go/runtime/bundle: Fix MrEnclave invocation on unsigned bundles

oasisprotocol · Apr 4, 2024 · ac3c1c9 · ac3c1c9
1 parent 308dda2
commit ac3c1c9
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 10 deletions.
diff --git a/.changelog/5627.trivial.md b/.changelog/5627.trivial.md
diff --git a/go/runtime/bundle/bundle.go b/go/runtime/bundle/bundle.go
@@ -127,15 +127,6 @@ func (bnd *Bundle) Add(fn string, b []byte) error {
 
 // MrEnclave returns the MRENCLAVE of the SGX excutable.
 func (bnd *Bundle) MrEnclave(id ComponentID) (*sgx.MrEnclave, error) {
-	ei, err := bnd.EnclaveIdentity(id)
-	if err != nil {
-		return nil, err
-	}
-	return &ei.MrEnclave, nil
-}
-
-// EnclaveIdentity returns the SGX enclave identity of the given component.
-func (bnd *Bundle) EnclaveIdentity(id ComponentID) (*sgx.EnclaveIdentity, error) {
 	comp := bnd.Manifest.GetComponentByID(id)
 	if comp == nil {
 		return nil, fmt.Errorf("runtime/bundle: component '%s' not available", id)
@@ -152,6 +143,23 @@ func (bnd *Bundle) EnclaveIdentity(id ComponentID) (*sgx.EnclaveIdentity, error)
 	if err := mrEnclave.FromSgxs(bytes.NewReader(d)); err != nil {
 		return nil, fmt.Errorf("runtime/bundle: failed to derive SGX MRENCLAVE for '%s': %w", id, err)
 	}
+	return &mrEnclave, nil
+}
+
+// EnclaveIdentity returns the SGX enclave identity of the given component.
+func (bnd *Bundle) EnclaveIdentity(id ComponentID) (*sgx.EnclaveIdentity, error) {
+	comp := bnd.Manifest.GetComponentByID(id)
+	if comp == nil {
+		return nil, fmt.Errorf("runtime/bundle: component '%s' not available", id)
+	}
+	if comp.SGX == nil {
+		return nil, fmt.Errorf("runtime/bundle: no SGX metadata for '%s'", id)
+	}
+
+	mrEnclave, err := bnd.MrEnclave(id)
+	if err != nil {
+		return nil, err
+	}
 
 	var mrSigner sgx.MrSigner
 	switch {
@@ -170,7 +178,7 @@ func (bnd *Bundle) EnclaveIdentity(id ComponentID) (*sgx.EnclaveIdentity, error)
 	}
 
 	return &sgx.EnclaveIdentity{
-		MrEnclave: mrEnclave,
+		MrEnclave: *mrEnclave,
 		MrSigner:  mrSigner,
 	}, nil
 }