代码拉取完成,页面将自动刷新
同步操作将从 src-openEuler/secGear 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
From ef49daeec97c51beb3548b3caa6c160079f5ac8d Mon Sep 17 00:00:00 2001
From: houmingyong <houmingyong@huawei.com>
Date: Sat, 27 May 2023 14:22:13 +0800
Subject: [PATCH 1/2] refactor remote attestation
---
component/CMakeLists.txt | 9 +-
component/remote_attest/CMakeLists.txt | 1 -
.../remote_attest/ra_report/CMakeLists.txt | 39 ++--
.../remote_attest/ra_report/gp_ra_helper.c | 136 --------------
.../remote_attest/ra_report/gp_ra_report.c | 169 ++++++++++++++++--
.../remote_attest/ra_report/gp_ra_report.h | 2 +-
.../remote_attest/ra_report/sg_ra_report.c | 26 ++-
.../remote_attest/ra_report/sg_ra_report.h | 13 +-
.../remote_attest/ra_report/sgx_ra_report.c | 38 ++++
.../remote_attest/ra_report/sgx_ra_report.h | 24 +++
.../remote_attest/ra_report/uni_ree_agent.h | 44 +++++
.../remote_attest/ra_verify/CMakeLists.txt | 21 ++-
.../ra_verify/gp_ra_report_verify.c | 19 +-
.../ra_verify/gp_ra_report_verify.h | 8 +-
.../ra_verify/sg_ra_report_verify.c | 18 +-
.../ra_verify/sg_ra_report_verify.h | 7 +-
.../ra_verify/sgx_ra_report_verify.c | 33 ++++
.../ra_verify/sgx_ra_report_verify.h | 30 ++++
.../uni_ra_verify_agent.h} | 31 ++--
component/remote_attest/sg_report_st.h | 14 +-
inc/host_inc/enclave_internal.h | 1 +
inc/host_inc/status.h | 11 ++
src/host_src/enclave_internal.c | 10 ++
thirdparty/base64url/b64/LICENSE | 21 +++
thirdparty/base64url/b64/README.md | 84 +++++++++
thirdparty/base64url/b64/b64.h | 84 +++++++++
thirdparty/base64url/b64/buffer.c | 33 ++++
thirdparty/base64url/b64/decode.c | 117 ++++++++++++
thirdparty/base64url/b64/encode.c | 93 ++++++++++
thirdparty/base64url/b64/notes.md | 10 ++
thirdparty/base64url/base64url.c | 74 ++++++++
thirdparty/base64url/base64url.h | 32 ++++
tools/sign_tool/sign_tool.sh | 4 +-
33 files changed, 1036 insertions(+), 220 deletions(-)
delete mode 100644 component/remote_attest/ra_report/gp_ra_helper.c
create mode 100644 component/remote_attest/ra_report/sgx_ra_report.c
create mode 100644 component/remote_attest/ra_report/sgx_ra_report.h
create mode 100644 component/remote_attest/ra_report/uni_ree_agent.h
create mode 100644 component/remote_attest/ra_verify/sgx_ra_report_verify.c
create mode 100644 component/remote_attest/ra_verify/sgx_ra_report_verify.h
rename component/remote_attest/{ra_report/gp_ra_helper.h => ra_verify/uni_ra_verify_agent.h} (57%)
create mode 100644 thirdparty/base64url/b64/LICENSE
create mode 100644 thirdparty/base64url/b64/README.md
create mode 100644 thirdparty/base64url/b64/b64.h
create mode 100644 thirdparty/base64url/b64/buffer.c
create mode 100644 thirdparty/base64url/b64/decode.c
create mode 100644 thirdparty/base64url/b64/encode.c
create mode 100644 thirdparty/base64url/b64/notes.md
create mode 100644 thirdparty/base64url/base64url.c
create mode 100644 thirdparty/base64url/base64url.h
diff --git a/component/CMakeLists.txt b/component/CMakeLists.txt
index ee0a669..7442334 100644
--- a/component/CMakeLists.txt
+++ b/component/CMakeLists.txt
@@ -8,9 +8,12 @@
# PURPOSE.
# See the Mulan PSL v2 for more details.
+set(LIBRARY_INSTALL ${LOCAL_ROOT_PATH_INSTALL}/usr/lib64)
+
ADD_SUBDIRECTORY(secure_channel)
-if(CC_GP)
- ADD_SUBDIRECTORY(remote_attest)
-endif()
+
+ADD_SUBDIRECTORY(remote_attest)
+
+
diff --git a/component/remote_attest/CMakeLists.txt b/component/remote_attest/CMakeLists.txt
index 0b86c6f..f8ecac7 100644
--- a/component/remote_attest/CMakeLists.txt
+++ b/component/remote_attest/CMakeLists.txt
@@ -14,7 +14,6 @@ ADD_SUBDIRECTORY(ra_verify)
file(GLOB RA_HEADERS ${CMAKE_CURRENT_SOURCE_DIR}/sg_report_st.h
${CMAKE_CURRENT_SOURCE_DIR}/ra_report/sg_ra_report.h
- ${CMAKE_CURRENT_SOURCE_DIR}/ra_report/gp_ra_helper.h
${CMAKE_CURRENT_SOURCE_DIR}/ra_verify/sg_ra_report_verify.h)
install(FILES ${RA_HEADERS}
diff --git a/component/remote_attest/ra_report/CMakeLists.txt b/component/remote_attest/ra_report/CMakeLists.txt
index 6b459d7..548e786 100644
--- a/component/remote_attest/ra_report/CMakeLists.txt
+++ b/component/remote_attest/ra_report/CMakeLists.txt
@@ -8,37 +8,38 @@
# PURPOSE.
# See the Mulan PSL v2 for more details.
-project(sg_ra_report C)
+project(secgear_ra C)
set(TARGET secgear_ra)
-aux_source_directory(. SRC_FILES)
-aux_source_directory(${LOCAL_ROOT_PATH}/thirdparty/cjson/ CJSON_SRC)
-set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIC")
+set(SRC_FILES sg_ra_report.c)
+if(CC_SGX)
+ set(SRC_FILES ${SRC_FILES} sgx_ra_report.c)
+endif()
-if(${CMAKE_VERSION} VERSION_LESS "3.13.0")
- link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
+if(CC_GP)
+ aux_source_directory(${LOCAL_ROOT_PATH}/thirdparty/cjson/ CJSON_SRC)
+ FILE (GLOB_RECURSE BASE64_SRC "${LOCAL_ROOT_PATH}/thirdparty/base64url/*.c")
+ set(SRC_FILES ${SRC_FILES} ${CJSON_SRC} ${BASE64_SRC} gp_ra_report.c)
+ set(INCLUDE_DIR ${SDK_PATH}/include/CA
+ ${LOCAL_ROOT_PATH}/thirdparty/cjson
+ ${LOCAL_ROOT_PATH}/thirdparty/libqca
+ ${LOCAL_ROOT_PATH}/thirdparty/base64url)
+ set(LINK_LIB teec_adaptor)
endif()
+
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIC")
+
include_directories(
- ${CMAKE_CURRENT_BINARY_DIR}
${CMAKE_CURRENT_SOURCE_DIR}
${CMAKE_CURRENT_SOURCE_DIR}/..
${LOCAL_ROOT_PATH}/inc/host_inc
- ${SDK_PATH}/include/CA
- ${LOCAL_ROOT_PATH}/thirdparty/cjson
- ${LOCAL_ROOT_PATH}/thirdparty/libqca
- ${LOCAL_ROOT_PATH}/thirdparty/kunpengsecl/verifier
-)
-add_library(${TARGET} SHARED ${SRC_FILES} ${CJSON_SRC})
-
-if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0")
- target_link_directories(${TARGET} PRIVATE /usr/lib64)
-endif()
+ ${INCLUDE_DIR})
+add_library(${TARGET} SHARED ${SRC_FILES})
-target_link_libraries(${TARGET} teec_adaptor)
-set(LIBRARY_INSTALL ${LOCAL_ROOT_PATH_INSTALL}/usr/lib64)
+target_link_libraries(${TARGET} ${LINK_LIB})
install(TARGETS ${TARGET}
LIBRARY
diff --git a/component/remote_attest/ra_report/gp_ra_helper.c b/component/remote_attest/ra_report/gp_ra_helper.c
deleted file mode 100644
index 80a01e9..0000000
--- a/component/remote_attest/ra_report/gp_ra_helper.c
+++ /dev/null
@@ -1,136 +0,0 @@
-/*
- * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
- * secGear is licensed under the Mulan PSL v2.
- * You can use this software according to the terms and conditions of the Mulan PSL v2.
- * You may obtain a copy of Mulan PSL v2 at:
- * http://license.coscl.org.cn/MulanPSL2
- * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
- * PURPOSE.
- * See the Mulan PSL v2 for more details.
- */
-
-#include "gp_ra_helper.h"
-
-#include <string.h>
-#include "cJSON.h"
-#include "custom_base64url.h"
-#include "enclave_log.h"
-
-void free_gp_ra_buf(cc_ra_buf_t *ra_buf)
-{
- if (ra_buf->buf != NULL) {
- free(ra_buf->buf);
- }
- if (ra_buf != NULL) {
- free(ra_buf);
- }
-}
-
-/* caller need to free (cc_ra_buf_t **in) */
-cc_enclave_result_t gen_provision_no_as_in_buff(cc_ra_buf_t **in)
-{
- cc_enclave_result_t ret = CC_SUCCESS;
- cJSON *in_json = cJSON_CreateObject();
- cJSON_AddStringToObject(in_json, "handler", "provisioning-input");
-
- cJSON *in_payload = cJSON_CreateObject();
- cJSON_AddStringToObject(in_payload, "version", "TEE.RA.1.0");
- cJSON_AddStringToObject(in_payload, "scenario", "sce_no_as");
- cJSON_AddStringToObject(in_payload, "hash_alg", "HS256");
-
- cJSON_AddItemToObject(in_json, "payload", in_payload);
-
- // char *in_buf = cJSON_PrintUnformatted(in_json);
- char *in_buf = cJSON_Print(in_json);
- uint32_t in_buf_len = strlen(in_buf) + 1;
-
- print_debug("provision input json buf:%s\n", in_buf);
-
- cc_ra_buf_t *tmp_ra_buf = calloc(1, sizeof(cc_ra_buf_t));
- if (tmp_ra_buf == NULL) {
- ret = CC_ERROR_RA_MEMORY;
- goto end;
- }
- tmp_ra_buf->buf = calloc(1, in_buf_len);
- if (tmp_ra_buf->buf == NULL) {
- ret = CC_ERROR_RA_MEMORY;
- free(tmp_ra_buf);
- goto end;
- }
- (void)memcpy(tmp_ra_buf->buf, in_buf, in_buf_len);
- tmp_ra_buf->len = in_buf_len;
-
- *in = tmp_ra_buf;
-end:
- cJSON_free(in_buf);
- cJSON_Delete(in_json);
- return ret;
-}
-
-/* caller need to free (cc_ra_buf_t **in) */
-cc_enclave_result_t gen_ra_report_in_buff(gp_get_ra_report_input_t *param, cc_ra_buf_t **json_buf)
-{
- cc_enclave_result_t ret = CC_SUCCESS;
- cJSON *in_json = cJSON_CreateObject();
- cJSON_AddStringToObject(in_json, "handler", "report-input");
-
- char b64_nonce[MAX_NONCE_BUF_LEN] = {0};
- int b64_nonce_len = MAX_NONCE_BUF_LEN;
- base64urlencode(param->nonce, param->nonce_len, (uint8_t *)b64_nonce, &b64_nonce_len);
- print_debug("nonce_buf_len:%d, nonce_buf:%s\n", b64_nonce_len, b64_nonce);
-
- cJSON *in_payload = cJSON_CreateObject();
- cJSON_AddStringToObject(in_payload, "version", "TEE.RA.1.0");
- cJSON_AddStringToObject(in_payload, "nonce", b64_nonce);
- cJSON_AddStringToObject(in_payload, "uuid", (char *)param->uuid);
- cJSON_AddStringToObject(in_payload, "hash_alg", "HS256");
- cJSON_AddBoolToObject(in_payload, "with_tcb", param->with_tcb);
-
- cJSON_AddItemToObject(in_json, "payload", in_payload);
-
- // char *in_buf = cJSON_PrintUnformatted(in_json);
- char *in_buf = cJSON_Print(in_json);
- uint32_t in_buf_len = strlen(in_buf) + 1;
-
- print_debug("get ra report input json buf:%s\n", in_buf);
-
- cc_ra_buf_t *tmp_ra_buf = calloc(1, sizeof(cc_ra_buf_t));
- if (tmp_ra_buf == NULL) {
- ret = CC_ERROR_RA_MEMORY;
- goto end;
- }
- tmp_ra_buf->buf = calloc(1, in_buf_len);
- if (tmp_ra_buf->buf == NULL) {
- ret = CC_ERROR_RA_MEMORY;
- free(tmp_ra_buf);
- goto end;
- }
- (void)memcpy(tmp_ra_buf->buf, in_buf, in_buf_len);
- tmp_ra_buf->len = in_buf_len;
-
- *json_buf = (cc_ra_buf_t *)tmp_ra_buf;
-end:
- cJSON_free(in_buf);
- cJSON_Delete(in_json);
- return ret;
-}
-
-void print_ra_report(cc_ra_buf_t *report)
-{
- cJSON *cj_report = cJSON_ParseWithLength((char *)report->buf, report->len);
- if (cj_report == NULL) {
- print_debug("cjson parse report error!\n");
- return;
- }
- char *str_report = cJSON_Print(cj_report);
-
- print_debug("report:%s\n", str_report);
-
- cJSON_free(str_report);
- cJSON_Delete(cj_report);
- return;
-}
-
-
-
diff --git a/component/remote_attest/ra_report/gp_ra_report.c b/component/remote_attest/ra_report/gp_ra_report.c
index dd02d7d..978127a 100644
--- a/component/remote_attest/ra_report/gp_ra_report.c
+++ b/component/remote_attest/ra_report/gp_ra_report.c
@@ -13,12 +13,142 @@
#include "gp_ra_report.h"
#include <stdlib.h>
-#include "gp_ra_helper.h"
+#include <string.h>
#include "ra_client_api.h"
#include "enclave_log.h"
+#include "cJSON.h"
+#include "base64url.h"
-#define TEST_REPORT_OUT_LEN 0x3000
-cc_enclave_result_t gp_ra_provision_no_as()
+#include "uni_ree_agent.h"
+
+static void free_cc_ra_buf(cc_ra_buf_t *ra_buf)
+{
+ if (ra_buf == NULL) {
+ return;
+ }
+ if (ra_buf->buf != NULL) {
+ free(ra_buf->buf);
+ }
+
+ free(ra_buf);
+ return;
+}
+
+/* caller need to free (cc_ra_buf_t **in) */
+static cc_enclave_result_t gen_provision_no_as_in_buff(cc_ra_buf_t **in)
+{
+ if (in == NULL) {
+ return CC_ERROR_BAD_PARAMETERS;
+ }
+ cc_enclave_result_t ret = CC_SUCCESS;
+ cJSON *in_json = cJSON_CreateObject();
+ cJSON_AddStringToObject(in_json, "handler", "provisioning-input");
+
+ cJSON *in_payload = cJSON_CreateObject();
+ cJSON_AddStringToObject(in_payload, "version", "TEE.RA.1.0");
+ cJSON_AddStringToObject(in_payload, "scenario", "sce_no_as");
+ cJSON_AddStringToObject(in_payload, "hash_alg", "HS256");
+
+ cJSON_AddItemToObject(in_json, "payload", in_payload);
+
+ char *in_buf = cJSON_PrintUnformatted(in_json);
+ uint32_t in_buf_len = strlen(in_buf) + 1;
+
+ cc_ra_buf_t *tmp_ra_buf = calloc(1, sizeof(cc_ra_buf_t));
+ if (tmp_ra_buf == NULL) {
+ ret = CC_ERROR_RA_MEMORY;
+ goto end;
+ }
+ tmp_ra_buf->buf = calloc(1, in_buf_len);
+ if (tmp_ra_buf->buf == NULL) {
+ ret = CC_ERROR_RA_MEMORY;
+ free(tmp_ra_buf);
+ goto end;
+ }
+ (void)memcpy(tmp_ra_buf->buf, in_buf, in_buf_len);
+ tmp_ra_buf->len = in_buf_len;
+
+ *in = tmp_ra_buf;
+end:
+ cJSON_free(in_buf);
+ cJSON_Delete(in_json);
+ return ret;
+}
+
+/* caller need to free (cc_ra_buf_t **in) */
+static cc_enclave_result_t gen_ra_report_in_buff(cc_get_ra_report_input_t *param, cc_ra_buf_t **json_buf)
+{
+ if (param == NULL || param->taid == NULL || json_buf == NULL) {
+ return CC_ERROR_BAD_PARAMETERS;
+ }
+ cc_enclave_result_t ret = CC_SUCCESS;
+ cJSON *in_json = cJSON_CreateObject();
+ cJSON_AddStringToObject(in_json, "handler", "report-input");
+
+ size_t b64_nonce_len = 0;
+ char *b64_nonce = kpsecl_base64urlencode(param->nonce, param->nonce_len, &b64_nonce_len);
+
+ cJSON *in_payload = cJSON_CreateObject();
+ cJSON_AddStringToObject(in_payload, "version", "TEE.RA.1.0");
+ cJSON_AddStringToObject(in_payload, "nonce", b64_nonce);
+ free(b64_nonce);
+ cJSON_AddStringToObject(in_payload, "uuid", (char *)param->taid);
+ cJSON_AddStringToObject(in_payload, "hash_alg", "HS256");
+ cJSON_AddBoolToObject(in_payload, "with_tcb", param->with_tcb);
+ if (param->req_key) {
+ cJSON_AddBoolToObject(in_payload, "request_key", param->req_key);
+ }
+
+ cJSON_AddItemToObject(in_json, "payload", in_payload);
+
+ char *in_buf = cJSON_PrintUnformatted(in_json);
+ uint32_t in_buf_len = strlen(in_buf) + 1;
+
+ print_debug("get ra report input json buf:%s\n", in_buf);
+
+ cc_ra_buf_t *tmp_ra_buf = calloc(1, sizeof(cc_ra_buf_t));
+ if (tmp_ra_buf == NULL) {
+ ret = CC_ERROR_RA_MEMORY;
+ goto end;
+ }
+ tmp_ra_buf->buf = calloc(1, in_buf_len);
+ if (tmp_ra_buf->buf == NULL) {
+ ret = CC_ERROR_RA_MEMORY;
+ free(tmp_ra_buf);
+ goto end;
+ }
+ (void)memcpy(tmp_ra_buf->buf, in_buf, in_buf_len);
+ tmp_ra_buf->len = in_buf_len;
+
+ *json_buf = (cc_ra_buf_t *)tmp_ra_buf;
+end:
+ cJSON_free(in_buf);
+ cJSON_Delete(in_json);
+ return ret;
+}
+
+static void print_ra_report(cc_ra_buf_t *report)
+{
+ if (report == NULL || report->buf == NULL) {
+ return;
+ }
+ cJSON *cj_report = cJSON_ParseWithLength((char *)report->buf, report->len);
+ if (cj_report == NULL) {
+ // print_debug("cjson parse report error!\n");
+ return;
+ }
+ char *str_report = cJSON_Print(cj_report);
+
+ print_debug("report:%s\n", str_report);
+ print_debug("report len:%u, str_len:%lu\n", report->len, strlen(str_report));
+
+ cJSON_free(str_report);
+ cJSON_Delete(cj_report);
+ return;
+}
+
+#define PROVISION_OUT_LEN 0x3000
+static cc_enclave_result_t gp_ra_provision_no_as()
{
cc_ra_buf_t *in = NULL;
cc_enclave_result_t ret;
@@ -27,11 +157,11 @@ cc_enclave_result_t gp_ra_provision_no_as()
if (ret != CC_SUCCESS) {
return ret;
}
- uint8_t data[TEST_REPORT_OUT_LEN] = {0};
- cc_ra_buf_t report = {TEST_REPORT_OUT_LEN, data};
+ uint8_t data[PROVISION_OUT_LEN] = {0};
+ cc_ra_buf_t out = {PROVISION_OUT_LEN, data};
- TEEC_Result gp_ret = RemoteAttest((struct ra_buffer_data *)in, (struct ra_buffer_data *)&report);
- free_gp_ra_buf(in);
+ TEEC_Result gp_ret = RemoteAttest((struct ra_buffer_data *)in, (struct ra_buffer_data *)&out);
+ free_cc_ra_buf(in);
if (gp_ret != TEEC_SUCCESS) {
print_error_term("gp ra provision no as failed ret:%x\n", gp_ret);
@@ -44,7 +174,7 @@ cc_enclave_result_t gp_ra_provision_no_as()
cc_enclave_result_t gp_prepare_ra_env(cc_ra_scenario_t scenario)
{
cc_enclave_result_t ret = CC_SUCCESS;
- switch(scenario) {
+ switch (scenario) {
case CC_RA_SCENARIO_NO_AS:
ret = gp_ra_provision_no_as();
break;
@@ -54,16 +184,31 @@ cc_enclave_result_t gp_prepare_ra_env(cc_ra_scenario_t scenario)
return ret;
}
-cc_enclave_result_t gp_get_ra_report(cc_ra_buf_t *in, cc_ra_buf_t *report)
+cc_enclave_result_t gp_get_ra_report(cc_get_ra_report_input_t *in, cc_ra_buf_t *report)
{
- TEEC_Result gp_ret = RemoteAttest((struct ra_buffer_data *)in, (struct ra_buffer_data *)report);
+ cc_ra_buf_t *ra_buf_in = NULL;
+ cc_enclave_result_t ret = gen_ra_report_in_buff(in, &ra_buf_in);
+ if (ret != CC_SUCCESS) {
+ print_error_term("gen ra report ra buf in failed\n");
+ return CC_FAIL;
+ }
+ TEEC_Result gp_ret = RemoteAttest((struct ra_buffer_data *)ra_buf_in, (struct ra_buffer_data *)report);
+ free_cc_ra_buf(ra_buf_in);
if (gp_ret != TEEC_SUCCESS) {
print_error_term("get ra report failed, ret:%x\n", gp_ret);
return CC_ERROR_RA_GET_REPORT;
}
+ print_ra_report(report);
return CC_SUCCESS;
}
-
-
+uni_ree_agent_t g_gp_agent = {
+ .tee_type = CC_TEE_TYPE_GP,
+ .prepare_ra_env = gp_prepare_ra_env,
+ .get_ra_report = gp_get_ra_report,
+};
+static __attribute__((constructor)) void gp_register_ree_agent()
+{
+ cc_register_ree_agent(&g_gp_agent);
+}
\ No newline at end of file
diff --git a/component/remote_attest/ra_report/gp_ra_report.h b/component/remote_attest/ra_report/gp_ra_report.h
index 9d02ce3..ed58bb0 100644
--- a/component/remote_attest/ra_report/gp_ra_report.h
+++ b/component/remote_attest/ra_report/gp_ra_report.h
@@ -18,7 +18,7 @@
cc_enclave_result_t gp_prepare_ra_env(cc_ra_scenario_t scenario);
-cc_enclave_result_t gp_get_ra_report(cc_ra_buf_t *in, cc_ra_buf_t *report);
+cc_enclave_result_t gp_get_ra_report(cc_get_ra_report_input_t *in, cc_ra_buf_t *report);
#endif
diff --git a/component/remote_attest/ra_report/sg_ra_report.c b/component/remote_attest/ra_report/sg_ra_report.c
index 1cc4bdc..21ad417 100644
--- a/component/remote_attest/ra_report/sg_ra_report.c
+++ b/component/remote_attest/ra_report/sg_ra_report.c
@@ -9,18 +9,30 @@
* PURPOSE.
* See the Mulan PSL v2 for more details.
*/
+#include "sg_ra_report.h"
+#include "uni_ree_agent.h"
-#include "gp_ra_report.h"
-
+static uni_ree_agent_t *g_ree_agent = NULL;
cc_enclave_result_t cc_prepare_ra_env(cc_ra_scenario_t scenario)
{
- return gp_prepare_ra_env(scenario);
+ if (g_ree_agent == NULL) {
+ return CC_ERROR_REE_AGENT_NOT_INIT;
+ }
+ return g_ree_agent->prepare_ra_env(scenario);
}
-cc_enclave_result_t cc_get_ra_report(cc_ra_buf_t *in, cc_ra_buf_t *report)
+cc_enclave_result_t cc_get_ra_report(cc_get_ra_report_input_t *in, cc_ra_buf_t *report)
{
- return gp_get_ra_report(in, report);
+ if (in == NULL || in->taid == NULL || report == NULL || report->buf == NULL) {
+ return CC_ERROR_BAD_PARAMETERS;
+ }
+ if (g_ree_agent == NULL) {
+ return CC_ERROR_REE_AGENT_NOT_INIT;
+ }
+ return g_ree_agent->get_ra_report(in, report);
}
-
-
+void cc_register_ree_agent(uni_ree_agent_t *agent)
+{
+ g_ree_agent = agent;
+}
diff --git a/component/remote_attest/ra_report/sg_ra_report.h b/component/remote_attest/ra_report/sg_ra_report.h
index 960cb02..f3294c5 100644
--- a/component/remote_attest/ra_report/sg_ra_report.h
+++ b/component/remote_attest/ra_report/sg_ra_report.h
@@ -24,8 +24,17 @@ extern "C" {
CC_API_SPEC cc_enclave_result_t cc_prepare_ra_env(cc_ra_scenario_t scenario);
-CC_API_SPEC cc_enclave_result_t cc_get_ra_report(cc_ra_buf_t *in, cc_ra_buf_t *report);
-
+/**
+* get remote attestation report
+*
+* @param[in] in, bytes of input
+*
+* @param[out] report, remote attestion report, 0x3000 =< len < 0x100000
+*
+* @retval, On success, return 0.
+* On error, cc_enclave_result_t errorno is returned.
+*/
+CC_API_SPEC cc_enclave_result_t cc_get_ra_report(cc_get_ra_report_input_t *in, cc_ra_buf_t *report);
#ifdef __cplusplus
}
diff --git a/component/remote_attest/ra_report/sgx_ra_report.c b/component/remote_attest/ra_report/sgx_ra_report.c
new file mode 100644
index 0000000..8d02fc3
--- /dev/null
+++ b/component/remote_attest/ra_report/sgx_ra_report.c
@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+ * secGear is licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+
+#include "sgx_ra_report.h"
+#include "uni_ree_agent.h"
+
+cc_enclave_result_t sgx_prepare_ra_env(cc_ra_scenario_t scenario)
+{
+ (void)scenario;
+ return CC_SUCCESS;
+}
+
+cc_enclave_result_t sgx_get_ra_report(cc_get_ra_report_input_t *in, cc_ra_buf_t *report)
+{
+ (void)in;
+ (void)report;
+
+ return CC_SUCCESS;
+}
+
+uni_ree_agent_t g_sgx_agent = {
+ .tee_type = CC_TEE_TYPE_SGX,
+ .prepare_ra_env = sgx_prepare_ra_env,
+ .get_ra_report = sgx_get_ra_report,
+};
+static __attribute__((constructor)) void sgx_register_ree_agent()
+{
+ cc_register_ree_agent(&g_sgx_agent);
+}
\ No newline at end of file
diff --git a/component/remote_attest/ra_report/sgx_ra_report.h b/component/remote_attest/ra_report/sgx_ra_report.h
new file mode 100644
index 0000000..d9a33cc
--- /dev/null
+++ b/component/remote_attest/ra_report/sgx_ra_report.h
@@ -0,0 +1,24 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+ * secGear is licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+
+#ifndef SECGEAR_SGX_RA_REPORT_H
+#define SECGEAR_SGX_RA_REPORT_H
+
+#include "status.h"
+#include "sg_report_st.h"
+
+cc_enclave_result_t sgx_prepare_ra_env(cc_ra_scenario_t scenario);
+
+cc_enclave_result_t sgx_get_ra_report(cc_get_ra_report_input_t *in, cc_ra_buf_t *report);
+
+#endif
+
diff --git a/component/remote_attest/ra_report/uni_ree_agent.h b/component/remote_attest/ra_report/uni_ree_agent.h
new file mode 100644
index 0000000..65a46d1
--- /dev/null
+++ b/component/remote_attest/ra_report/uni_ree_agent.h
@@ -0,0 +1,44 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+ * secGear is licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+
+#ifndef SECGEAR_UNI_REE_AGENT_H
+#define SECGEAR_UNI_REE_AGENT_H
+
+#include <stdint.h>
+#include "status.h"
+#include "sg_report_st.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef cc_enclave_result_t (*uni_prepare_ra_env_proc_t)(cc_ra_scenario_t scenario);
+typedef cc_enclave_result_t (*uni_get_ra_report_proc_t)(cc_get_ra_report_input_t *in, cc_ra_buf_t *report);
+
+typedef enum {
+ CC_TEE_TYPE_GP,
+ CC_TEE_TYPE_SGX,
+} cc_tee_type_t;
+
+typedef struct {
+ cc_tee_type_t tee_type;
+ uni_prepare_ra_env_proc_t prepare_ra_env;
+ uni_get_ra_report_proc_t get_ra_report;
+} uni_ree_agent_t;
+
+void cc_register_ree_agent(uni_ree_agent_t *agent);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/component/remote_attest/ra_verify/CMakeLists.txt b/component/remote_attest/ra_verify/CMakeLists.txt
index fc92d9c..53707b1 100644
--- a/component/remote_attest/ra_verify/CMakeLists.txt
+++ b/component/remote_attest/ra_verify/CMakeLists.txt
@@ -13,10 +13,21 @@ project(sg_ra_verify C)
set(TARGET secgear_verify)
aux_source_directory(. SRC_FILES)
+set(SRC_FILES sg_ra_report_verify.c)
+if(CC_SGX)
+set(SRC_FILES ${SRC_FILES} sgx_ra_report_verify.c)
+endif()
+
+if(CC_GP)
+ set(SRC_FILES ${SRC_FILES} gp_ra_report_verify.c)
+ set(INCLUDE_DIR ${LOCAL_ROOT_PATH}/thirdparty/kunpengsecl/verifier)
+ #set(LINK_LIB teeverifier)
+endif()
+
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIC")
if(${CMAKE_VERSION} VERSION_LESS "3.13.0")
- link_directories(/usr/lib64)
+ link_directories(/usr/local/lib)
endif()
include_directories(
@@ -24,17 +35,15 @@ include_directories(
${CMAKE_CURRENT_SOURCE_DIR}
${CMAKE_CURRENT_SOURCE_DIR}/..
${LOCAL_ROOT_PATH}/inc/host_inc
- ${LOCAL_ROOT_PATH}/thirdparty/kunpengsecl/verifier
+ ${INCLUDE_DIR}
)
add_library(${TARGET} SHARED ${SRC_FILES})
if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0")
- target_link_directories(${TARGET} PRIVATE /usr/lib64)
+ target_link_directories(${TARGET} PRIVATE /usr/local/lib)
endif()
-target_link_libraries(${TARGET})
-
-set(LIBRARY_INSTALL ${LOCAL_ROOT_PATH_INSTALL}/usr/lib64)
+target_link_libraries(${TARGET} ${LINK_LIB})
install(TARGETS ${TARGET}
LIBRARY
diff --git a/component/remote_attest/ra_verify/gp_ra_report_verify.c b/component/remote_attest/ra_verify/gp_ra_report_verify.c
index 0917f7a..76debb4 100644
--- a/component/remote_attest/ra_verify/gp_ra_report_verify.c
+++ b/component/remote_attest/ra_verify/gp_ra_report_verify.c
@@ -15,19 +15,22 @@
#include "teeverifier.h"
#include "enclave_log.h"
+#include "uni_ra_verify_agent.h"
+
int convert_cctype_to_gptype(cc_ra_verify_type_t type)
{
// gp type, 1: compare image hash; 2: compare mem hash; 3: compare image and mem hash
if (type == CC_RA_VERIFY_TYPE_LOOSE) {
- return 1;
+ return 1;
} else if (type == CC_RA_VERIFY_TYPE_STRICT) {
- return 3;
+ return 3; // 3: compare image and mem hash
} else {
return CC_ERROR_RA_REPORT_VERIFY_INVALID_TYPE;
}
}
-cc_enclave_result_t gp_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce, cc_ra_verify_type_t type, char *basevalue)
+cc_enclave_result_t gp_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce,
+ cc_ra_verify_type_t type, char *basevalue)
{
int gp_type = convert_cctype_to_gptype(type);
if (gp_type == (int)CC_ERROR_RA_REPORT_VERIFY_INVALID_TYPE) {
@@ -44,7 +47,15 @@ cc_enclave_result_t gp_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce, cc
case TVS_VERIFIED_HASH_FAILED:
return CC_ERROR_RA_REPORT_VERIFY_HASH;
default:
- print_debug("verify report failed, unknown errorcode:%d!\n", ret);
+ printf("verify report failed, unknown errorcode:%d!\n", ret);
}
return ret;
+}
+
+uni_ra_verify_agent_t g_gp_ra_verify_agent = {
+ .verify_ra_report = gp_verify_report,
+};
+static __attribute__((constructor)) void gp_register_ra_agent()
+{
+ cc_register_ra_verify_agent(&g_gp_ra_verify_agent);
}
\ No newline at end of file
diff --git a/component/remote_attest/ra_verify/gp_ra_report_verify.h b/component/remote_attest/ra_verify/gp_ra_report_verify.h
index ffd8387..68a7c38 100644
--- a/component/remote_attest/ra_verify/gp_ra_report_verify.h
+++ b/component/remote_attest/ra_verify/gp_ra_report_verify.h
@@ -10,18 +10,18 @@
* See the Mulan PSL v2 for more details.
*/
-#ifndef SECGEAR_GP_VERIFY_REPORT_H
-#define SECGEAR_GP_VERIFY_REPORT_H
+#ifndef SECGEAR_GP_RA_REPORT_VERIFY_H
+#define SECGEAR_GP_RA_REPORT_VERIFY_H
#include "status.h"
-#include "secgear_defs.h"
#include "sg_report_st.h"
#ifdef __cplusplus
extern "C" {
#endif
-CC_API_SPEC cc_enclave_result_t gp_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce, cc_ra_verify_type_t type, char *basevalue);
+cc_enclave_result_t gp_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce,
+ cc_ra_verify_type_t type, char *basevalue);
#ifdef __cplusplus
}
diff --git a/component/remote_attest/ra_verify/sg_ra_report_verify.c b/component/remote_attest/ra_verify/sg_ra_report_verify.c
index 63f26c4..b85615b 100644
--- a/component/remote_attest/ra_verify/sg_ra_report_verify.c
+++ b/component/remote_attest/ra_verify/sg_ra_report_verify.c
@@ -10,11 +10,23 @@
* See the Mulan PSL v2 for more details.
*/
-#include "gp_ra_report_verify.h"
+#include "sg_ra_report_verify.h"
+#include "uni_ra_verify_agent.h"
-#include "enclave_log.h"
+static uni_ra_verify_agent_t *g_ra_agent = NULL;
cc_enclave_result_t cc_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce, cc_ra_verify_type_t type, char *basevalue)
{
- return gp_verify_report(report, nonce, type, basevalue);
+ if (report == NULL || report->buf == NULL || nonce == NULL || nonce->buf == NULL || basevalue == NULL) {
+ return CC_ERROR_BAD_PARAMETERS;
+ }
+ if (g_ra_agent == NULL) {
+ return CC_ERROR_RA_VERIFY_AGENT_NOT_INIT;
+ }
+ return g_ra_agent->verify_ra_report(report, nonce, type, basevalue);
+}
+
+void cc_register_ra_verify_agent(uni_ra_verify_agent_t *agent)
+{
+ g_ra_agent = agent;
}
\ No newline at end of file
diff --git a/component/remote_attest/ra_verify/sg_ra_report_verify.h b/component/remote_attest/ra_verify/sg_ra_report_verify.h
index 92ca953..b566cef 100644
--- a/component/remote_attest/ra_verify/sg_ra_report_verify.h
+++ b/component/remote_attest/ra_verify/sg_ra_report_verify.h
@@ -10,8 +10,8 @@
* See the Mulan PSL v2 for more details.
*/
-#ifndef SECGEAR_VERIFY_REPORT_H
-#define SECGEAR_VERIFY_REPORT_H
+#ifndef SECGEAR_RA_VERIFY_REPORT_H
+#define SECGEAR_RA_VERIFY_REPORT_H
#include "status.h"
#include "secgear_defs.h"
@@ -21,7 +21,8 @@
extern "C" {
#endif
-CC_API_SPEC cc_enclave_result_t cc_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce, cc_ra_verify_type_t type, char *basevalue);
+CC_API_SPEC cc_enclave_result_t cc_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce,
+ cc_ra_verify_type_t type, char *basevalue);
#ifdef __cplusplus
}
diff --git a/component/remote_attest/ra_verify/sgx_ra_report_verify.c b/component/remote_attest/ra_verify/sgx_ra_report_verify.c
new file mode 100644
index 0000000..0e2e81f
--- /dev/null
+++ b/component/remote_attest/ra_verify/sgx_ra_report_verify.c
@@ -0,0 +1,33 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+ * secGear is licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+
+#include "sgx_ra_report_verify.h"
+
+#include "uni_ra_verify_agent.h"
+
+cc_enclave_result_t sgx_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce,
+ cc_ra_verify_type_t type, char *basevalue)
+{
+ (void)report;
+ (void)nonce;
+ (void)type;
+ (void)basevalue;
+ return CC_SUCCESS;
+}
+
+uni_ra_verify_agent_t g_sgx_ra_verify_agent = {
+ .verify_ra_report = sgx_verify_report,
+};
+static __attribute__((constructor)) void gp_register_ra_agent()
+{
+ cc_register_ra_verify_agent(&g_sgx_ra_verify_agent);
+}
\ No newline at end of file
diff --git a/component/remote_attest/ra_verify/sgx_ra_report_verify.h b/component/remote_attest/ra_verify/sgx_ra_report_verify.h
new file mode 100644
index 0000000..773f484
--- /dev/null
+++ b/component/remote_attest/ra_verify/sgx_ra_report_verify.h
@@ -0,0 +1,30 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+ * secGear is licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+
+#ifndef SECGEAR_SGX_RA_REPORT_VERIFY_H
+#define SECGEAR_SGX_RA_REPORT_VERIFY_H
+
+#include "status.h"
+#include "sg_report_st.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+cc_enclave_result_t sgx_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce,
+ cc_ra_verify_type_t type, char *basevalue);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/component/remote_attest/ra_report/gp_ra_helper.h b/component/remote_attest/ra_verify/uni_ra_verify_agent.h
similarity index 57%
rename from component/remote_attest/ra_report/gp_ra_helper.h
rename to component/remote_attest/ra_verify/uni_ra_verify_agent.h
index 6bee143..d1e1995 100644
--- a/component/remote_attest/ra_report/gp_ra_helper.h
+++ b/component/remote_attest/ra_verify/uni_ra_verify_agent.h
@@ -10,25 +10,28 @@
* See the Mulan PSL v2 for more details.
*/
-#ifndef SECGEAR_RA_HELPER_H
-#define SECGEAR_RA_HELPER_H
+#ifndef SECGEAR_UNI_RA_VERIFY_AGENT_H
+#define SECGEAR_UNI_RA_VERIFY_AGENT_H
#include <stdint.h>
-#include <stdbool.h>
#include "status.h"
#include "sg_report_st.h"
-#define MAX_NONCE_BUF_LEN 512
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef cc_enclave_result_t (*uni_ra_report_verify_proc_t)(cc_ra_buf_t *report, cc_ra_buf_t *nonce,
+ cc_ra_verify_type_t type, char *basevalue);
+
typedef struct {
- uint8_t *uuid;
- uint32_t nonce_len;
- uint8_t nonce[MAX_NONCE_BUF_LEN];
- bool with_tcb;
-} gp_get_ra_report_input_t;
-
-cc_enclave_result_t gen_provision_no_as_in_buff(cc_ra_buf_t **in);
-cc_enclave_result_t gen_ra_report_in_buff(gp_get_ra_report_input_t *param, cc_ra_buf_t **json_buf);
-void print_ra_report(cc_ra_buf_t *report);
-void free_gp_ra_buf(cc_ra_buf_t *ra_buf);
+ uni_ra_report_verify_proc_t verify_ra_report;
+} uni_ra_verify_agent_t;
+
+void cc_register_ra_verify_agent(uni_ra_verify_agent_t *agent);
+
+#ifdef __cplusplus
+}
#endif
+#endif
diff --git a/component/remote_attest/sg_report_st.h b/component/remote_attest/sg_report_st.h
index 89ee25a..d15a7f9 100644
--- a/component/remote_attest/sg_report_st.h
+++ b/component/remote_attest/sg_report_st.h
@@ -14,20 +14,19 @@
#define SECGEAR_REPORT_STRUCT_H
#include <stdint.h>
+#include <stdbool.h>
#ifdef __cplusplus
extern "C" {
#endif
-typedef struct cc_ra_buf {
+typedef struct {
uint32_t len;
uint8_t *buf;
} cc_ra_buf_t;
typedef enum {
CC_RA_SCENARIO_NO_AS,
- // CC_RA_SCENARIO_AS_NO_DAA,
- // CC_RA_SCENARIO_AS_WITH_DAA
} cc_ra_scenario_t;
typedef enum {
@@ -36,6 +35,15 @@ typedef enum {
CC_RA_VERIFY_TYPE_MAX
} cc_ra_verify_type_t;
+#define MAX_NONCE_BUF_LEN 512
+typedef struct {
+ uint8_t *taid;
+ uint32_t nonce_len;
+ uint8_t nonce[MAX_NONCE_BUF_LEN];
+ bool with_tcb;
+ bool req_key;
+} cc_get_ra_report_input_t;
+
#ifdef __cplusplus
}
#endif
diff --git a/inc/host_inc/enclave_internal.h b/inc/host_inc/enclave_internal.h
index a66d1a3..fa0cbf4 100644
--- a/inc/host_inc/enclave_internal.h
+++ b/inc/host_inc/enclave_internal.h
@@ -141,6 +141,7 @@ uint32_t check_node_exists_add(const struct list_ops_desc *node);
cc_enclave_result_t conversion_res_status(uint32_t enclave_res, enclave_type_version_t type_version);
+CC_API_SPEC bool is_support_remote_attest(cc_enclave_t *context);
# ifdef __cplusplus
}
# endif
diff --git a/inc/host_inc/status.h b/inc/host_inc/status.h
index ea7b93b..56f4da4 100644
--- a/inc/host_inc/status.h
+++ b/inc/host_inc/status.h
@@ -86,6 +86,9 @@ typedef enum _enclave_result_t
CC_ERROR_RA_REPORT_VERIFY_SIGNATURE,
CC_ERROR_RA_REPORT_VERIFY_HASH,
CC_ERROR_RA_REPORT_VERIFY_INVALID_TYPE,
+
+ CC_ERROR_REE_AGENT_NOT_INIT,
+ CC_ERROR_RA_VERIFY_AGENT_NOT_INIT,
/* secure channel */
CC_ERROR_SEC_CHL_INVALID_CONN, /* invalid connection */
CC_ERROR_SEC_CHL_LEN_NOT_ENOUGH, /* the buf length to store secure channle encrypt/decrypt is not enough */
@@ -96,6 +99,7 @@ typedef enum _enclave_result_t
CC_ERROR_SEC_CHL_WAITING_RECV_MSG,
CC_ERROR_SEC_CHL_RECV_MSG_LEN_INVALID,
CC_ERROR_SEC_CHL_GET_SVR_PUBKEY,
+ CC_ERROR_SEC_CHL_PARSE_SVR_PUBKEY,
CC_ERROR_SEC_CHL_GET_PEER_EXCH_PARAM,
CC_ERROR_SEC_CHL_VERIFY_PEER_EXCH_BUF_SIGNATURE,
CC_ERROR_SEC_CHL_INVALID_EXCH_BUF,
@@ -110,6 +114,13 @@ typedef enum _enclave_result_t
CC_ERROR_SEC_CHL_SVR_INIT,
CC_ERROR_SEC_CHL_NOTREADY,
CC_ERROR_SEC_CHL_CLI_NUM_EXCEED_MAX_LIMIT, // client num exceed max limit
+ CC_ERROR_SEC_CHL_INIT_GET_TAID,
+ CC_ERROR_SEC_CHL_GET_RA_REPORT,
+ CC_ERROR_SEC_CHL_INIT_VERIFY_REPORT,
+ CC_ERROR_SEC_CHL_INVALID_REPORT,
+ CC_ERROR_SEC_CHL_ENCLAVE_UNSEAL_ENC_KEY,
+ CC_ERROR_SEC_CHL_INVALID_SESSION,
+ CC_ERROR_SEC_CHL_INIT_SESSEION,
CC_ERROR_OTRP_BASE = 0x80000100, /* sec file config source is not inconsistent with the loading mode. */
CC_ERROR_STORAGE_EIO = 0x80001001, /* *<安全存储I/O错误 */
diff --git a/src/host_src/enclave_internal.c b/src/host_src/enclave_internal.c
index abe121e..24fb95d 100644
--- a/src/host_src/enclave_internal.c
+++ b/src/host_src/enclave_internal.c
@@ -406,3 +406,13 @@ uint32_t check_node_exists_add(const struct list_ops_desc *node)
}
return res;
}
+
+bool is_support_remote_attest(cc_enclave_t *context)
+{
+ if (context->list_ops_node != NULL) {
+ if (context->list_ops_node->ops_desc->type_version == GP_ENCLAVE_TYPE_0) {
+ return true;
+ }
+ }
+ return false;
+}
diff --git a/thirdparty/base64url/b64/LICENSE b/thirdparty/base64url/b64/LICENSE
new file mode 100644
index 0000000..78b34d5
--- /dev/null
+++ b/thirdparty/base64url/b64/LICENSE
@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2014 Little Star Media, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
\ No newline at end of file
diff --git a/thirdparty/base64url/b64/README.md b/thirdparty/base64url/b64/README.md
new file mode 100644
index 0000000..0555c0d
--- /dev/null
+++ b/thirdparty/base64url/b64/README.md
@@ -0,0 +1,84 @@
+b64.c
+=====
+
+Base64 encode/decode
+
+## install
+
+```sh
+$ clib install jwerle/b64.c
+```
+
+## usage
+
+```c
+#include <b64/b64.h>
+```
+
+or
+
+```c
+#include <b64.h>
+```
+
+## example
+
+```c
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "b64.h"
+
+int
+main (void) {
+ unsigned char *str = "brian the monkey and bradley the kinkajou are friends";
+ char *enc = b64_encode(str, strlen(str));
+
+ printf("%s\n", enc); // YnJpYW4gdGhlIG1vbmtleSBhbmQgYnJhZGxleSB0aGUga2lua2Fqb3UgYXJlIGZyaWVuZHM=
+
+ char *dec = b64_decode(enc, strlen(enc));
+
+ printf("%s\n", dec); // brian the monkey and bradley the kinkajou are friends
+ free(enc);
+ free(dec);
+ return 0;
+}
+```
+
+## api
+
+Base64 index table
+
+```c
+
+static const char b64_table[] = {
+ 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H',
+ 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P',
+ 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X',
+ 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f',
+ 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n',
+ 'o', 'p', 'q', 'r', 's', 't', 'u', 'v',
+ 'w', 'x', 'y', 'z', '0', '1', '2', '3',
+ '4', '5', '6', '7', '8', '9', '+', '/'
+};
+```
+
+Encode `unsigned char *` source with `size_t` size.
+Returns a `char *` base64 encoded string
+
+```c
+char *
+b64_encode (const unsigned char *, size_t);
+```
+
+Decode `char *` source with `size_t` size.
+Returns a `unsigned char *` base64 decoded string
+
+```c
+unsigned char *
+b64_decode (const char *, size_t);
+```
+
+## license
+
+MIT
diff --git a/thirdparty/base64url/b64/b64.h b/thirdparty/base64url/b64/b64.h
new file mode 100644
index 0000000..e39d746
--- /dev/null
+++ b/thirdparty/base64url/b64/b64.h
@@ -0,0 +1,84 @@
+
+/**
+ * `b64.h' - b64
+ *
+ * copyright (c) 2014 joseph werle
+ */
+
+#ifndef B64_H
+#define B64_H 1
+
+typedef struct b64_buffer {
+ char * ptr;
+ int bufc;
+} b64_buffer_t;
+
+/**
+ * Memory allocation functions to use. You can define b64_malloc and
+ * b64_realloc to custom functions if you want.
+ */
+
+#ifndef b64_malloc
+# define b64_malloc(ptr) malloc(ptr)
+#endif
+#ifndef b64_realloc
+# define b64_realloc(ptr, size) realloc(ptr, size)
+#endif
+
+ // How much memory to allocate per buffer
+#define B64_BUFFER_SIZE (1024 * 64) // 64K
+
+ // Start buffered memory
+int b64_buf_malloc(b64_buffer_t * buffer);
+
+// Update memory size. Returns the same pointer if we
+// have enough space in the buffer. Otherwise, we add
+// additional buffers.
+int b64_buf_realloc(b64_buffer_t * buffer, size_t size);
+
+/**
+ * Base64 index table.
+ */
+
+static const char b64_table[] = {
+ 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H',
+ 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P',
+ 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X',
+ 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f',
+ 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n',
+ 'o', 'p', 'q', 'r', 's', 't', 'u', 'v',
+ 'w', 'x', 'y', 'z', '0', '1', '2', '3',
+ '4', '5', '6', '7', '8', '9', '+', '/'
+};
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Encode `unsigned char *' source with `size_t' size.
+ * Returns a `char *' base64 encoded string.
+ */
+
+char *
+b64_encode (const unsigned char *, size_t);
+
+/**
+ * Decode `char *' source with `size_t' size.
+ * Returns a `unsigned char *' base64 decoded string.
+ */
+unsigned char *
+b64_decode (const char *, size_t);
+
+/**
+ * Decode `char *' source with `size_t' size.
+ * Returns a `unsigned char *' base64 decoded string + size of decoded string.
+ */
+unsigned char *
+b64_decode_ex (const char *, size_t, size_t *);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/thirdparty/base64url/b64/buffer.c b/thirdparty/base64url/b64/buffer.c
new file mode 100644
index 0000000..708c882
--- /dev/null
+++ b/thirdparty/base64url/b64/buffer.c
@@ -0,0 +1,33 @@
+#include <stdlib.h>
+#include <ctype.h>
+#include "b64.h"
+
+#ifdef b64_USE_CUSTOM_MALLOC
+extern void* b64_malloc(size_t);
+#endif
+
+#ifdef b64_USE_CUSTOM_REALLOC
+extern void* b64_realloc(void*, size_t);
+#endif
+
+int b64_buf_malloc(b64_buffer_t * buf)
+{
+ buf->ptr = b64_malloc(B64_BUFFER_SIZE);
+ if(!buf->ptr) return -1;
+
+ buf->bufc = 1;
+
+ return 0;
+}
+
+int b64_buf_realloc(b64_buffer_t* buf, size_t size)
+{
+ if (size > (size_t)buf->bufc * B64_BUFFER_SIZE)
+ {
+ while (size > (size_t)buf->bufc * B64_BUFFER_SIZE) buf->bufc++;
+ buf->ptr = b64_realloc(buf->ptr, B64_BUFFER_SIZE * buf->bufc);
+ if (!buf->ptr) return -1;
+ }
+
+ return 0;
+}
diff --git a/thirdparty/base64url/b64/decode.c b/thirdparty/base64url/b64/decode.c
new file mode 100644
index 0000000..38093bb
--- /dev/null
+++ b/thirdparty/base64url/b64/decode.c
@@ -0,0 +1,117 @@
+
+/**
+ * `decode.c' - b64
+ *
+ * copyright (c) 2014 joseph werle
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include "b64.h"
+
+#ifdef b64_USE_CUSTOM_MALLOC
+extern void* b64_malloc(size_t);
+#endif
+
+#ifdef b64_USE_CUSTOM_REALLOC
+extern void* b64_realloc(void*, size_t);
+#endif
+
+unsigned char *
+b64_decode (const char *src, size_t len) {
+ return b64_decode_ex(src, len, NULL);
+}
+
+unsigned char *
+b64_decode_ex (const char *src, size_t len, size_t *decsize) {
+ int i = 0;
+ int j = 0;
+ int l = 0;
+ size_t size = 0;
+ b64_buffer_t decbuf;
+ unsigned char buf[3];
+ unsigned char tmp[4];
+
+ // alloc
+ if (b64_buf_malloc(&decbuf) == -1) { return NULL; }
+
+ // parse until end of source
+ while (len--) {
+ // break if char is `=' or not base64 char
+ if ('=' == src[j]) { break; }
+ if (!(isalnum(src[j]) || '+' == src[j] || '/' == src[j])) { break; }
+
+ // read up to 4 bytes at a time into `tmp'
+ tmp[i++] = src[j++];
+
+ // if 4 bytes read then decode into `buf'
+ if (4 == i) {
+ // translate values in `tmp' from table
+ for (i = 0; i < 4; ++i) {
+ // find translation char in `b64_table'
+ for (l = 0; l < 64; ++l) {
+ if (tmp[i] == b64_table[l]) {
+ tmp[i] = l;
+ break;
+ }
+ }
+ }
+
+ // decode
+ buf[0] = (tmp[0] << 2) + ((tmp[1] & 0x30) >> 4);
+ buf[1] = ((tmp[1] & 0xf) << 4) + ((tmp[2] & 0x3c) >> 2);
+ buf[2] = ((tmp[2] & 0x3) << 6) + tmp[3];
+
+ // write decoded buffer to `decbuf.ptr'
+ if (b64_buf_realloc(&decbuf, size + 3) == -1) return NULL;
+ for (i = 0; i < 3; ++i) {
+ ((unsigned char*)decbuf.ptr)[size++] = buf[i];
+ }
+
+ // reset
+ i = 0;
+ }
+ }
+
+ // remainder
+ if (i > 0) {
+ // fill `tmp' with `\0' at most 4 times
+ for (j = i; j < 4; ++j) {
+ tmp[j] = '\0';
+ }
+
+ // translate remainder
+ for (j = 0; j < 4; ++j) {
+ // find translation char in `b64_table'
+ for (l = 0; l < 64; ++l) {
+ if (tmp[j] == b64_table[l]) {
+ tmp[j] = l;
+ break;
+ }
+ }
+ }
+
+ // decode remainder
+ buf[0] = (tmp[0] << 2) + ((tmp[1] & 0x30) >> 4);
+ buf[1] = ((tmp[1] & 0xf) << 4) + ((tmp[2] & 0x3c) >> 2);
+ buf[2] = ((tmp[2] & 0x3) << 6) + tmp[3];
+
+ // write remainer decoded buffer to `decbuf.ptr'
+ if (b64_buf_realloc(&decbuf, size + (i - 1)) == -1) return NULL;
+ for (j = 0; (j < i - 1); ++j) {
+ ((unsigned char*)decbuf.ptr)[size++] = buf[j];
+ }
+ }
+
+ // Make sure we have enough space to add '\0' character at end.
+ if (b64_buf_realloc(&decbuf, size + 1) == -1) return NULL;
+ ((unsigned char*)decbuf.ptr)[size] = '\0';
+
+ // Return back the size of decoded string if demanded.
+ if (decsize != NULL) {
+ *decsize = size;
+ }
+
+ return (unsigned char*) decbuf.ptr;
+}
diff --git a/thirdparty/base64url/b64/encode.c b/thirdparty/base64url/b64/encode.c
new file mode 100644
index 0000000..68e7924
--- /dev/null
+++ b/thirdparty/base64url/b64/encode.c
@@ -0,0 +1,93 @@
+
+/**
+ * `encode.c' - b64
+ *
+ * copyright (c) 2014 joseph werle
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include "b64.h"
+
+#ifdef b64_USE_CUSTOM_MALLOC
+extern void* b64_malloc(size_t);
+#endif
+
+#ifdef b64_USE_CUSTOM_REALLOC
+extern void* b64_realloc(void*, size_t);
+#endif
+
+char *
+b64_encode (const unsigned char *src, size_t len) {
+ int i = 0;
+ int j = 0;
+ b64_buffer_t encbuf;
+ size_t size = 0;
+ unsigned char buf[4];
+ unsigned char tmp[3];
+
+ // alloc
+ if(b64_buf_malloc(&encbuf) == -1) { return NULL; }
+
+ // parse until end of source
+ while (len--) {
+ // read up to 3 bytes at a time into `tmp'
+ tmp[i++] = *(src++);
+
+ // if 3 bytes read then encode into `buf'
+ if (3 == i) {
+ buf[0] = (tmp[0] & 0xfc) >> 2;
+ buf[1] = ((tmp[0] & 0x03) << 4) + ((tmp[1] & 0xf0) >> 4);
+ buf[2] = ((tmp[1] & 0x0f) << 2) + ((tmp[2] & 0xc0) >> 6);
+ buf[3] = tmp[2] & 0x3f;
+
+ // allocate 4 new byts for `enc` and
+ // then translate each encoded buffer
+ // part by index from the base 64 index table
+ // into `encbuf.ptr' unsigned char array
+ if (b64_buf_realloc(&encbuf, size + 4) == -1) return NULL;
+
+ for (i = 0; i < 4; ++i) {
+ encbuf.ptr[size++] = b64_table[buf[i]];
+ }
+
+ // reset index
+ i = 0;
+ }
+ }
+
+ // remainder
+ if (i > 0) {
+ // fill `tmp' with `\0' at most 3 times
+ for (j = i; j < 3; ++j) {
+ tmp[j] = '\0';
+ }
+
+ // perform same codec as above
+ buf[0] = (tmp[0] & 0xfc) >> 2;
+ buf[1] = ((tmp[0] & 0x03) << 4) + ((tmp[1] & 0xf0) >> 4);
+ buf[2] = ((tmp[1] & 0x0f) << 2) + ((tmp[2] & 0xc0) >> 6);
+ buf[3] = tmp[2] & 0x3f;
+
+ // perform same write to `encbuf->ptr` with new allocation
+ for (j = 0; (j < i + 1); ++j) {
+ if (b64_buf_realloc(&encbuf, size + 1) == -1) return NULL;
+
+ encbuf.ptr[size++] = b64_table[buf[j]];
+ }
+
+ // while there is still a remainder
+ // append `=' to `encbuf.ptr'
+ while ((i++ < 3)) {
+ if (b64_buf_realloc(&encbuf, size + 1) == -1) return NULL;
+
+ encbuf.ptr[size++] = '=';
+ }
+ }
+
+ // Make sure we have enough space to add '\0' character at end.
+ if (b64_buf_realloc(&encbuf, size + 1) == -1) return NULL;
+ encbuf.ptr[size] = '\0';
+
+ return encbuf.ptr;
+}
diff --git a/thirdparty/base64url/b64/notes.md b/thirdparty/base64url/b64/notes.md
new file mode 100644
index 0000000..63d23ba
--- /dev/null
+++ b/thirdparty/base64url/b64/notes.md
@@ -0,0 +1,10 @@
+## b64.c
+
+### Download
+
+This library can be downloaded from address https://github.com/jwerle/b64.c.
+
+### Version
+
+The version of this library is **tag 0.1.0**.
+
diff --git a/thirdparty/base64url/base64url.c b/thirdparty/base64url/base64url.c
new file mode 100644
index 0000000..0cb5eb1
--- /dev/null
+++ b/thirdparty/base64url/base64url.c
@@ -0,0 +1,74 @@
+/*
+kunpengsecl licensed under the Mulan PSL v2.
+You can use this software according to the terms and conditions of
+the Mulan PSL v2. You may obtain a copy of Mulan PSL v2 at:
+ http://license.coscl.org.cn/MulanPSL2
+THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
+EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
+MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
+See the Mulan PSL v2 for more details.
+
+Author: leezhenxiang
+Create: 2022-11-04
+Description: ta authenticating module in kta.
+ 1. 2022-11-04 leezhenxiang
+ define the structures.
+*/
+#include "base64url.h"
+
+#include <string.h>
+#include <stdlib.h>
+#include "b64/b64.h"
+
+//Encode unsigned char source to base64url.
+//Neither of param source_len or dest_len include character '\0'.
+//Return the first address of encoded string. 【warning】caller need free return ptr
+char* kpsecl_base64urlencode(const uint8_t *source, size_t source_len, size_t *dest_len) {
+ char *dest = b64_encode(source, source_len);
+ *dest_len = strlen(dest);
+ //change "+" to "-", "/" to "_", remove "=".
+ for(int i = *(int *)dest_len; i >= 0; i--) {
+ if(*(dest + i) == '+')
+ *(dest + i) = '-';
+ else if(*(dest + i) == '/')
+ *(dest + i) = '_';
+ else if(*(dest + i) == '=')
+ *(dest + i) = *(dest + i + 1);
+ }
+ return dest;
+}
+
+//Decode base64url string source to unsigned char.
+//Neither of param source_len or dest_len include character '\0'.
+//Return the first address of decoded unsigned string. 【warning】caller need free return ptr
+uint8_t* kpsecl_base64urldecode(const char *source, size_t source_len, size_t *dest_len) {
+ //change "-" to "+", "_" to "/", add back "=".
+ size_t i = 0;
+ char *tail1 = "=";
+ char *tail2 = "==";
+ char *b64 = calloc(1, source_len + 3);
+ if (b64 == NULL) {
+ return NULL;
+ }
+ memcpy(b64, source, source_len);
+ for(i = 0; i < source_len; i++) {
+ if(*(b64 + i) == '-')
+ *(b64 + i) = '+';
+ else if(*(b64 + i) == '_')
+ *(b64 + i) = '/';
+ }
+ *(b64 + i) = '\0';
+ if(source_len % 4 == 2) {
+ strcat(b64, tail2);
+ *dest_len = (source_len + 2) / 4 * 3 - 2;
+ }
+ else if(source_len % 4 == 3) {
+ strcat(b64, tail1);
+ *dest_len = (source_len + 1) / 4 * 3 - 1;
+ }
+ else if(source_len % 4 == 0)
+ *dest_len = source_len / 4 * 3;
+ uint8_t *dest = b64_decode(b64, strlen(b64));
+ free(b64);
+ return dest;
+}
diff --git a/thirdparty/base64url/base64url.h b/thirdparty/base64url/base64url.h
new file mode 100644
index 0000000..404621c
--- /dev/null
+++ b/thirdparty/base64url/base64url.h
@@ -0,0 +1,32 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+ * secGear is licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ * http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+
+#ifndef SECGEAR_BASE64URL_H
+#define SECGEAR_BASE64URL_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+// warning, caller need free return ptr
+char* kpsecl_base64urlencode(const uint8_t *source, size_t source_len, size_t *dest_len);
+
+// warning, caller need free return ptr
+uint8_t* kpsecl_base64urldecode(const char *source, size_t source_len, size_t *dest_len);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
diff --git a/tools/sign_tool/sign_tool.sh b/tools/sign_tool/sign_tool.sh
index f150aed..c567423 100755
--- a/tools/sign_tool/sign_tool.sh
+++ b/tools/sign_tool/sign_tool.sh
@@ -122,8 +122,8 @@ itrustee_start_sign() {
cp ${IN_ENCLAVE} ${IN_PATH}/libcombine.so
OUT_PATH=$(dirname ${OUT_FILE})
echo ${IN_PATH} ${OUT_PATH}
- python -B ${signtoolpath}/signtool_v3.py ${IN_PATH} ${OUT_PATH} --privateCfg ${A_CONFIG_FILE}
- #rm -rf ${IN_PATH}/libcombine.so
+ python3 -B ${signtoolpath}/signtool_v3.py ${IN_PATH} ${OUT_PATH} --privateCfg ${A_CONFIG_FILE}
+ rm -rf ${IN_PATH}/libcombine.so
else
echo "Error: illegal command"
fi
--
2.33.0
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手