+    );
 
     let channel = Endpoint::new("localhost:7776")
         .config(config)


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to