Skip to content

Commit

Permalink
added internal dcap quote verification method
Browse files Browse the repository at this point in the history
  • Loading branch information
valdok committed Feb 8, 2024
1 parent 6b83605 commit 869a5d8
Showing 1 changed file with 87 additions and 55 deletions.
142 changes: 87 additions & 55 deletions cosmwasm/enclaves/execute/src/registration/attestation.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ use sgx_tcrypto::rsgx_sha256_slice;

use sgx_tcrypto::SgxEccHandle;

use sgx_types::{sgx_create_report, sgx_quote_sign_type_t, sgx_status_t, sgx_self_target,
use sgx_types::{sgx_create_report, sgx_quote_sign_type_t, sgx_status_t, sgx_self_target, sgx_report_body_t,
sgx_ql_qe_report_info_t, sgx_isv_svn_t, sgx_ql_qv_result_t, sgx_quote3_error_t, sgx_tvl_verify_qve_report_and_identity, sgx_quote_t};

#[cfg(feature = "SGX_MODE_HW")]
Expand Down Expand Up @@ -291,6 +291,78 @@ pub fn get_mr_enclave() -> [u8; 32] {
}


#[cfg(feature = "SGX_MODE_HW")]
pub fn verify_quote_ecdsa(
vQuote : &Vec<u8>
) -> Result<(sgx_report_body_t), sgx_status_t>
{
let mut qe_report: sgx_ql_qe_report_info_t = sgx_ql_qe_report_info_t::default();
let mut pSupp: [u8; 5000] = [0; 5000];
let mut nSupp: u32 = 0;
let mut nExpTime: i64 = 0;
let mut nExpStatus: u32 = 0;
let mut qve_isvsvn_threshold: sgx_isv_svn_t = sgx_isv_svn_t::default();
let mut qvResult: sgx_ql_qv_result_t = sgx_ql_qv_result_t::default();
let mut rt: sgx_status_t = sgx_status_t::default();
let mut ti: sgx_target_info_t = sgx_target_info_t::default();

let mut ti: sgx_target_info_t = sgx_target_info_t::default();
unsafe {
sgx_self_target(&mut ti)
};

let mut res = unsafe {
ocall_verify_quote_ecdsa(
&mut rt as *mut sgx_status_t,
vQuote.as_ptr(),
vQuote.len() as u32,
&ti,
&mut qe_report,
pSupp.as_mut_ptr(),
pSupp.len() as u32,
&mut nSupp,
&mut nExpTime,
&mut nExpStatus,
&mut qve_isvsvn_threshold,
&mut qvResult)
};

trace!("ocall_verify_quote_ecdsa res = {}", res);
trace!("rt = {}", rt);
trace!("nSupp = {}", nSupp);
trace!("nExpTime = {}", nExpTime);
trace!("nExpStatus = {}", nExpStatus);
trace!("qve_isvsvn_threshold = {}", qve_isvsvn_threshold);
trace!("qvResult = {}", qvResult);

// verify the qve report
let dcap_ret : sgx_quote3_error_t = unsafe { sgx_tvl_verify_qve_report_and_identity(
vQuote.as_ptr(),
vQuote.len() as u32,
&qe_report,
nExpTime,
nExpStatus,
qvResult,
pSupp.as_ptr(),
nSupp,
qve_isvsvn_threshold) };

trace!("dcap_ret = {}", dcap_ret);

//trace!("qe_report.qe_report.body.mr_signer = {:?}", qe_report.qe_report.body.mr_signer.m);
//trace!("qe_report.qe_report.body.mr_enclave = {:?}", qe_report.qe_report.body.mr_enclave.m);
//trace!("qe_report.qe_report.body.report_data = {:?}", qe_report.qe_report.body.report_data.d);

let my_pQuote = vQuote.as_ptr() as *const sgx_quote_t;
let myQuote : sgx_quote_t = unsafe { *my_pQuote };

trace!("body.mr_signer = {:?}", myQuote.report_body.mr_signer.m);
trace!("body.mr_enclave = {:?}", myQuote.report_body.mr_enclave.m);
trace!("body.report_data = {:?}", myQuote.report_body.report_data.d);

Ok(myQuote.report_body)
}

#[cfg(feature = "SGX_MODE_HW")]
pub fn get_quote_ecdsa(
pub_k: &[u8; 32],
Expand Down Expand Up @@ -323,8 +395,7 @@ pub fn get_quote_ecdsa(
let mut report_data: sgx_report_data_t = sgx_report_data_t::default();
let mut my_report: sgx_report_t = sgx_report_t::default();

report_data.d[0] = 11;
report_data.d[1] = 22;
report_data.d[..32].copy_from_slice(pub_k);

res = unsafe {
sgx_create_report(
Expand All @@ -345,67 +416,28 @@ pub fn get_quote_ecdsa(
&mut rt as *mut sgx_status_t,
&my_report,
vQuote.as_mut_ptr(),
quote_size)
vQuote.len() as u32)
};

trace!("ocall_get_quote_ecdsa res = {}", res);

if res == sgx_status_t::SGX_SUCCESS
{
let mut ti: sgx_target_info_t = sgx_target_info_t::default();
unsafe {
sgx_self_target(&mut ti)
// test self
let res = match verify_quote_ecdsa(&vQuote) {
Ok(r) => {
r
}
Err(e) => {
trace!("Self quote verification failed: {}", e);
return Err(e);
}
};

let mut qe_report: sgx_ql_qe_report_info_t = sgx_ql_qe_report_info_t::default();
let mut pSupp: [u8; 5000] = [0; 5000];
let mut nSupp: u32 = 0;
let mut nExpTime: i64 = 0;
let mut nExpStatus: u32 = 0;
let mut qve_isvsvn_threshold: sgx_isv_svn_t = sgx_isv_svn_t::default();
let mut qvResult: sgx_ql_qv_result_t = sgx_ql_qv_result_t::default();

res = unsafe {
ocall_verify_quote_ecdsa(
&mut rt as *mut sgx_status_t,
vQuote.as_ptr(),
quote_size,
&ti,
&mut qe_report,
pSupp.as_mut_ptr(),
pSupp.len() as u32,
&mut nSupp,
&mut nExpTime,
&mut nExpStatus,
&mut qve_isvsvn_threshold,
&mut qvResult)
};

trace!("ocall_verify_quote_ecdsa res = {}", res);
trace!("rt = {}", rt);
trace!("nSupp = {}", nSupp);
trace!("nExpTime = {}", nExpTime);
trace!("nExpStatus = {}", nExpStatus);
trace!("qve_isvsvn_threshold = {}", qve_isvsvn_threshold);
trace!("qvResult = {}", qvResult);

// verify the qve report
let dcap_ret : sgx_quote3_error_t = unsafe { sgx_tvl_verify_qve_report_and_identity(
vQuote.as_ptr(),
quote_size,
&qe_report,
nExpTime,
nExpStatus,
qvResult,
pSupp.as_ptr(),
nSupp,
qve_isvsvn_threshold) };

trace!("dcap_ret = {}", dcap_ret);

trace!("qe_report.qe_report.body.mr_signer = {:?}", qe_report.qe_report.body.mr_signer.m);
trace!("qe_report.qe_report.body.mr_enclave = {:?}", qe_report.qe_report.body.mr_enclave.m);
trace!("qe_report.qe_report.body.report_data = {:?}", qe_report.qe_report.body.report_data.d);
trace!("qe_report.qe_report.body.mr_signer = {:?}", res.mr_signer.m);
trace!("qe_report.qe_report.body.mr_enclave = {:?}", res.mr_enclave.m);
trace!("qe_report.qe_report.body.report_data = {:?}", res.report_data.d);

let my_pQuote = vQuote.as_ptr() as *const sgx_quote_t;
let myQuote : sgx_quote_t = unsafe { *my_pQuote };
Expand Down

0 comments on commit 869a5d8

Please sign in to comment.