407 lines
15 KiB
Diff
407 lines
15 KiB
Diff
From 907b34fa937eb6e41f25ebff23db88956842c635 Mon Sep 17 00:00:00 2001
|
|
From: houmingyong <houmingyong@huawei.com>
|
|
Date: Sat, 27 May 2023 15:29:01 +0800
|
|
Subject: [PATCH] some code optimize
|
|
|
|
---
|
|
.../remote_attest/ra_report/CMakeLists.txt | 2 --
|
|
.../remote_attest/ra_report/gp_ra_report.c | 11 +++----
|
|
.../remote_attest/ra_report/gp_ra_report.h | 24 ---------------
|
|
.../remote_attest/ra_report/sgx_ra_report.c | 10 +++----
|
|
.../remote_attest/ra_report/sgx_ra_report.h | 24 ---------------
|
|
.../remote_attest/ra_verify/CMakeLists.txt | 3 --
|
|
.../ra_verify/gp_ra_report_verify.c | 11 +++----
|
|
.../ra_verify/gp_ra_report_verify.h | 30 -------------------
|
|
.../ra_verify/sgx_ra_report_verify.c | 9 ++----
|
|
.../ra_verify/sgx_ra_report_verify.h | 30 -------------------
|
|
examples/secure_channel/client/CMakeLists.txt | 6 +++-
|
|
.../client_with_recv_thread/CMakeLists.txt | 5 +++-
|
|
.../client_with_recv_thread/client.c | 3 +-
|
|
13 files changed, 26 insertions(+), 142 deletions(-)
|
|
delete mode 100644 component/remote_attest/ra_report/gp_ra_report.h
|
|
delete mode 100644 component/remote_attest/ra_report/sgx_ra_report.h
|
|
delete mode 100644 component/remote_attest/ra_verify/gp_ra_report_verify.h
|
|
delete mode 100644 component/remote_attest/ra_verify/sgx_ra_report_verify.h
|
|
|
|
diff --git a/component/remote_attest/ra_report/CMakeLists.txt b/component/remote_attest/ra_report/CMakeLists.txt
|
|
index 548e786..2f00dc7 100644
|
|
--- a/component/remote_attest/ra_report/CMakeLists.txt
|
|
+++ b/component/remote_attest/ra_report/CMakeLists.txt
|
|
@@ -45,5 +45,3 @@ install(TARGETS ${TARGET}
|
|
LIBRARY
|
|
DESTINATION ${LIBRARY_INSTALL}
|
|
PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
|
|
-
|
|
-
|
|
diff --git a/component/remote_attest/ra_report/gp_ra_report.c b/component/remote_attest/ra_report/gp_ra_report.c
|
|
index 978127a..4625cd3 100644
|
|
--- a/component/remote_attest/ra_report/gp_ra_report.c
|
|
+++ b/component/remote_attest/ra_report/gp_ra_report.c
|
|
@@ -9,9 +9,6 @@
|
|
* PURPOSE.
|
|
* See the Mulan PSL v2 for more details.
|
|
*/
|
|
-
|
|
-#include "gp_ra_report.h"
|
|
-
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include "ra_client_api.h"
|
|
@@ -171,7 +168,7 @@ static cc_enclave_result_t gp_ra_provision_no_as()
|
|
return CC_SUCCESS;
|
|
}
|
|
|
|
-cc_enclave_result_t gp_prepare_ra_env(cc_ra_scenario_t scenario)
|
|
+static cc_enclave_result_t gp_prepare_ra_env(cc_ra_scenario_t scenario)
|
|
{
|
|
cc_enclave_result_t ret = CC_SUCCESS;
|
|
switch (scenario) {
|
|
@@ -184,7 +181,7 @@ cc_enclave_result_t gp_prepare_ra_env(cc_ra_scenario_t scenario)
|
|
return ret;
|
|
}
|
|
|
|
-cc_enclave_result_t gp_get_ra_report(cc_get_ra_report_input_t *in, cc_ra_buf_t *report)
|
|
+static cc_enclave_result_t gp_get_ra_report(cc_get_ra_report_input_t *in, cc_ra_buf_t *report)
|
|
{
|
|
cc_ra_buf_t *ra_buf_in = NULL;
|
|
cc_enclave_result_t ret = gen_ra_report_in_buff(in, &ra_buf_in);
|
|
@@ -203,12 +200,12 @@ cc_enclave_result_t gp_get_ra_report(cc_get_ra_report_input_t *in, cc_ra_buf_t *
|
|
return CC_SUCCESS;
|
|
}
|
|
|
|
-uni_ree_agent_t g_gp_agent = {
|
|
+static uni_ree_agent_t g_gp_agent = {
|
|
.tee_type = CC_TEE_TYPE_GP,
|
|
.prepare_ra_env = gp_prepare_ra_env,
|
|
.get_ra_report = gp_get_ra_report,
|
|
};
|
|
-static __attribute__((constructor)) void gp_register_ree_agent()
|
|
+static __attribute__((constructor)) void gp_register_ree_agent(void)
|
|
{
|
|
cc_register_ree_agent(&g_gp_agent);
|
|
}
|
|
\ No newline at end of file
|
|
diff --git a/component/remote_attest/ra_report/gp_ra_report.h b/component/remote_attest/ra_report/gp_ra_report.h
|
|
deleted file mode 100644
|
|
index ed58bb0..0000000
|
|
--- a/component/remote_attest/ra_report/gp_ra_report.h
|
|
+++ /dev/null
|
|
@@ -1,24 +0,0 @@
|
|
-/*
|
|
- * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
|
|
- * secGear is licensed under the Mulan PSL v2.
|
|
- * You can use this software according to the terms and conditions of the Mulan PSL v2.
|
|
- * You may obtain a copy of Mulan PSL v2 at:
|
|
- * http://license.coscl.org.cn/MulanPSL2
|
|
- * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
|
|
- * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
|
|
- * PURPOSE.
|
|
- * See the Mulan PSL v2 for more details.
|
|
- */
|
|
-
|
|
-#ifndef SECGEAR_GP_RA_REPORT_H
|
|
-#define SECGEAR_GP_RA_REPORT_H
|
|
-
|
|
-#include "status.h"
|
|
-#include "sg_report_st.h"
|
|
-
|
|
-cc_enclave_result_t gp_prepare_ra_env(cc_ra_scenario_t scenario);
|
|
-
|
|
-cc_enclave_result_t gp_get_ra_report(cc_get_ra_report_input_t *in, cc_ra_buf_t *report);
|
|
-
|
|
-#endif
|
|
-
|
|
diff --git a/component/remote_attest/ra_report/sgx_ra_report.c b/component/remote_attest/ra_report/sgx_ra_report.c
|
|
index 8d02fc3..6bd0bdc 100644
|
|
--- a/component/remote_attest/ra_report/sgx_ra_report.c
|
|
+++ b/component/remote_attest/ra_report/sgx_ra_report.c
|
|
@@ -9,17 +9,15 @@
|
|
* PURPOSE.
|
|
* See the Mulan PSL v2 for more details.
|
|
*/
|
|
-
|
|
-#include "sgx_ra_report.h"
|
|
#include "uni_ree_agent.h"
|
|
|
|
-cc_enclave_result_t sgx_prepare_ra_env(cc_ra_scenario_t scenario)
|
|
+static cc_enclave_result_t sgx_prepare_ra_env(cc_ra_scenario_t scenario)
|
|
{
|
|
(void)scenario;
|
|
return CC_SUCCESS;
|
|
}
|
|
|
|
-cc_enclave_result_t sgx_get_ra_report(cc_get_ra_report_input_t *in, cc_ra_buf_t *report)
|
|
+static cc_enclave_result_t sgx_get_ra_report(cc_get_ra_report_input_t *in, cc_ra_buf_t *report)
|
|
{
|
|
(void)in;
|
|
(void)report;
|
|
@@ -27,12 +25,12 @@ cc_enclave_result_t sgx_get_ra_report(cc_get_ra_report_input_t *in, cc_ra_buf_t
|
|
return CC_SUCCESS;
|
|
}
|
|
|
|
-uni_ree_agent_t g_sgx_agent = {
|
|
+static uni_ree_agent_t g_sgx_agent = {
|
|
.tee_type = CC_TEE_TYPE_SGX,
|
|
.prepare_ra_env = sgx_prepare_ra_env,
|
|
.get_ra_report = sgx_get_ra_report,
|
|
};
|
|
-static __attribute__((constructor)) void sgx_register_ree_agent()
|
|
+static __attribute__((constructor)) void sgx_register_ree_agent(void)
|
|
{
|
|
cc_register_ree_agent(&g_sgx_agent);
|
|
}
|
|
\ No newline at end of file
|
|
diff --git a/component/remote_attest/ra_report/sgx_ra_report.h b/component/remote_attest/ra_report/sgx_ra_report.h
|
|
deleted file mode 100644
|
|
index d9a33cc..0000000
|
|
--- a/component/remote_attest/ra_report/sgx_ra_report.h
|
|
+++ /dev/null
|
|
@@ -1,24 +0,0 @@
|
|
-/*
|
|
- * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
|
|
- * secGear is licensed under the Mulan PSL v2.
|
|
- * You can use this software according to the terms and conditions of the Mulan PSL v2.
|
|
- * You may obtain a copy of Mulan PSL v2 at:
|
|
- * http://license.coscl.org.cn/MulanPSL2
|
|
- * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
|
|
- * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
|
|
- * PURPOSE.
|
|
- * See the Mulan PSL v2 for more details.
|
|
- */
|
|
-
|
|
-#ifndef SECGEAR_SGX_RA_REPORT_H
|
|
-#define SECGEAR_SGX_RA_REPORT_H
|
|
-
|
|
-#include "status.h"
|
|
-#include "sg_report_st.h"
|
|
-
|
|
-cc_enclave_result_t sgx_prepare_ra_env(cc_ra_scenario_t scenario);
|
|
-
|
|
-cc_enclave_result_t sgx_get_ra_report(cc_get_ra_report_input_t *in, cc_ra_buf_t *report);
|
|
-
|
|
-#endif
|
|
-
|
|
diff --git a/component/remote_attest/ra_verify/CMakeLists.txt b/component/remote_attest/ra_verify/CMakeLists.txt
|
|
index 53707b1..54b2eca 100644
|
|
--- a/component/remote_attest/ra_verify/CMakeLists.txt
|
|
+++ b/component/remote_attest/ra_verify/CMakeLists.txt
|
|
@@ -31,7 +31,6 @@ if(${CMAKE_VERSION} VERSION_LESS "3.13.0")
|
|
endif()
|
|
|
|
include_directories(
|
|
- ${CMAKE_CURRENT_BINARY_DIR}
|
|
${CMAKE_CURRENT_SOURCE_DIR}
|
|
${CMAKE_CURRENT_SOURCE_DIR}/..
|
|
${LOCAL_ROOT_PATH}/inc/host_inc
|
|
@@ -49,5 +48,3 @@ install(TARGETS ${TARGET}
|
|
LIBRARY
|
|
DESTINATION ${LIBRARY_INSTALL}
|
|
PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
|
|
-
|
|
-
|
|
diff --git a/component/remote_attest/ra_verify/gp_ra_report_verify.c b/component/remote_attest/ra_verify/gp_ra_report_verify.c
|
|
index 76debb4..f74c2ea 100644
|
|
--- a/component/remote_attest/ra_verify/gp_ra_report_verify.c
|
|
+++ b/component/remote_attest/ra_verify/gp_ra_report_verify.c
|
|
@@ -9,15 +9,12 @@
|
|
* PURPOSE.
|
|
* See the Mulan PSL v2 for more details.
|
|
*/
|
|
-
|
|
-#include "gp_ra_report_verify.h"
|
|
-
|
|
#include "teeverifier.h"
|
|
#include "enclave_log.h"
|
|
|
|
#include "uni_ra_verify_agent.h"
|
|
|
|
-int convert_cctype_to_gptype(cc_ra_verify_type_t type)
|
|
+static int convert_cctype_to_gptype(cc_ra_verify_type_t type)
|
|
{
|
|
// gp type, 1: compare image hash; 2: compare mem hash; 3: compare image and mem hash
|
|
if (type == CC_RA_VERIFY_TYPE_LOOSE) {
|
|
@@ -29,7 +26,7 @@ int convert_cctype_to_gptype(cc_ra_verify_type_t type)
|
|
}
|
|
}
|
|
|
|
-cc_enclave_result_t gp_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce,
|
|
+static cc_enclave_result_t gp_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce,
|
|
cc_ra_verify_type_t type, char *basevalue)
|
|
{
|
|
int gp_type = convert_cctype_to_gptype(type);
|
|
@@ -52,10 +49,10 @@ cc_enclave_result_t gp_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce,
|
|
return ret;
|
|
}
|
|
|
|
-uni_ra_verify_agent_t g_gp_ra_verify_agent = {
|
|
+static uni_ra_verify_agent_t g_gp_ra_verify_agent = {
|
|
.verify_ra_report = gp_verify_report,
|
|
};
|
|
-static __attribute__((constructor)) void gp_register_ra_agent()
|
|
+static __attribute__((constructor)) void gp_register_ra_agent(void)
|
|
{
|
|
cc_register_ra_verify_agent(&g_gp_ra_verify_agent);
|
|
}
|
|
\ No newline at end of file
|
|
diff --git a/component/remote_attest/ra_verify/gp_ra_report_verify.h b/component/remote_attest/ra_verify/gp_ra_report_verify.h
|
|
deleted file mode 100644
|
|
index 68a7c38..0000000
|
|
--- a/component/remote_attest/ra_verify/gp_ra_report_verify.h
|
|
+++ /dev/null
|
|
@@ -1,30 +0,0 @@
|
|
-/*
|
|
- * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
|
|
- * secGear is licensed under the Mulan PSL v2.
|
|
- * You can use this software according to the terms and conditions of the Mulan PSL v2.
|
|
- * You may obtain a copy of Mulan PSL v2 at:
|
|
- * http://license.coscl.org.cn/MulanPSL2
|
|
- * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
|
|
- * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
|
|
- * PURPOSE.
|
|
- * See the Mulan PSL v2 for more details.
|
|
- */
|
|
-
|
|
-#ifndef SECGEAR_GP_RA_REPORT_VERIFY_H
|
|
-#define SECGEAR_GP_RA_REPORT_VERIFY_H
|
|
-
|
|
-#include "status.h"
|
|
-#include "sg_report_st.h"
|
|
-
|
|
-#ifdef __cplusplus
|
|
-extern "C" {
|
|
-#endif
|
|
-
|
|
-cc_enclave_result_t gp_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce,
|
|
- cc_ra_verify_type_t type, char *basevalue);
|
|
-
|
|
-#ifdef __cplusplus
|
|
-}
|
|
-#endif
|
|
-
|
|
-#endif
|
|
diff --git a/component/remote_attest/ra_verify/sgx_ra_report_verify.c b/component/remote_attest/ra_verify/sgx_ra_report_verify.c
|
|
index 0e2e81f..e2472a3 100644
|
|
--- a/component/remote_attest/ra_verify/sgx_ra_report_verify.c
|
|
+++ b/component/remote_attest/ra_verify/sgx_ra_report_verify.c
|
|
@@ -9,12 +9,9 @@
|
|
* PURPOSE.
|
|
* See the Mulan PSL v2 for more details.
|
|
*/
|
|
-
|
|
-#include "sgx_ra_report_verify.h"
|
|
-
|
|
#include "uni_ra_verify_agent.h"
|
|
|
|
-cc_enclave_result_t sgx_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce,
|
|
+static cc_enclave_result_t sgx_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce,
|
|
cc_ra_verify_type_t type, char *basevalue)
|
|
{
|
|
(void)report;
|
|
@@ -24,10 +21,10 @@ cc_enclave_result_t sgx_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce,
|
|
return CC_SUCCESS;
|
|
}
|
|
|
|
-uni_ra_verify_agent_t g_sgx_ra_verify_agent = {
|
|
+static uni_ra_verify_agent_t g_sgx_ra_verify_agent = {
|
|
.verify_ra_report = sgx_verify_report,
|
|
};
|
|
-static __attribute__((constructor)) void gp_register_ra_agent()
|
|
+static __attribute__((constructor)) void gp_register_ra_agent(void)
|
|
{
|
|
cc_register_ra_verify_agent(&g_sgx_ra_verify_agent);
|
|
}
|
|
\ No newline at end of file
|
|
diff --git a/component/remote_attest/ra_verify/sgx_ra_report_verify.h b/component/remote_attest/ra_verify/sgx_ra_report_verify.h
|
|
deleted file mode 100644
|
|
index 773f484..0000000
|
|
--- a/component/remote_attest/ra_verify/sgx_ra_report_verify.h
|
|
+++ /dev/null
|
|
@@ -1,30 +0,0 @@
|
|
-/*
|
|
- * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
|
|
- * secGear is licensed under the Mulan PSL v2.
|
|
- * You can use this software according to the terms and conditions of the Mulan PSL v2.
|
|
- * You may obtain a copy of Mulan PSL v2 at:
|
|
- * http://license.coscl.org.cn/MulanPSL2
|
|
- * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
|
|
- * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
|
|
- * PURPOSE.
|
|
- * See the Mulan PSL v2 for more details.
|
|
- */
|
|
-
|
|
-#ifndef SECGEAR_SGX_RA_REPORT_VERIFY_H
|
|
-#define SECGEAR_SGX_RA_REPORT_VERIFY_H
|
|
-
|
|
-#include "status.h"
|
|
-#include "sg_report_st.h"
|
|
-
|
|
-#ifdef __cplusplus
|
|
-extern "C" {
|
|
-#endif
|
|
-
|
|
-cc_enclave_result_t sgx_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce,
|
|
- cc_ra_verify_type_t type, char *basevalue);
|
|
-
|
|
-#ifdef __cplusplus
|
|
-}
|
|
-#endif
|
|
-
|
|
-#endif
|
|
diff --git a/examples/secure_channel/client/CMakeLists.txt b/examples/secure_channel/client/CMakeLists.txt
|
|
index 4c05022..ea8f079 100644
|
|
--- a/examples/secure_channel/client/CMakeLists.txt
|
|
+++ b/examples/secure_channel/client/CMakeLists.txt
|
|
@@ -15,7 +15,11 @@ target_include_directories(${OUTPUT} PRIVATE
|
|
if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0")
|
|
target_link_directories(${OUTPUT} PRIVATE /usr/lib64 /usr/local/lib)
|
|
endif()
|
|
-target_link_libraries(${OUTPUT} pthread csecure_channel)
|
|
+if (CC_GP)
|
|
+ set(THIRDPARTY_VERIFY teeverifier)
|
|
+endif()
|
|
+
|
|
+target_link_libraries(${OUTPUT} pthread csecure_channel ${THIRDPARTY_VERIFY})
|
|
|
|
set_target_properties(${OUTPUT} PROPERTIES SKIP_BUILD_RPATH TRUE)
|
|
|
|
diff --git a/examples/secure_channel/client_with_recv_thread/CMakeLists.txt b/examples/secure_channel/client_with_recv_thread/CMakeLists.txt
|
|
index 63f2c78..1e27d72 100644
|
|
--- a/examples/secure_channel/client_with_recv_thread/CMakeLists.txt
|
|
+++ b/examples/secure_channel/client_with_recv_thread/CMakeLists.txt
|
|
@@ -15,7 +15,10 @@ target_include_directories(${OUTPUT} PRIVATE
|
|
if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0")
|
|
target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
|
|
endif()
|
|
-target_link_libraries(${OUTPUT} pthread csecure_channel)
|
|
+if (CC_GP)
|
|
+ set(THIRDPARTY_VERIFY teeverifier)
|
|
+endif()
|
|
+target_link_libraries(${OUTPUT} pthread csecure_channel ${THIRDPARTY_VERIFY})
|
|
|
|
set_target_properties(${OUTPUT} PROPERTIES SKIP_BUILD_RPATH TRUE)
|
|
|
|
diff --git a/examples/secure_channel/client_with_recv_thread/client.c b/examples/secure_channel/client_with_recv_thread/client.c
|
|
index 52ebc10..db142bb 100644
|
|
--- a/examples/secure_channel/client_with_recv_thread/client.c
|
|
+++ b/examples/secure_channel/client_with_recv_thread/client.c
|
|
@@ -10,7 +10,7 @@
|
|
#include "secure_channel_client.h"
|
|
|
|
|
|
-#define MAXBUF 1024
|
|
+#define MAXBUF 12800
|
|
cc_sec_chl_ctx_t g_ctx = {0};
|
|
|
|
void *recv_msg_thread(void *arg)
|
|
@@ -87,6 +87,7 @@ int main(int argc, char **argv)
|
|
// step1: 初始化安全通道客户端,注册消息发送函数
|
|
g_ctx.conn_kit.send = (void *)socket_write_adpt;
|
|
g_ctx.conn_kit.conn = &sockfd;
|
|
+ g_ctx.basevalue = "/vendor/bin/basevalue.txt"; // content format:taid image_hash mem_hash
|
|
|
|
// step2: 创建消息接收线程
|
|
pthread_t thread;
|
|
--
|
|
2.33.0
|
|
|