Projects
Eulaceura:Factory
secGear
_service:obs_scm:0065-optimize-name-ree-agent-t...
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:obs_scm:0065-optimize-name-ree-agent-to-ra-agent.patch of Package secGear
From 9ae8329b203d7d64b18958b79c8ce21ef46f8baf Mon Sep 17 00:00:00 2001 From: houmingyong <houmingyong@huawei.com> Date: Thu, 1 Jun 2023 19:28:26 +0800 Subject: [PATCH] optimize name ree agent to ra agent --- component/local_attest/sg_local_attest.h | 14 +++++++++++++ .../remote_attest/ra_report/gp_ra_report.c | 8 ++++---- .../remote_attest/ra_report/sg_ra_report.c | 20 +++++++++---------- .../remote_attest/ra_report/sg_ra_report.h | 13 +++++++++--- .../remote_attest/ra_report/sgx_ra_report.c | 8 ++++---- .../{uni_ree_agent.h => uni_ra_agent.h} | 8 ++++---- .../ra_verify/sg_ra_report_verify.h | 15 +++++++++++++- .../client/secure_channel_client.h | 3 +++ inc/host_inc/status.h | 2 +- 9 files changed, 64 insertions(+), 27 deletions(-) rename component/remote_attest/ra_report/{uni_ree_agent.h => uni_ra_agent.h} (89%) diff --git a/component/local_attest/sg_local_attest.h b/component/local_attest/sg_local_attest.h index 97f31ef..e615073 100644 --- a/component/local_attest/sg_local_attest.h +++ b/component/local_attest/sg_local_attest.h @@ -20,6 +20,20 @@ extern "C" { #endif +/** +* [host TEE API] get and verify local attestation report by TA +* [NOTICE] before calling cc_local_attest, the attestation service +* need to be initialized by cc_prepare_ra_env, otherwise get report error +* +* @param[in] taid, the unique ID stirng of target TA +* +* @param[in] img_hash, the static image measure of target TA +* +* @param[in] mem_hash, the static memory measure of target TA +* +* @retval, On success, return 0. +* On error, cc_enclave_result_t errorno is returned. +*/ CC_API_SPEC cc_enclave_result_t cc_local_attest(char *taid, char *img_hash, char *mem_hash); #ifdef __cplusplus diff --git a/component/remote_attest/ra_report/gp_ra_report.c b/component/remote_attest/ra_report/gp_ra_report.c index ca1fa03..29c6a6a 100644 --- a/component/remote_attest/ra_report/gp_ra_report.c +++ b/component/remote_attest/ra_report/gp_ra_report.c @@ -13,7 +13,7 @@ #include <string.h> #include "ra_client_api.h" #include "enclave_log.h" -#include "uni_ree_agent.h" +#include "uni_ra_agent.h" #include "gp_report_helper.h" #define PROVISION_OUT_LEN 0x3000 @@ -71,12 +71,12 @@ static cc_enclave_result_t gp_get_ra_report(cc_get_ra_report_input_t *in, cc_ra_ return CC_SUCCESS; } -static uni_ree_agent_t g_gp_agent = { +static uni_ra_agent_t g_gp_agent = { .tee_type = CC_TEE_TYPE_GP, .prepare_ra_env = gp_prepare_ra_env, .get_ra_report = gp_get_ra_report, }; -static __attribute__((constructor)) void gp_register_ree_agent(void) +static __attribute__((constructor)) void gp_register_ra_agent(void) { - cc_register_ree_agent(&g_gp_agent); + cc_register_ra_agent(&g_gp_agent); } \ No newline at end of file diff --git a/component/remote_attest/ra_report/sg_ra_report.c b/component/remote_attest/ra_report/sg_ra_report.c index 21ad417..20eba26 100644 --- a/component/remote_attest/ra_report/sg_ra_report.c +++ b/component/remote_attest/ra_report/sg_ra_report.c @@ -10,15 +10,15 @@ * See the Mulan PSL v2 for more details. */ #include "sg_ra_report.h" -#include "uni_ree_agent.h" +#include "uni_ra_agent.h" -static uni_ree_agent_t *g_ree_agent = NULL; +static uni_ra_agent_t *g_ra_agent = NULL; cc_enclave_result_t cc_prepare_ra_env(cc_ra_scenario_t scenario) { - if (g_ree_agent == NULL) { - return CC_ERROR_REE_AGENT_NOT_INIT; + if (g_ra_agent == NULL) { + return CC_ERROR_RA_AGENT_NOT_INIT; } - return g_ree_agent->prepare_ra_env(scenario); + return g_ra_agent->prepare_ra_env(scenario); } cc_enclave_result_t cc_get_ra_report(cc_get_ra_report_input_t *in, cc_ra_buf_t *report) @@ -26,13 +26,13 @@ cc_enclave_result_t cc_get_ra_report(cc_get_ra_report_input_t *in, cc_ra_buf_t * if (in == NULL || in->taid == NULL || report == NULL || report->buf == NULL) { return CC_ERROR_BAD_PARAMETERS; } - if (g_ree_agent == NULL) { - return CC_ERROR_REE_AGENT_NOT_INIT; + if (g_ra_agent == NULL) { + return CC_ERROR_RA_AGENT_NOT_INIT; } - return g_ree_agent->get_ra_report(in, report); + return g_ra_agent->get_ra_report(in, report); } -void cc_register_ree_agent(uni_ree_agent_t *agent) +void cc_register_ra_agent(uni_ra_agent_t *agent) { - g_ree_agent = agent; + g_ra_agent = agent; } diff --git a/component/remote_attest/ra_report/sg_ra_report.h b/component/remote_attest/ra_report/sg_ra_report.h index f3294c5..0d0d44f 100644 --- a/component/remote_attest/ra_report/sg_ra_report.h +++ b/component/remote_attest/ra_report/sg_ra_report.h @@ -21,15 +21,22 @@ #ifdef __cplusplus extern "C" { #endif - +/** +* [host REE API] prepare attest environment before get report by attestation service +* +* @param[in] scenario, the scenario of attestation service +* +* @retval, On success, return 0. +* On error, cc_enclave_result_t errorno is returned. +*/ CC_API_SPEC cc_enclave_result_t cc_prepare_ra_env(cc_ra_scenario_t scenario); /** -* get remote attestation report +* [host REE API] get remote attestation report by attestation service * * @param[in] in, bytes of input * -* @param[out] report, remote attestion report, 0x3000 =< len < 0x100000 +* @param[in/out] report, remote attestion report, 0x3000 =< report->len < 0x100000 * * @retval, On success, return 0. * On error, cc_enclave_result_t errorno is returned. diff --git a/component/remote_attest/ra_report/sgx_ra_report.c b/component/remote_attest/ra_report/sgx_ra_report.c index 6bd0bdc..d63474e 100644 --- a/component/remote_attest/ra_report/sgx_ra_report.c +++ b/component/remote_attest/ra_report/sgx_ra_report.c @@ -9,7 +9,7 @@ * PURPOSE. * See the Mulan PSL v2 for more details. */ -#include "uni_ree_agent.h" +#include "uni_ra_agent.h" static cc_enclave_result_t sgx_prepare_ra_env(cc_ra_scenario_t scenario) { @@ -25,12 +25,12 @@ static cc_enclave_result_t sgx_get_ra_report(cc_get_ra_report_input_t *in, cc_ra return CC_SUCCESS; } -static uni_ree_agent_t g_sgx_agent = { +static uni_ra_agent_t g_sgx_agent = { .tee_type = CC_TEE_TYPE_SGX, .prepare_ra_env = sgx_prepare_ra_env, .get_ra_report = sgx_get_ra_report, }; -static __attribute__((constructor)) void sgx_register_ree_agent(void) +static __attribute__((constructor)) void sgx_register_ra_agent(void) { - cc_register_ree_agent(&g_sgx_agent); + cc_register_ra_agent(&g_sgx_agent); } \ No newline at end of file diff --git a/component/remote_attest/ra_report/uni_ree_agent.h b/component/remote_attest/ra_report/uni_ra_agent.h similarity index 89% rename from component/remote_attest/ra_report/uni_ree_agent.h rename to component/remote_attest/ra_report/uni_ra_agent.h index 65a46d1..0801ab9 100644 --- a/component/remote_attest/ra_report/uni_ree_agent.h +++ b/component/remote_attest/ra_report/uni_ra_agent.h @@ -10,8 +10,8 @@ * See the Mulan PSL v2 for more details. */ -#ifndef SECGEAR_UNI_REE_AGENT_H -#define SECGEAR_UNI_REE_AGENT_H +#ifndef SECGEAR_UNI_RA_AGENT_H +#define SECGEAR_UNI_RA_AGENT_H #include <stdint.h> #include "status.h" @@ -33,9 +33,9 @@ typedef struct { cc_tee_type_t tee_type; uni_prepare_ra_env_proc_t prepare_ra_env; uni_get_ra_report_proc_t get_ra_report; -} uni_ree_agent_t; +} uni_ra_agent_t; -void cc_register_ree_agent(uni_ree_agent_t *agent); +void cc_register_ra_agent(uni_ra_agent_t *agent); #ifdef __cplusplus } diff --git a/component/remote_attest/ra_verify/sg_ra_report_verify.h b/component/remote_attest/ra_verify/sg_ra_report_verify.h index b566cef..e5da876 100644 --- a/component/remote_attest/ra_verify/sg_ra_report_verify.h +++ b/component/remote_attest/ra_verify/sg_ra_report_verify.h @@ -20,7 +20,20 @@ #ifdef __cplusplus extern "C" { #endif - +/** +* [verifier API] verify remote attestation report by verifier +* +* @param[in] report, the report of target TA +* +* @param[in] nonce, the nonce generated when get report +* +* @param[in] type, the mode of verify report +* +* @param[in] basevalue, the basevalue file path of target TA, +* +* @retval, On success, return 0. +* On error, cc_enclave_result_t errorno is returned. +*/ CC_API_SPEC cc_enclave_result_t cc_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce, cc_ra_verify_type_t type, char *basevalue); diff --git a/component/secure_channel/client/secure_channel_client.h b/component/secure_channel/client/secure_channel_client.h index e2d0b7e..2f5c13d 100644 --- a/component/secure_channel/client/secure_channel_client.h +++ b/component/secure_channel/client/secure_channel_client.h @@ -55,11 +55,14 @@ typedef enum { /** * secure channel init function +* [Warning] because TA report is big, the conn_kit must have bigger read buffer +* to carry secure channel msg(>=12320bytes). * * @param[in] algo, The algorithm suite of secure channel * * @param[in/out] ctx, The pointer of secure channel context * input need init conn_kit; +* input need init basevalue; the secure channel server's TA basevalue, generated by sign TA * output session_id and cc_sec_chl_handle_t * * @retval, On success, return 0. generate session_key between client and enclave. diff --git a/inc/host_inc/status.h b/inc/host_inc/status.h index 0ecb243..7a7920b 100644 --- a/inc/host_inc/status.h +++ b/inc/host_inc/status.h @@ -87,7 +87,7 @@ typedef enum _enclave_result_t CC_ERROR_RA_REPORT_VERIFY_HASH, CC_ERROR_RA_REPORT_VERIFY_INVALID_TYPE, - CC_ERROR_REE_AGENT_NOT_INIT, + CC_ERROR_RA_AGENT_NOT_INIT, CC_ERROR_RA_VERIFY_AGENT_NOT_INIT, CC_ERROR_LOCAL_REPORT_INVALID, CC_ERROR_LOCAL_REPORT_HASH_MISMATCH, -- 2.33.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2