packages/secGear
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
secGear/0065-optimize-name-ree-agent-to-ra-agent.patch
qsw33 63198ecadf synchronous features
2023-09-18 11:13:44 +08:00

269 lines
9.5 KiB
Diff
Raw Blame History

From 9ae8329b203d7d64b18958b79c8ce21ef46f8baf Mon Sep 17 00:00:00 2001
From: houmingyong <houmingyong@huawei.com>
Date: Thu, 1 Jun 2023 19:28:26 +0800
Subject: [PATCH] optimize name ree agent to ra agent
---
component/local_attest/sg_local_attest.h | 14 +++++++++++++
.../remote_attest/ra_report/gp_ra_report.c | 8 ++++----
.../remote_attest/ra_report/sg_ra_report.c | 20 +++++++++----------
.../remote_attest/ra_report/sg_ra_report.h | 13 +++++++++---
.../remote_attest/ra_report/sgx_ra_report.c | 8 ++++----
.../{uni_ree_agent.h => uni_ra_agent.h} | 8 ++++----
.../ra_verify/sg_ra_report_verify.h | 15 +++++++++++++-
.../client/secure_channel_client.h | 3 +++
inc/host_inc/status.h | 2 +-
9 files changed, 64 insertions(+), 27 deletions(-)
rename component/remote_attest/ra_report/{uni_ree_agent.h => uni_ra_agent.h} (89%)
diff --git a/component/local_attest/sg_local_attest.h b/component/local_attest/sg_local_attest.h
index 97f31ef..e615073 100644
--- a/component/local_attest/sg_local_attest.h
+++ b/component/local_attest/sg_local_attest.h
@@ -20,6 +20,20 @@
extern "C" {
#endif
+/**
+* [host TEE API] get and verify local attestation report by TA
+* [NOTICE] before calling cc_local_attest, the attestation service
+* need to be initialized by cc_prepare_ra_env, otherwise get report error
+*
+* @param[in] taid, the unique ID stirng of target TA
+*
+* @param[in] img_hash, the static image measure of target TA
+*
+* @param[in] mem_hash, the static memory measure of target TA
+*
+* @retval, On success, return 0.
+* On error, cc_enclave_result_t errorno is returned.
+*/
CC_API_SPEC cc_enclave_result_t cc_local_attest(char *taid, char *img_hash, char *mem_hash);
#ifdef __cplusplus
diff --git a/component/remote_attest/ra_report/gp_ra_report.c b/component/remote_attest/ra_report/gp_ra_report.c
index ca1fa03..29c6a6a 100644
--- a/component/remote_attest/ra_report/gp_ra_report.c
+++ b/component/remote_attest/ra_report/gp_ra_report.c
@@ -13,7 +13,7 @@
#include <string.h>
#include "ra_client_api.h"
#include "enclave_log.h"
-#include "uni_ree_agent.h"
+#include "uni_ra_agent.h"
#include "gp_report_helper.h"
#define PROVISION_OUT_LEN 0x3000
@@ -71,12 +71,12 @@ static cc_enclave_result_t gp_get_ra_report(cc_get_ra_report_input_t *in, cc_ra_
return CC_SUCCESS;
}
-static uni_ree_agent_t g_gp_agent = {
+static uni_ra_agent_t g_gp_agent = {
.tee_type = CC_TEE_TYPE_GP,
.prepare_ra_env = gp_prepare_ra_env,
.get_ra_report = gp_get_ra_report,
};
-static __attribute__((constructor)) void gp_register_ree_agent(void)
+static __attribute__((constructor)) void gp_register_ra_agent(void)
{
- cc_register_ree_agent(&g_gp_agent);
+ cc_register_ra_agent(&g_gp_agent);
}
\ No newline at end of file
diff --git a/component/remote_attest/ra_report/sg_ra_report.c b/component/remote_attest/ra_report/sg_ra_report.c
index 21ad417..20eba26 100644
--- a/component/remote_attest/ra_report/sg_ra_report.c
+++ b/component/remote_attest/ra_report/sg_ra_report.c
@@ -10,15 +10,15 @@
* See the Mulan PSL v2 for more details.
*/
#include "sg_ra_report.h"
-#include "uni_ree_agent.h"
+#include "uni_ra_agent.h"
-static uni_ree_agent_t *g_ree_agent = NULL;
+static uni_ra_agent_t *g_ra_agent = NULL;
cc_enclave_result_t cc_prepare_ra_env(cc_ra_scenario_t scenario)
{
- if (g_ree_agent == NULL) {
- return CC_ERROR_REE_AGENT_NOT_INIT;
+ if (g_ra_agent == NULL) {
+ return CC_ERROR_RA_AGENT_NOT_INIT;
}
- return g_ree_agent->prepare_ra_env(scenario);
+ return g_ra_agent->prepare_ra_env(scenario);
}
cc_enclave_result_t cc_get_ra_report(cc_get_ra_report_input_t *in, cc_ra_buf_t *report)
@@ -26,13 +26,13 @@ cc_enclave_result_t cc_get_ra_report(cc_get_ra_report_input_t *in, cc_ra_buf_t *
if (in == NULL || in->taid == NULL || report == NULL || report->buf == NULL) {
return CC_ERROR_BAD_PARAMETERS;
}
- if (g_ree_agent == NULL) {
- return CC_ERROR_REE_AGENT_NOT_INIT;
+ if (g_ra_agent == NULL) {
+ return CC_ERROR_RA_AGENT_NOT_INIT;
}
- return g_ree_agent->get_ra_report(in, report);
+ return g_ra_agent->get_ra_report(in, report);
}
-void cc_register_ree_agent(uni_ree_agent_t *agent)
+void cc_register_ra_agent(uni_ra_agent_t *agent)
{
- g_ree_agent = agent;
+ g_ra_agent = agent;
}
diff --git a/component/remote_attest/ra_report/sg_ra_report.h b/component/remote_attest/ra_report/sg_ra_report.h
index f3294c5..0d0d44f 100644
--- a/component/remote_attest/ra_report/sg_ra_report.h
+++ b/component/remote_attest/ra_report/sg_ra_report.h
@@ -21,15 +21,22 @@
#ifdef __cplusplus
extern "C" {
#endif
-
+/**
+* [host REE API] prepare attest environment before get report by attestation service
+*
+* @param[in] scenario, the scenario of attestation service
+*
+* @retval, On success, return 0.
+* On error, cc_enclave_result_t errorno is returned.
+*/
CC_API_SPEC cc_enclave_result_t cc_prepare_ra_env(cc_ra_scenario_t scenario);
/**
-* get remote attestation report
+* [host REE API] get remote attestation report by attestation service
*
* @param[in] in, bytes of input
*
-* @param[out] report, remote attestion report, 0x3000 =< len < 0x100000
+* @param[in/out] report, remote attestion report, 0x3000 =< report->len < 0x100000
*
* @retval, On success, return 0.
* On error, cc_enclave_result_t errorno is returned.
diff --git a/component/remote_attest/ra_report/sgx_ra_report.c b/component/remote_attest/ra_report/sgx_ra_report.c
index 6bd0bdc..d63474e 100644
--- a/component/remote_attest/ra_report/sgx_ra_report.c
+++ b/component/remote_attest/ra_report/sgx_ra_report.c
@@ -9,7 +9,7 @@
* PURPOSE.
* See the Mulan PSL v2 for more details.
*/
-#include "uni_ree_agent.h"
+#include "uni_ra_agent.h"
static cc_enclave_result_t sgx_prepare_ra_env(cc_ra_scenario_t scenario)
{
@@ -25,12 +25,12 @@ static cc_enclave_result_t sgx_get_ra_report(cc_get_ra_report_input_t *in, cc_ra
return CC_SUCCESS;
}
-static uni_ree_agent_t g_sgx_agent = {
+static uni_ra_agent_t g_sgx_agent = {
.tee_type = CC_TEE_TYPE_SGX,
.prepare_ra_env = sgx_prepare_ra_env,
.get_ra_report = sgx_get_ra_report,
};
-static __attribute__((constructor)) void sgx_register_ree_agent(void)
+static __attribute__((constructor)) void sgx_register_ra_agent(void)
{
- cc_register_ree_agent(&g_sgx_agent);
+ cc_register_ra_agent(&g_sgx_agent);
}
\ No newline at end of file
diff --git a/component/remote_attest/ra_report/uni_ree_agent.h b/component/remote_attest/ra_report/uni_ra_agent.h
similarity index 89%
rename from component/remote_attest/ra_report/uni_ree_agent.h
rename to component/remote_attest/ra_report/uni_ra_agent.h
index 65a46d1..0801ab9 100644
--- a/component/remote_attest/ra_report/uni_ree_agent.h
+++ b/component/remote_attest/ra_report/uni_ra_agent.h
@@ -10,8 +10,8 @@
* See the Mulan PSL v2 for more details.
*/
-#ifndef SECGEAR_UNI_REE_AGENT_H
-#define SECGEAR_UNI_REE_AGENT_H
+#ifndef SECGEAR_UNI_RA_AGENT_H
+#define SECGEAR_UNI_RA_AGENT_H
#include <stdint.h>
#include "status.h"
@@ -33,9 +33,9 @@ typedef struct {
cc_tee_type_t tee_type;
uni_prepare_ra_env_proc_t prepare_ra_env;
uni_get_ra_report_proc_t get_ra_report;
-} uni_ree_agent_t;
+} uni_ra_agent_t;
-void cc_register_ree_agent(uni_ree_agent_t *agent);
+void cc_register_ra_agent(uni_ra_agent_t *agent);
#ifdef __cplusplus
}
diff --git a/component/remote_attest/ra_verify/sg_ra_report_verify.h b/component/remote_attest/ra_verify/sg_ra_report_verify.h
index b566cef..e5da876 100644
--- a/component/remote_attest/ra_verify/sg_ra_report_verify.h
+++ b/component/remote_attest/ra_verify/sg_ra_report_verify.h
@@ -20,7 +20,20 @@
#ifdef __cplusplus
extern "C" {
#endif
-
+/**
+* [verifier API] verify remote attestation report by verifier
+*
+* @param[in] report, the report of target TA
+*
+* @param[in] nonce, the nonce generated when get report
+*
+* @param[in] type, the mode of verify report
+*
+* @param[in] basevalue, the basevalue file path of target TA,
+*
+* @retval, On success, return 0.
+* On error, cc_enclave_result_t errorno is returned.
+*/
CC_API_SPEC cc_enclave_result_t cc_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce,
cc_ra_verify_type_t type, char *basevalue);
diff --git a/component/secure_channel/client/secure_channel_client.h b/component/secure_channel/client/secure_channel_client.h
index e2d0b7e..2f5c13d 100644
--- a/component/secure_channel/client/secure_channel_client.h
+++ b/component/secure_channel/client/secure_channel_client.h
@@ -55,11 +55,14 @@ typedef enum {
/**
* secure channel init function
+* [Warning] because TA report is big, the conn_kit must have bigger read buffer
+* to carry secure channel msg(>=12320bytes).
*
* @param[in] algo, The algorithm suite of secure channel
*
* @param[in/out] ctx, The pointer of secure channel context
* input need init conn_kit;
+* input need init basevalue; the secure channel server's TA basevalue, generated by sign TA
* output session_id and cc_sec_chl_handle_t
*
* @retval, On success, return 0. generate session_key between client and enclave.
diff --git a/inc/host_inc/status.h b/inc/host_inc/status.h
index 0ecb243..7a7920b 100644
--- a/inc/host_inc/status.h
+++ b/inc/host_inc/status.h
@@ -87,7 +87,7 @@ typedef enum _enclave_result_t
CC_ERROR_RA_REPORT_VERIFY_HASH,
CC_ERROR_RA_REPORT_VERIFY_INVALID_TYPE,
- CC_ERROR_REE_AGENT_NOT_INIT,
+ CC_ERROR_RA_AGENT_NOT_INIT,
CC_ERROR_RA_VERIFY_AGENT_NOT_INIT,
CC_ERROR_LOCAL_REPORT_INVALID,
CC_ERROR_LOCAL_REPORT_HASH_MISMATCH,
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink