fix(enclave): core include paths (#257)

This commit is contained in:
Shoaib Ahmed 2024-10-17 01:31:31 +04:00 committed by GitHub
parent 8d97d5f122
commit 023552c0e6
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 31 additions and 7 deletions

View file

@ -0,0 +1,24 @@
use std::{env, fs, path::PathBuf};
fn main() {
let out_dir = PathBuf::from(env::var("OUT_DIR").unwrap());
let source_dir = PathBuf::from(env::var("CARGO_MANIFEST_DIR").unwrap())
.join("../../../crates/contracts/tee-ra/data");
fs::create_dir_all(&out_dir).unwrap();
let files_to_copy = [
"qe_identity.json",
"root_ca.pem",
"root_crl.der",
"tcb_signer.pem",
];
for file in &files_to_copy {
let source_path = source_dir.join(file);
let target_path = out_dir.join(file);
fs::copy(&source_path, &target_path)
.unwrap_or_else(|_| panic!("Failed to copy {:?}", source_path));
}
}

View file

@ -27,6 +27,11 @@ pub type DefaultAttestor = DcapAttestor;
#[cfg(feature = "mock-sgx")] #[cfg(feature = "mock-sgx")]
pub type DefaultAttestor = MockAttestor; pub type DefaultAttestor = MockAttestor;
const QE_IDENTITY_JSON: &str = include_str!(concat!(env!("OUT_DIR"), "/qe_identity.json"));
const ROOT_CA: &str = include_str!(concat!(env!("OUT_DIR"), "/root_ca.pem"));
const ROOT_CRL: &[u8] = include_bytes!(concat!(env!("OUT_DIR"), "/root_crl.der"));
const TCB_SIGNER: &str = include_str!(concat!(env!("OUT_DIR"), "/tcb_signer.pem"));
/// The trait defines the interface for generating attestations from within an enclave. /// The trait defines the interface for generating attestations from within an enclave.
pub trait Attestor: Send + Sync + 'static { pub trait Attestor: Send + Sync + 'static {
type Error: ToString; type Error: ToString;
@ -101,8 +106,7 @@ impl Attestor for DcapAttestor {
version.major_version = 3; version.major_version = 3;
version.minor_version = 1; version.minor_version = 1;
let mut root_crl = let mut root_crl = ROOT_CRL.to_vec();
include_bytes!("../../../contracts/tee-ra/data/root_crl.der").to_vec();
root_crl.push(0); root_crl.push(0);
sgx_collateral.root_ca_crl = root_crl.as_ptr() as _; sgx_collateral.root_ca_crl = root_crl.as_ptr() as _;
sgx_collateral.root_ca_crl_size = root_crl.len() as u32; sgx_collateral.root_ca_crl_size = root_crl.len() as u32;
@ -117,9 +121,7 @@ impl Attestor for DcapAttestor {
sgx_collateral.pck_crl_issuer_chain = pck_crl_issuer_chain.as_ptr() as _; sgx_collateral.pck_crl_issuer_chain = pck_crl_issuer_chain.as_ptr() as _;
sgx_collateral.pck_crl_issuer_chain_size = pck_crl_issuer_chain.len() as u32; sgx_collateral.pck_crl_issuer_chain_size = pck_crl_issuer_chain.len() as u32;
let root_cert = include_str!("../../../contracts/tee-ra/data/root_ca.pem"); let mut tcb_chain = [TCB_SIGNER, ROOT_CA].join("\n").as_bytes().to_vec();
let tcb_cert = include_str!("../../../contracts/tee-ra/data/tcb_signer.pem");
let mut tcb_chain = [tcb_cert, root_cert].join("\n").as_bytes().to_vec();
tcb_chain.push(0); tcb_chain.push(0);
sgx_collateral.tcb_info_issuer_chain = tcb_chain.as_ptr() as _; sgx_collateral.tcb_info_issuer_chain = tcb_chain.as_ptr() as _;
sgx_collateral.tcb_info_issuer_chain_size = tcb_chain.len() as u32; sgx_collateral.tcb_info_issuer_chain_size = tcb_chain.len() as u32;
@ -131,8 +133,6 @@ impl Attestor for DcapAttestor {
sgx_collateral.qe_identity_issuer_chain = tcb_chain.as_ptr() as _; sgx_collateral.qe_identity_issuer_chain = tcb_chain.as_ptr() as _;
sgx_collateral.qe_identity_issuer_chain_size = tcb_chain.len() as u32; sgx_collateral.qe_identity_issuer_chain_size = tcb_chain.len() as u32;
const QE_IDENTITY_JSON: &str =
include_str!("../../../contracts/tee-ra/data/qe_identity.json");
sgx_collateral.qe_identity = QE_IDENTITY_JSON.as_ptr() as _; sgx_collateral.qe_identity = QE_IDENTITY_JSON.as_ptr() as _;
sgx_collateral.qe_identity_size = QE_IDENTITY_JSON.len() as u32; sgx_collateral.qe_identity_size = QE_IDENTITY_JSON.len() as u32;