diff --git a/cosmwasm/enclaves/execute/src/registration/attestation.rs b/cosmwasm/enclaves/execute/src/registration/attestation.rs index 697022c8c..927202287 100644 --- a/cosmwasm/enclaves/execute/src/registration/attestation.rs +++ b/cosmwasm/enclaves/execute/src/registration/attestation.rs @@ -295,41 +295,40 @@ pub fn get_mr_enclave() -> [u8; 32] { #[cfg(feature = "SGX_MODE_HW")] pub fn verify_quote_ecdsa( - vQuote : &Vec, - vCol : &Vec, - nTime: i64, + vec_quote : &Vec, + vec_coll : &Vec, + time_s: i64, ) -> Result<(sgx_report_body_t, sgx_ql_qv_result_t), sgx_status_t> { let mut qe_report: sgx_ql_qe_report_info_t = sgx_ql_qe_report_info_t::default(); - let mut pSupp: [u8; 5000] = [0; 5000]; - let mut nSupp: u32 = 0; - let mut nExpTime: i64 = 0; - let mut nExpStatus: u32 = 0; - let mut qvResult: sgx_ql_qv_result_t = sgx_ql_qv_result_t::default(); + let mut p_supp: [u8; 5000] = [0; 5000]; + let mut n_supp: u32 = 0; + let mut exp_time_s: i64 = 0; + let mut exp_status: u32 = 0; + let mut qv_result: sgx_ql_qv_result_t = sgx_ql_qv_result_t::default(); let mut rt: sgx_status_t = sgx_status_t::default(); - let mut ti: sgx_target_info_t = sgx_target_info_t::default(); let mut ti: sgx_target_info_t = sgx_target_info_t::default(); unsafe { sgx_self_target(&mut ti) }; - let mut res = unsafe { + let res = unsafe { ocall_verify_quote_ecdsa( &mut rt as *mut sgx_status_t, - vQuote.as_ptr(), - vQuote.len() as u32, - vCol.as_ptr(), - vCol.len() as u32, + vec_quote.as_ptr(), + vec_quote.len() as u32, + vec_coll.as_ptr(), + vec_coll.len() as u32, &ti, - nTime, + time_s, &mut qe_report, - pSupp.as_mut_ptr(), - pSupp.len() as u32, - &mut nSupp, - &mut nExpTime, - &mut nExpStatus, - &mut qvResult) + p_supp.as_mut_ptr(), + p_supp.len() as u32, + &mut n_supp, + &mut exp_time_s, + &mut exp_status, + &mut qv_result) }; if res != sgx_status_t::SGX_SUCCESS { @@ -339,30 +338,30 @@ pub fn verify_quote_ecdsa( return Err(rt); } - match qvResult { + match qv_result { sgx_ql_qv_result_t::SGX_QL_QV_RESULT_OK => {}, sgx_ql_qv_result_t::SGX_QL_QV_RESULT_SW_HARDENING_NEEDED => {}, _ => { - trace!("Quote verification result: {}", qvResult); + trace!("Quote verification result: {}", qv_result); return Err(sgx_status_t::SGX_ERROR_UNEXPECTED); } }; // verify the qve report - if nTime != 0 { - nExpTime = nTime; // insist on our time, if supplied + if time_s != 0 { + exp_time_s = time_s; // insist on our time, if supplied } let qve_isvsvn_threshold: sgx_isv_svn_t = 3; let dcap_ret : sgx_quote3_error_t = unsafe { sgx_tvl_verify_qve_report_and_identity( - vQuote.as_ptr(), - vQuote.len() as u32, + vec_quote.as_ptr(), + vec_quote.len() as u32, &qe_report, - nExpTime, - nExpStatus, - qvResult, - pSupp.as_ptr(), - nSupp, + exp_time_s, + exp_status, + qv_result, + p_supp.as_ptr(), + n_supp, qve_isvsvn_threshold) }; if dcap_ret != sgx_quote3_error_t::SGX_QL_SUCCESS { @@ -370,24 +369,24 @@ pub fn verify_quote_ecdsa( return Err(sgx_status_t::SGX_ERROR_UNEXPECTED) } - trace!("nSupp = {}", nSupp); - trace!("nExpTime = {}", nExpTime); - trace!("nExpStatus = {}", nExpStatus); - trace!("qvResult = {}", qvResult); + trace!("n_supp = {}", n_supp); + trace!("exp_time_s = {}", exp_time_s); + trace!("exp_status = {}", exp_status); + trace!("qv_result = {}", qv_result); - if vQuote.len() < mem::size_of::() { + if vec_quote.len() < mem::size_of::() { trace!("Quote too small"); return Err(sgx_status_t::SGX_ERROR_UNEXPECTED); } - let my_pQuote = vQuote.as_ptr() as *const sgx_quote_t; - let report_body = unsafe { (*my_pQuote).report_body }; + let my_p_quote = vec_quote.as_ptr() as *const sgx_quote_t; + let report_body = unsafe { (*my_p_quote).report_body }; trace!("body.mr_signer = {:?}", report_body.mr_signer.m); trace!("body.mr_enclave = {:?}", report_body.mr_enclave.m); trace!("body.report_data = {:?}", report_body.report_data.d); - Ok((report_body, qvResult)) + Ok((report_body, qv_result)) } #[cfg(feature = "SGX_MODE_HW")] @@ -430,20 +429,20 @@ pub fn get_quote_ecdsa( ) }; - if rt != sgx_status_t::SGX_SUCCESS { - trace!("sgx_create_report = {}", rt); + if res != sgx_status_t::SGX_SUCCESS { + trace!("sgx_create_report = {}", res); } - let mut vQuote : Vec = Vec::new(); - vQuote.resize(quote_size as usize, 0); + let mut vec_quote : Vec = Vec::new(); + vec_quote.resize(quote_size as usize, 0); res = unsafe { ocall_get_quote_ecdsa( &mut rt as *mut sgx_status_t, &my_report, - vQuote.as_mut_ptr(), - vQuote.len() as u32) + vec_quote.as_mut_ptr(), + vec_quote.len() as u32) }; if res != sgx_status_t::SGX_SUCCESS { @@ -454,18 +453,18 @@ pub fn get_quote_ecdsa( trace!("rt = {}", rt); } - let mut vCol : Vec = Vec::new(); - vCol.resize(0x4000, 0); - let mut nCol : u32 = 0; + let mut vec_coll : Vec = Vec::new(); + vec_coll.resize(0x4000, 0); + let mut size_coll : u32 = 0; - let mut res = unsafe { + let res = unsafe { ocall_get_quote_ecdsa_collateral( &mut rt as *mut sgx_status_t, - vQuote.as_ptr(), - vQuote.len() as u32, - vCol.as_mut_ptr(), - vCol.len() as u32, - &mut nCol) + vec_quote.as_ptr(), + vec_quote.len() as u32, + vec_coll.as_mut_ptr(), + vec_coll.len() as u32, + &mut size_coll) }; if res != sgx_status_t::SGX_SUCCESS { @@ -476,35 +475,34 @@ pub fn get_quote_ecdsa( trace!("rt = {}", rt); } - trace!("Collateral size = {}", nCol); + trace!("Collateral size = {}", size_coll); - let bAgain = nCol > vCol.len() as u32; - vCol.resize(nCol as usize, 0); + let call_again = size_coll > vec_coll.len() as u32; + vec_coll.resize(size_coll as usize, 0); - //if bAgain + if call_again { unsafe { ocall_get_quote_ecdsa_collateral( &mut rt as *mut sgx_status_t, - vQuote.as_ptr(), - vQuote.len() as u32, - vCol.as_mut_ptr(), - vCol.len() as u32, - &mut nCol) + vec_quote.as_ptr(), + vec_quote.len() as u32, + vec_coll.as_mut_ptr(), + vec_coll.len() as u32, + &mut size_coll) }; } if res == sgx_status_t::SGX_SUCCESS { // test self - let report_body = match verify_quote_ecdsa(&vQuote, &vCol, 0) { + match verify_quote_ecdsa(&vec_quote, &vec_coll, 0) { Ok(r) => { trace!("Self quote verified ok"); if r.1 != sgx_ql_qv_result_t::SGX_QL_QV_RESULT_OK { // TODO: strict policy wrt own quote verification trace!("WARNING: {}", r.1); } - r.0 } Err(e) => { trace!("Self quote verification failed: {}", e); @@ -514,7 +512,7 @@ pub fn get_quote_ecdsa( }; - Ok((vQuote, vCol)) + Ok((vec_quote, vec_coll)) } diff --git a/cosmwasm/enclaves/execute/src/registration/ocalls.rs b/cosmwasm/enclaves/execute/src/registration/ocalls.rs index b43714b9b..909bfa74d 100644 --- a/cosmwasm/enclaves/execute/src/registration/ocalls.rs +++ b/cosmwasm/enclaves/execute/src/registration/ocalls.rs @@ -1,6 +1,6 @@ use sgx_types::{ sgx_epid_group_id_t, sgx_quote_nonce_t, sgx_quote_sign_type_t, sgx_report_t, sgx_spid_t, - sgx_status_t, sgx_target_info_t, sgx_ql_qe_report_info_t, sgx_isv_svn_t, sgx_ql_qv_result_t + sgx_status_t, sgx_target_info_t, sgx_ql_qe_report_info_t, sgx_ql_qv_result_t }; extern "C" { diff --git a/cosmwasm/enclaves/execute/src/registration/offchain.rs b/cosmwasm/enclaves/execute/src/registration/offchain.rs index dba4b3893..78954b422 100644 --- a/cosmwasm/enclaves/execute/src/registration/offchain.rs +++ b/cosmwasm/enclaves/execute/src/registration/offchain.rs @@ -387,7 +387,7 @@ unsafe fn ecall_get_attestation_report_dcap( kp: &KeyPair, ) -> Result<(Vec, Vec), sgx_status_t> { - let (vQuote, vColl) = match get_quote_ecdsa(&kp.get_pubkey()) { + let (vec_quote, vec_coll) = match get_quote_ecdsa(&kp.get_pubkey()) { Ok(r) => r, Err(e) => { warn!("Error creating attestation report"); @@ -395,15 +395,15 @@ unsafe fn ecall_get_attestation_report_dcap( } }; - if let Err(status) = write_to_untrusted(&vQuote, ATTESTATION_DCAP_PATH.as_str()) { + if let Err(status) = write_to_untrusted(&vec_quote, ATTESTATION_DCAP_PATH.as_str()) { return Err(status); } - if let Err(status) = write_to_untrusted(&vColl, COLLATERAL_DCAP_PATH.as_str()) { + if let Err(status) = write_to_untrusted(&vec_coll, COLLATERAL_DCAP_PATH.as_str()) { return Err(status); } - return Ok((vQuote, vColl)); + return Ok((vec_quote, vec_coll)); } @@ -439,17 +439,17 @@ pub unsafe extern "C" fn ecall_get_attestation_report( let mut size_dcap_c : u32 = 0; let res_epid = ecall_get_attestation_report_epid(api_key, api_key_len, &kp); - if let Ok(ref vCert) = res_epid { - size_epid = vCert.len() as u32; + if let Ok(ref vec_cert) = res_epid { + size_epid = vec_cert.len() as u32; } let res_dcap = ecall_get_attestation_report_dcap(&kp); - if let Ok((ref vQuote, ref vColl)) = res_dcap { - size_dcap_q = vQuote.len() as u32; - size_dcap_c = vColl.len() as u32; + if let Ok((ref vec_quote, ref vec_coll)) = res_dcap { + size_dcap_q = vec_quote.len() as u32; + size_dcap_c = vec_coll.len() as u32; } - let mut fOut = match File::create(CERT_COMBINED_PATH.as_str()) { + let mut f_out = match File::create(CERT_COMBINED_PATH.as_str()) { Ok(f) => f, Err(e) => { error!("failed to create file {}", e); @@ -457,17 +457,17 @@ pub unsafe extern "C" fn ecall_get_attestation_report( } }; - fOut.write(&(size_epid as u32).to_le_bytes()); - fOut.write(&(size_dcap_q as u32).to_le_bytes()); - fOut.write(&(size_dcap_c as u32).to_le_bytes()); + f_out.write(&(size_epid as u32).to_le_bytes()); + f_out.write(&(size_dcap_q as u32).to_le_bytes()); + f_out.write(&(size_dcap_c as u32).to_le_bytes()); - if let Ok(ref vCert) = res_epid { - fOut.write_all(vCert.as_slice()); + if let Ok(ref vec_cert) = res_epid { + f_out.write_all(vec_cert.as_slice()); } - if let Ok((vQuote, vColl)) = res_dcap { - fOut.write_all(vQuote.as_slice()); - fOut.write_all(vColl.as_slice()); + if let Ok((vec_quote, vec_coll)) = res_dcap { + f_out.write_all(vec_quote.as_slice()); + f_out.write_all(vec_coll.as_slice()); } if (size_epid == 0) && (size_dcap_q == 0) { diff --git a/cosmwasm/enclaves/execute/src/registration/onchain.rs b/cosmwasm/enclaves/execute/src/registration/onchain.rs index 7922a462a..c2f4e4b7a 100644 --- a/cosmwasm/enclaves/execute/src/registration/onchain.rs +++ b/cosmwasm/enclaves/execute/src/registration/onchain.rs @@ -17,10 +17,7 @@ use enclave_utils::{ validate_const_ptr, validate_mut_ptr, }; -use sgx_types::{sgx_report_body_t, sgx_ql_qv_result_t}; - -#[cfg(feature = "SGX_MODE_HW")] -use enclave_crypto::consts::SIGNING_METHOD; +use sgx_types::sgx_ql_qv_result_t; #[cfg(feature = "SGX_MODE_HW")] use enclave_crypto::consts::SigningMethod; @@ -51,40 +48,40 @@ fn get_current_block_time_s() -> i64 } -pub fn SplitCombinedCert( +pub fn split_combined_cert( cert: *const u8, cert_len: u32, ) -> (Vec, Vec, Vec) { - let mut vCert : Vec = Vec::new(); - let mut vQ : Vec = Vec::new(); - let mut vC : Vec = Vec::new(); + let mut vec_cert : Vec = Vec::new(); + let mut vec_quote : Vec = Vec::new(); + let mut vec_coll : Vec = Vec::new(); let n0 = mem::size_of::() as u32 * 3; if cert_len >= n0 { - let pS = cert as *const u32; - let s0 = u32::from_le( unsafe { *pS } ); - let s1 = u32::from_le( unsafe { *(pS.offset(1)) } ); - let s2 = u32::from_le( unsafe { *(pS.offset(2)) } ); + let p_cert = cert as *const u32; + let s0 = u32::from_le( unsafe { *p_cert } ); + let s1 = u32::from_le( unsafe { *(p_cert.offset(1)) } ); + let s2 = u32::from_le( unsafe { *(p_cert.offset(2)) } ); - let sTotal = + let size_total = (n0 as u64) + (s0 as u64) + (s1 as u64) + (s2 as u64); - if sTotal <= cert_len as u64 + if size_total <= cert_len as u64 { - vCert = unsafe { slice::from_raw_parts(cert.offset(n0 as isize), s0 as usize).to_vec() }; - vQ = unsafe { slice::from_raw_parts(cert.offset((n0 + s0) as isize), s1 as usize).to_vec() }; - vC = unsafe { slice::from_raw_parts(cert.offset((n0 + s0 + s1) as isize), s2 as usize).to_vec() }; + vec_cert = unsafe { slice::from_raw_parts(cert.offset(n0 as isize), s0 as usize).to_vec() }; + vec_quote = unsafe { slice::from_raw_parts(cert.offset((n0 + s0) as isize), s1 as usize).to_vec() }; + vec_coll = unsafe { slice::from_raw_parts(cert.offset((n0 + s0 + s1) as isize), s2 as usize).to_vec() }; } } - (vCert, vQ, vC) + (vec_cert, vec_quote, vec_coll) } /// @@ -125,11 +122,11 @@ pub unsafe extern "C" fn ecall_authenticate_new_node( let mut target_public_key: [u8; 32] = [0u8; 32]; - let (vCert, vQ, vC) = SplitCombinedCert(cert, cert_len); + let (vec_cert, vec_quote, vec_coll) = split_combined_cert(cert, cert_len); - if vQ.is_empty() || vC.is_empty() { + if vec_quote.is_empty() || vec_coll.is_empty() { - if vCert.is_empty() { + if vec_cert.is_empty() { warn!("No valid attestation method provided"); return NodeAuthResult::InvalidCert; } @@ -137,26 +134,26 @@ pub unsafe extern "C" fn ecall_authenticate_new_node( trace!("EPID attestation"); //let result = panic::catch_unwind(|| { - // verify certificate, and return the public key in the extra data of the report - let pk = match verify_ra_cert(cert_slice, None, true) { - Ok(retval) => { - retval - } - Err(e) => { - return e; - } - }; + // verify certificate, and return the public key in the extra data of the report + let pk = match verify_ra_cert(cert_slice, None, true) { + Ok(retval) => { + retval + } + Err(e) => { + return e; + } + }; - // just make sure the length isn't wrong for some reason (certificate may be malformed) - if pk.len() != PUBLIC_KEY_SIZE { - warn!( + // just make sure the length isn't wrong for some reason (certificate may be malformed) + if pk.len() != PUBLIC_KEY_SIZE { + warn!( "Got public key from certificate with the wrong size: {:?}", pk.len() ); - return NodeAuthResult::MalformedPublicKey; - } + return NodeAuthResult::MalformedPublicKey; + } - target_public_key.copy_from_slice(&pk); + target_public_key.copy_from_slice(&pk); // NodeAuthResult::Success // not yet actually //}); @@ -176,7 +173,7 @@ pub unsafe extern "C" fn ecall_authenticate_new_node( trace!("Current block time: {}", tm_s); // test self - let report_body = match verify_quote_ecdsa(&vQ, &vC, tm_s) { + let report_body = match verify_quote_ecdsa(&vec_quote, &vec_coll, tm_s) { Ok(r) => { trace!("Remote quote verified ok"); if r.1 != sgx_ql_qv_result_t::SGX_QL_QV_RESULT_OK { diff --git a/cosmwasm/packages/sgx-vm/src/attestation.rs b/cosmwasm/packages/sgx-vm/src/attestation.rs index 89b26a805..fca7ead7d 100644 --- a/cosmwasm/packages/sgx-vm/src/attestation.rs +++ b/cosmwasm/packages/sgx-vm/src/attestation.rs @@ -3,7 +3,7 @@ use std::os::unix::io::IntoRawFd; use core::mem; use std::{self, ptr}; -use std::ptr::{null, null_mut}; +use std::ptr::{null_mut}; use std::time::{SystemTime, UNIX_EPOCH}; use log::*; @@ -141,24 +141,24 @@ pub extern "C" fn ocall_get_quote( #[no_mangle] pub extern "C" fn ocall_get_quote_ecdsa_params( - pQeInfo: *mut sgx_target_info_t, - pQuoteSize: *mut u32 + p_qe_info: *mut sgx_target_info_t, + p_quote_size: *mut u32 ) -> sgx_status_t { - let mut ret = unsafe { sgx_qe_get_target_info(pQeInfo) }; + let mut ret = unsafe { sgx_qe_get_target_info(p_qe_info) }; if ret != sgx_quote3_error_t::SGX_QL_SUCCESS { trace!("sgx_qe_get_target_info returned {}", ret); return sgx_status_t::SGX_ERROR_UNEXPECTED; } - ret = unsafe { sgx_qe_get_quote_size(pQuoteSize) }; + ret = unsafe { sgx_qe_get_quote_size(p_quote_size) }; if ret != sgx_quote3_error_t::SGX_QL_SUCCESS { trace!("sgx_qe_get_quote_size returned {}", ret); return sgx_status_t::SGX_ERROR_BUSY; } unsafe { - trace!("*pQuoteSize = {}", *pQuoteSize); + trace!("*pQuoteSize = {}", *p_quote_size); } sgx_status_t::SGX_SUCCESS @@ -166,9 +166,9 @@ pub extern "C" fn ocall_get_quote_ecdsa_params( #[no_mangle] pub extern "C" fn ocall_get_quote_ecdsa( - pReport: *const sgx_report_t, - pQuote: *mut u8, - nQuote: u32, + p_report: *const sgx_report_t, + p_quote: *mut u8, + n_quote: u32, ) -> sgx_status_t { trace!("Entering ocall_get_quote_ecdsa"); @@ -176,18 +176,18 @@ pub extern "C" fn ocall_get_quote_ecdsa( //let mut qe_target_info: sgx_target_info_t; //sgx_qe_get_target_info(&qe_target_info); - let mut nQuoteAct: u32 = 0; - let mut ret = unsafe { sgx_qe_get_quote_size(&mut nQuoteAct) }; + let mut n_quote_act: u32 = 0; + let mut ret = unsafe { sgx_qe_get_quote_size(&mut n_quote_act) }; if ret != sgx_quote3_error_t::SGX_QL_SUCCESS { trace!("sgx_qe_get_quote_size returned {}", ret); return sgx_status_t::SGX_ERROR_UNEXPECTED; } - if nQuoteAct > nQuote { + if n_quote_act > n_quote { return sgx_status_t::SGX_ERROR_UNEXPECTED; } - ret = unsafe { sgx_qe_get_quote(pReport, nQuote, pQuote) }; + ret = unsafe { sgx_qe_get_quote(p_report, n_quote, p_quote) }; if ret != sgx_quote3_error_t::SGX_QL_SUCCESS { trace!("sgx_qe_get_quote returned {}", ret); return sgx_status_t::SGX_ERROR_UNEXPECTED; @@ -207,84 +207,81 @@ pub struct QlQveCollateral { pub qe_identity_size: u32 } -fn sgx_ql_qve_collateral_Serialize( - pCol: *const u8, - nCol: u32, - pRes: *mut u8, - nRes: u32, +fn sgx_ql_qve_collateral_serialize( + p_col: *const u8, + n_col: u32, + p_res: *mut u8, + n_res: u32, ) -> u32 { - if nCol < mem::size_of::() as u32 { + if n_col < mem::size_of::() as u32 { return 0; } unsafe { - let pQlCol = pCol as *const sgx_ql_qve_collateral_t; + let p_ql_col = p_col as *const sgx_ql_qve_collateral_t; let size_extra = - (*pQlCol).pck_crl_issuer_chain_size + - (*pQlCol).root_ca_crl_size + - (*pQlCol).pck_crl_size + - (*pQlCol).tcb_info_issuer_chain_size + - (*pQlCol).tcb_info_size + - (*pQlCol).qe_identity_issuer_chain_size + - (*pQlCol).qe_identity_size + (*p_ql_col).pck_crl_issuer_chain_size + + (*p_ql_col).root_ca_crl_size + + (*p_ql_col).pck_crl_size + + (*p_ql_col).tcb_info_issuer_chain_size + + (*p_ql_col).tcb_info_size + + (*p_ql_col).qe_identity_issuer_chain_size + + (*p_ql_col).qe_identity_size ; - if nCol < mem::size_of::() as u32 + size_extra { + if n_col < mem::size_of::() as u32 + size_extra { return 0; } - let outSize: u32 = mem::size_of::() as u32 + size_extra; + let out_size: u32 = mem::size_of::() as u32 + size_extra; - if nRes >= outSize { + if n_res >= out_size { let x = QlQveCollateral { - tee_type : (*pQlCol).tee_type, - pck_crl_issuer_chain_size : (*pQlCol).pck_crl_issuer_chain_size, - root_ca_crl_size : (*pQlCol).root_ca_crl_size, - pck_crl_size : (*pQlCol).pck_crl_size, - tcb_info_issuer_chain_size : (*pQlCol).tcb_info_issuer_chain_size, - tcb_info_size : (*pQlCol).tcb_info_size, - qe_identity_issuer_chain_size : (*pQlCol).qe_identity_issuer_chain_size, - qe_identity_size : (*pQlCol).qe_identity_size + tee_type : (*p_ql_col).tee_type, + pck_crl_issuer_chain_size : (*p_ql_col).pck_crl_issuer_chain_size, + root_ca_crl_size : (*p_ql_col).root_ca_crl_size, + pck_crl_size : (*p_ql_col).pck_crl_size, + tcb_info_issuer_chain_size : (*p_ql_col).tcb_info_issuer_chain_size, + tcb_info_size : (*p_ql_col).tcb_info_size, + qe_identity_issuer_chain_size : (*p_ql_col).qe_identity_issuer_chain_size, + qe_identity_size : (*p_ql_col).qe_identity_size }; - ptr::copy_nonoverlapping(&x as *const QlQveCollateral as *const u8, pRes, mem::size_of::()); + ptr::copy_nonoverlapping(&x as *const QlQveCollateral as *const u8, p_res, mem::size_of::()); let mut offs = mem::size_of::(); - ptr::copy_nonoverlapping((*pQlCol).pck_crl_issuer_chain as *const u8, pRes.add(offs), x.pck_crl_issuer_chain_size as usize); + ptr::copy_nonoverlapping((*p_ql_col).pck_crl_issuer_chain as *const u8, p_res.add(offs), x.pck_crl_issuer_chain_size as usize); offs += x.pck_crl_issuer_chain_size as usize; - ptr::copy_nonoverlapping((*pQlCol).root_ca_crl as *const u8, pRes.add(offs), x.root_ca_crl_size as usize); + ptr::copy_nonoverlapping((*p_ql_col).root_ca_crl as *const u8, p_res.add(offs), x.root_ca_crl_size as usize); offs += x.root_ca_crl_size as usize; - ptr::copy_nonoverlapping((*pQlCol).pck_crl as *const u8, pRes.add(offs), x.pck_crl_size as usize); + ptr::copy_nonoverlapping((*p_ql_col).pck_crl as *const u8, p_res.add(offs), x.pck_crl_size as usize); offs += x.pck_crl_size as usize; - ptr::copy_nonoverlapping((*pQlCol).tcb_info_issuer_chain as *const u8, pRes.add(offs), x.tcb_info_issuer_chain_size as usize); + ptr::copy_nonoverlapping((*p_ql_col).tcb_info_issuer_chain as *const u8, p_res.add(offs), x.tcb_info_issuer_chain_size as usize); offs += x.tcb_info_issuer_chain_size as usize; - ptr::copy_nonoverlapping((*pQlCol).tcb_info as *const u8, pRes.add(offs), x.tcb_info_size as usize); + ptr::copy_nonoverlapping((*p_ql_col).tcb_info as *const u8, p_res.add(offs), x.tcb_info_size as usize); offs += x.tcb_info_size as usize; - ptr::copy_nonoverlapping((*pQlCol).qe_identity_issuer_chain as *const u8, pRes.add(offs), x.qe_identity_issuer_chain_size as usize); + ptr::copy_nonoverlapping((*p_ql_col).qe_identity_issuer_chain as *const u8, p_res.add(offs), x.qe_identity_issuer_chain_size as usize); offs += x.qe_identity_issuer_chain_size as usize; - ptr::copy_nonoverlapping((*pQlCol).qe_identity as *const u8, pRes.add(offs), x.qe_identity_size as usize); - offs += x.qe_identity_size as usize; + ptr::copy_nonoverlapping((*p_ql_col).qe_identity as *const u8, p_res.add(offs), x.qe_identity_size as usize); } - return outSize; + return out_size; }; - - 0; // unreachable } -fn sgx_ql_qve_collateral_Deserialize( - pSer: *const u8, - nSer: u32, +fn sgx_ql_qve_collateral_deserialize( + p_ser: *const u8, + n_ser: u32, ) -> sgx_ql_qve_collateral_t { let mut res = sgx_ql_qve_collateral_t { @@ -306,54 +303,53 @@ fn sgx_ql_qve_collateral_Deserialize( qe_identity_size: 0 }; - if nSer >= mem::size_of::() as u32 { + if n_ser >= mem::size_of::() as u32 { unsafe { - let pQlCol = pSer as *const QlQveCollateral; + let p_ql_col = p_ser as *const QlQveCollateral; let size_extra = - (*pQlCol).pck_crl_issuer_chain_size + - (*pQlCol).root_ca_crl_size + - (*pQlCol).pck_crl_size + - (*pQlCol).tcb_info_issuer_chain_size + - (*pQlCol).tcb_info_size + - (*pQlCol).qe_identity_issuer_chain_size + - (*pQlCol).qe_identity_size + (*p_ql_col).pck_crl_issuer_chain_size + + (*p_ql_col).root_ca_crl_size + + (*p_ql_col).pck_crl_size + + (*p_ql_col).tcb_info_issuer_chain_size + + (*p_ql_col).tcb_info_size + + (*p_ql_col).qe_identity_issuer_chain_size + + (*p_ql_col).qe_identity_size ; - if nSer >= mem::size_of::() as u32 + size_extra { + if n_ser >= mem::size_of::() as u32 + size_extra { res.version = 1; // PCK Cert chain is in the Quote. - res.tee_type = (*pQlCol).tee_type; - res.pck_crl_issuer_chain_size = (*pQlCol).pck_crl_issuer_chain_size; - res.root_ca_crl_size = (*pQlCol).root_ca_crl_size; - res.pck_crl_size = (*pQlCol).pck_crl_size; - res.tcb_info_issuer_chain_size = (*pQlCol).tcb_info_issuer_chain_size; - res.tcb_info_size = (*pQlCol).tcb_info_size; - res.qe_identity_issuer_chain_size = (*pQlCol).qe_identity_issuer_chain_size; - res.qe_identity_size = (*pQlCol).qe_identity_size; + res.tee_type = (*p_ql_col).tee_type; + res.pck_crl_issuer_chain_size = (*p_ql_col).pck_crl_issuer_chain_size; + res.root_ca_crl_size = (*p_ql_col).root_ca_crl_size; + res.pck_crl_size = (*p_ql_col).pck_crl_size; + res.tcb_info_issuer_chain_size = (*p_ql_col).tcb_info_issuer_chain_size; + res.tcb_info_size = (*p_ql_col).tcb_info_size; + res.qe_identity_issuer_chain_size = (*p_ql_col).qe_identity_issuer_chain_size; + res.qe_identity_size = (*p_ql_col).qe_identity_size; let mut offs = mem::size_of::(); - res.pck_crl_issuer_chain = pSer.add(offs) as *mut i8; + res.pck_crl_issuer_chain = p_ser.add(offs) as *mut i8; offs += res.pck_crl_issuer_chain_size as usize; - res.root_ca_crl = pSer.add(offs) as *mut i8; + res.root_ca_crl = p_ser.add(offs) as *mut i8; offs += res.root_ca_crl_size as usize; - res.pck_crl = pSer.add(offs) as *mut i8; + res.pck_crl = p_ser.add(offs) as *mut i8; offs += res.pck_crl_size as usize; - res.tcb_info_issuer_chain = pSer.add(offs) as *mut i8; + res.tcb_info_issuer_chain = p_ser.add(offs) as *mut i8; offs += res.tcb_info_issuer_chain_size as usize; - res.tcb_info = pSer.add(offs) as *mut i8; + res.tcb_info = p_ser.add(offs) as *mut i8; offs += res.tcb_info_size as usize; - res.qe_identity_issuer_chain = pSer.add(offs) as *mut i8; + res.qe_identity_issuer_chain = p_ser.add(offs) as *mut i8; offs += res.qe_identity_issuer_chain_size as usize; - res.qe_identity = pSer.add(offs) as *mut i8; - offs += res.qe_identity_size as usize; + res.qe_identity = p_ser.add(offs) as *mut i8; } } @@ -366,17 +362,17 @@ fn sgx_ql_qve_collateral_Deserialize( #[no_mangle] pub extern "C" fn ocall_get_quote_ecdsa_collateral( - pQuote: *const u8, - nQuote: u32, - pCol: *mut u8, - nCol: u32, - pColOut: *mut u32 + p_quote: *const u8, + n_quote: u32, + p_col: *mut u8, + n_col: u32, + p_col_size: *mut u32 ) -> sgx_status_t { - let mut pColMy : *mut u8 = 0 as *mut u8; - let mut nColMy : u32 = 0; + let mut p_col_my : *mut u8 = 0 as *mut u8; + let mut n_col_my : u32 = 0; - let ret = unsafe { tee_qv_get_collateral(pQuote, nQuote, &mut pColMy, &mut nColMy) }; + let ret = unsafe { tee_qv_get_collateral(p_quote, n_quote, &mut p_col_my, &mut n_col_my) }; if ret != sgx_quote3_error_t::SGX_QL_SUCCESS { trace!("tee_qv_get_collateral returned {}", ret); @@ -385,9 +381,9 @@ pub extern "C" fn ocall_get_quote_ecdsa_collateral( unsafe { - *pColOut = sgx_ql_qve_collateral_Serialize(pColMy, nColMy, pCol, nCol); + *p_col_size = sgx_ql_qve_collateral_serialize(p_col_my, n_col_my, p_col, n_col); - tee_qv_free_collateral(pColMy); + tee_qv_free_collateral(p_col_my); }; sgx_status_t::SGX_SUCCESS @@ -395,49 +391,49 @@ pub extern "C" fn ocall_get_quote_ecdsa_collateral( #[no_mangle] pub extern "C" fn ocall_verify_quote_ecdsa( - pQuote: *const u8, - nQuote:u32, - pCol: *const u8, - nCol:u32, - pTargetInfo: *const sgx_target_info_t, - nTime: i64, + p_quote: *const u8, + n_quote:u32, + p_col: *const u8, + n_col:u32, + p_target_info: *const sgx_target_info_t, + time_s: i64, p_qve_report_info: *mut sgx_ql_qe_report_info_t, - pSuppData: *mut u8, - nSuppData:u32, - pSuppDataActual: *mut u32, - pTime: *mut i64, - pCollateral_expiration_status: *mut u32, - pQvResult: *mut sgx_ql_qv_result_t, + p_supp_data: *mut u8, + n_supp_data:u32, + p_supp_data_size: *mut u32, + p_time_s: *mut i64, + p_collateral_expiration_status: *mut u32, + p_qv_result: *mut sgx_ql_qv_result_t, ) -> sgx_status_t { - let mut nTimeUse :time_t = nTime; - if nTime == 0 { - nTimeUse = SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() as time_t; + let mut time_use_s :time_t = time_s; + if time_s == 0 { + time_use_s = SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() as time_t; } unsafe { sgx_qv_set_enclave_load_policy(sgx_ql_request_policy_t::SGX_QL_PERSISTENT); - sgx_qv_get_quote_supplemental_data_size(pSuppDataActual); + sgx_qv_get_quote_supplemental_data_size(p_supp_data_size); - if *pSuppDataActual > nSuppData { + if *p_supp_data_size > n_supp_data { return sgx_status_t::SGX_ERROR_UNEXPECTED; } - (*p_qve_report_info).app_enclave_target_info = *pTargetInfo; + (*p_qve_report_info).app_enclave_target_info = *p_target_info; - let myCol = sgx_ql_qve_collateral_Deserialize(pCol, nCol); + let my_col = sgx_ql_qve_collateral_deserialize(p_col, n_col); sgx_qv_verify_quote( - pQuote, nQuote, - &myCol, - nTimeUse, - pCollateral_expiration_status, - pQvResult, + p_quote, n_quote, + &my_col, + time_use_s, + p_collateral_expiration_status, + p_qv_result, p_qve_report_info, - *pSuppDataActual, - pSuppData); + *p_supp_data_size, + p_supp_data); - *pTime = nTimeUse; + *p_time_s = time_use_s; }; sgx_status_t::SGX_SUCCESS