fix(enclave): core include paths (#257)

2024-10-17 01:31:31 +04:00 · 2024-10-17 01:31:31 +04:00 · 023552c0e6
commit 023552c0e6
parent 8d97d5f122
2 changed files with 31 additions and 7 deletions
--- a/crates/enclave/core/build.rs
+++ b/crates/enclave/core/build.rs
@ -0,0 +1,24 @@
+use std::{env, fs, path::PathBuf};
+
+fn main() {
+    let out_dir = PathBuf::from(env::var("OUT_DIR").unwrap());
+    let source_dir = PathBuf::from(env::var("CARGO_MANIFEST_DIR").unwrap())
+        .join("../../../crates/contracts/tee-ra/data");
+
+    fs::create_dir_all(&out_dir).unwrap();
+
+    let files_to_copy = [
+        "qe_identity.json",
+        "root_ca.pem",
+        "root_crl.der",
+        "tcb_signer.pem",
+    ];
+
+    for file in &files_to_copy {
+        let source_path = source_dir.join(file);
+        let target_path = out_dir.join(file);
+
+        fs::copy(&source_path, &target_path)
+            .unwrap_or_else(|_| panic!("Failed to copy {:?}", source_path));
+    }
+}
--- a/crates/enclave/core/src/attestor.rs
+++ b/crates/enclave/core/src/attestor.rs
@ -27,6 +27,11 @@ pub type DefaultAttestor = DcapAttestor;
 #[cfg(feature = "mock-sgx")]
 pub type DefaultAttestor = MockAttestor;

+const QE_IDENTITY_JSON: &str = include_str!(concat!(env!("OUT_DIR"), "/qe_identity.json"));
+const ROOT_CA: &str = include_str!(concat!(env!("OUT_DIR"), "/root_ca.pem"));
+const ROOT_CRL: &[u8] = include_bytes!(concat!(env!("OUT_DIR"), "/root_crl.der"));
+const TCB_SIGNER: &str = include_str!(concat!(env!("OUT_DIR"), "/tcb_signer.pem"));
+
 /// The trait defines the interface for generating attestations from within an enclave.
 pub trait Attestor: Send + Sync + 'static {
    type Error: ToString;
@ -101,8 +106,7 @@ impl Attestor for DcapAttestor {
            version.major_version = 3;
            version.minor_version = 1;

-            let mut root_crl =
-                include_bytes!("../../../contracts/tee-ra/data/root_crl.der").to_vec();
+            let mut root_crl = ROOT_CRL.to_vec();
            root_crl.push(0);
            sgx_collateral.root_ca_crl = root_crl.as_ptr() as _;
            sgx_collateral.root_ca_crl_size = root_crl.len() as u32;
@ -117,9 +121,7 @@ impl Attestor for DcapAttestor {
            sgx_collateral.pck_crl_issuer_chain = pck_crl_issuer_chain.as_ptr() as _;
            sgx_collateral.pck_crl_issuer_chain_size = pck_crl_issuer_chain.len() as u32;

-            let root_cert = include_str!("../../../contracts/tee-ra/data/root_ca.pem");
-            let tcb_cert = include_str!("../../../contracts/tee-ra/data/tcb_signer.pem");
-            let mut tcb_chain = [tcb_cert, root_cert].join("\n").as_bytes().to_vec();
+            let mut tcb_chain = [TCB_SIGNER, ROOT_CA].join("\n").as_bytes().to_vec();
            tcb_chain.push(0);
            sgx_collateral.tcb_info_issuer_chain = tcb_chain.as_ptr() as _;
            sgx_collateral.tcb_info_issuer_chain_size = tcb_chain.len() as u32;
@ -131,8 +133,6 @@ impl Attestor for DcapAttestor {
            sgx_collateral.qe_identity_issuer_chain = tcb_chain.as_ptr() as _;
            sgx_collateral.qe_identity_issuer_chain_size = tcb_chain.len() as u32;

-            const QE_IDENTITY_JSON: &str =
-                include_str!("../../../contracts/tee-ra/data/qe_identity.json");
            sgx_collateral.qe_identity = QE_IDENTITY_JSON.as_ptr() as _;
            sgx_collateral.qe_identity_size = QE_IDENTITY_JSON.len() as u32;