packages/secGear
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
secGear/0071-adapt-report-with-request-key.patch
qsw33 63198ecadf synchronous features
2023-09-18 11:13:44 +08:00

156 lines
5.8 KiB
Diff
Raw Blame History

From a6064d550da8a0b204249d16692708cc3ed14832 Mon Sep 17 00:00:00 2001
From: houmingyong <houmingyong@huawei.com>
Date: Tue, 20 Jun 2023 19:19:39 +0800
Subject: [PATCH] adapt report with request key
---
.../client/secure_channel_client.c | 70 ++++---------------
.../secure_channel/host/secure_channel_host.c | 12 ----
2 files changed, 15 insertions(+), 67 deletions(-)
diff --git a/component/secure_channel/client/secure_channel_client.c b/component/secure_channel/client/secure_channel_client.c
index 21067b1..6a45a1d 100644
--- a/component/secure_channel/client/secure_channel_client.c
+++ b/component/secure_channel/client/secure_channel_client.c
@@ -243,53 +243,6 @@ static cc_enclave_result_t request_report(cc_sec_chl_ctx_t *ctx, sec_chl_msg_typ
return CC_SUCCESS;
}
-static cc_enclave_result_t get_ra_report(cc_sec_chl_ctx_t *ctx)
-{
- return request_report(ctx, SEC_CHL_MSG_GET_RA_REPORT, false);
-}
-
-static cc_enclave_result_t verify_report(cc_sec_chl_ctx_t *ctx, sec_chl_msg_t *msg)
-{
- cc_enclave_result_t ret = CC_SUCCESS;
- if (msg->sub_type == GET_SVRPUBKEY_SUBTYPE_REPORT) {
- cc_ra_buf_t report = {0};
- report.buf = msg->data;
- report.len = msg->data_len;
- cc_ra_buf_t nonce = {0};
- nonce.len = SEC_CHL_REQ_NONCE_LEN;
- nonce.buf = ctx->handle->ra_req.nonce;
- ret = cc_verify_report(&report, &nonce, CC_RA_VERIFY_TYPE_STRICT, ctx->basevalue);
- if (ret != CC_SUCCESS) {
- printf("verify report failed ret:%u\n", ret);
- return CC_ERROR_SEC_CHL_INIT_VERIFY_REPORT;
- }
- }
- return ret;
-}
-
-static cc_enclave_result_t recv_ra_report(cc_sec_chl_ctx_t *ctx)
-{
- sec_chl_msg_t *msg = NULL;
-
- pthread_mutex_lock(&ctx->handle->lock);
- if (ctx->handle->recv_buf_len == 0) {
- pthread_mutex_unlock(&ctx->handle->lock);
- return CC_ERROR_SEC_CHL_WAITING_RECV_MSG;
- }
- msg = (sec_chl_msg_t *)ctx->handle->recv_buf;
- cc_enclave_result_t ret = verify_report(ctx, msg);
- if (ret != CC_SUCCESS) {
- pthread_mutex_unlock(&ctx->handle->lock);
- return ret;
- }
-
- ctx->session_id = msg->session_id;
- ctx->handle->recv_buf_len = 0;
- pthread_mutex_unlock(&ctx->handle->lock);
-
- return CC_SUCCESS;
-}
-
static cc_enclave_result_t get_svr_pubkey(cc_sec_chl_ctx_t *ctx)
{
return request_report(ctx, SEC_CHL_MSG_GET_SVR_PUBKEY, true);
@@ -311,14 +264,14 @@ static cc_enclave_result_t get_svr_key_from_report(cc_sec_chl_ctx_t *ctx, cc_ra_
printf("report payload failed!\n");
goto end;
}
- cJSON *cj_nonce = cJSON_GetObjectItemCaseSensitive(cj_payload, "nonce");
- if(cj_nonce == NULL) {
- printf("report nonce failed!\n");
+ cJSON *cj_key = cJSON_GetObjectItemCaseSensitive(cj_payload, "key");
+ if (cj_key == NULL) {
+ printf("report key failed!\n");
goto end;
}
// comput pubkey
- cJSON *cj_pub_key = cJSON_GetObjectItemCaseSensitive(cj_nonce, "pub_key");
- if(cj_pub_key == NULL) {
+ cJSON *cj_pub_key = cJSON_GetObjectItemCaseSensitive(cj_key, "pub_key");
+ if (cj_pub_key == NULL) {
printf("report pub_key failed!\n");
goto end;
}
@@ -347,7 +300,7 @@ static cc_enclave_result_t get_svr_key_from_report(cc_sec_chl_ctx_t *ctx, cc_ra_
ctx->handle->rsa_svr_pubkey = svr_pub_key;
// save enc key to ctx
- cJSON *cj_enc_key = cJSON_GetObjectItemCaseSensitive(cj_nonce, "enc_key");
+ cJSON *cj_enc_key = cJSON_GetObjectItemCaseSensitive(cj_key, "enc_key");
if(cj_enc_key == NULL) {
printf("report enc_key failed!\n");
goto fail;
@@ -410,6 +363,15 @@ static cc_enclave_result_t parse_svrpubkey_from_recv_msg(cc_sec_chl_ctx_t *ctx,
cc_ra_buf_t report = {0};
report.buf = msg->data;
report.len = msg->data_len;
+ cc_ra_buf_t nonce = {0};
+ nonce.len = SEC_CHL_REQ_NONCE_LEN;
+ nonce.buf = ctx->handle->ra_req.nonce;
+
+ ret = cc_verify_report(&report, &nonce, CC_RA_VERIFY_TYPE_STRICT, ctx->basevalue);
+ if (ret != CC_SUCCESS) {
+ printf("verify report failed ret:%u\n", ret);
+ return CC_ERROR_SEC_CHL_INIT_VERIFY_REPORT;
+ }
ret = get_svr_key_from_report(ctx, &report);
if (ret != CC_SUCCESS) {
@@ -635,8 +597,6 @@ static cc_enclave_result_t sec_chl_compute_session_key(cc_sec_chl_ctx_t *ctx)
}
static sec_chl_fsm_state_transform_t g_state_transform_table[] = {
- {get_ra_report},
- {recv_ra_report},
{get_svr_pubkey},
{recv_svr_pubkey},
{set_encrypt_key_to_server_ta},
diff --git a/component/secure_channel/host/secure_channel_host.c b/component/secure_channel/host/secure_channel_host.c
index e7adf3c..9ef160c 100644
--- a/component/secure_channel/host/secure_channel_host.c
+++ b/component/secure_channel/host/secure_channel_host.c
@@ -96,15 +96,6 @@ static int sec_chl_get_ra_report(cc_enclave_t *context, sec_chl_msg_t *msg,
return CC_SUCCESS;
}
-static int sec_chl_get_ra_report_ex(cc_enclave_t *context, sec_chl_msg_t *msg,
- sec_chl_msg_t **rsp_msg, size_t *rsp_msg_len)
-{
- if (is_support_remote_attest(context)) {
- return sec_chl_get_ra_report(context, msg, rsp_msg, rsp_msg_len);
- }
- return CC_SUCCESS;
-}
-
static int sec_chl_get_pubkey(cc_enclave_t *context, sec_chl_msg_t *msg, sec_chl_msg_t **rsp_msg, size_t *rsp_msg_len)
{
if (is_support_remote_attest(context)) {
@@ -423,9 +414,6 @@ static cc_enclave_result_t handle_recv_msg(cc_enclave_t *context, sec_chl_msg_t
{
cc_enclave_result_t ret = CC_FAIL;
switch (msg->msg_type) {
- case SEC_CHL_MSG_GET_RA_REPORT:
- ret = sec_chl_get_ra_report_ex(context, msg, rsp_msg, rsp_msg_len);
- break;
case SEC_CHL_MSG_GET_SVR_PUBKEY:
ret = sec_chl_get_pubkey(context, msg, rsp_msg, rsp_msg_len);
break;
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink