diff --git a/common/crypto/attestation-api/common/CMakeLists.txt b/common/crypto/attestation-api/common/CMakeLists.txt index 0429b010..d1552fed 100644 --- a/common/crypto/attestation-api/common/CMakeLists.txt +++ b/common/crypto/attestation-api/common/CMakeLists.txt @@ -9,14 +9,14 @@ SET(JWT_PATCHED_FILEPATH ${CMAKE_CURRENT_SOURCE_DIR}/${JWT_PATCHED_FILENAME} PAR ADD_CUSTOM_COMMAND( OUTPUT ${JWT_PATCHED_FILENAME} COMMAND [ ! -f ${JWT_PATCHED_FILENAME} ] && cd jwt-cpp && patch -f -p1 < ../jwt-cpp.patch && touch ../${JWT_PATCHED_FILENAME} || true - WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} - ) + WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} + ) ADD_CUSTOM_TARGET(patch_jwt DEPENDS ${JWT_PATCHED_FILENAME}) # TODO: devise better strategy for clean up; usually the build folder is removed so the clean is not called ADD_CUSTOM_TARGET(clean_patch_jwt COMMAND [ -f ${JWT_PATCHED_FILENAME} ] && cd jwt-cpp && patch -f -p1 -R < ../jwt-cpp.patch && rm ../${JWT_PATCHED_FILENAME} - WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} - ) + WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} + ) diff --git a/common/crypto/attestation-api/common/Makefile b/common/crypto/attestation-api/common/Makefile deleted file mode 100644 index f43bcfce..00000000 --- a/common/crypto/attestation-api/common/Makefile +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright 2023 Intel Corporation -# -# SPDX-License-Identifier: Apache-2.0 - -.jwt-cpp-patched: - cd jwt-cpp && git apply ../jwt-cpp.patch && touch ../.jwt-cpp-patched - -all build test: .jwt-cpp-patched - -clean: - if [ -f .jwt-cpp-patched ]; then \ - cd jwt-cpp && git apply --reverse ../jwt-cpp.patch && rm ../.jwt-cpp-patched ;\ - fi - - diff --git a/common/crypto/attestation-api/common/_yeslogging/Makefile b/common/crypto/attestation-api/common/_yeslogging/Makefile deleted file mode 100644 index 7e07d612..00000000 --- a/common/crypto/attestation-api/common/_yeslogging/Makefile +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright 2020 Intel Corporation -# -# SPDX-License-Identifier: Apache-2.0 - -TOP = ../.. -#include $(TOP)/build.mk - -BUILD_DIR := build - -build: - @if [ ! -d $(BUILD_DIR) ]; then \ - mkdir -p $(BUILD_DIR) && \ - cd $(BUILD_DIR) && \ - cmake ./.. ; \ - fi - $(MAKE) --directory=$(BUILD_DIR) - -test: build - $(MAKE) -C $(BUILD_DIR) test - -clean: - rm -rf $(BUILD_DIR) diff --git a/common/crypto/attestation-api/evidence/verify-dcap-direct-evidence.cpp b/common/crypto/attestation-api/evidence/verify-dcap-direct-evidence.cpp index 59a6086e..bacb6a2d 100644 --- a/common/crypto/attestation-api/evidence/verify-dcap-direct-evidence.cpp +++ b/common/crypto/attestation-api/evidence/verify-dcap-direct-evidence.cpp @@ -56,9 +56,6 @@ void deserialize_collateral(uint8_t* p) bool verify_dcap_direct_evidence(ByteArray& evidence, ByteArray& expected_statement, ByteArray& expected_code_id) { ByteArray quote; - ByteArray certification_data; - uint32_t certification_data_size; - uint16_t certification_data_type; ByteArray collateral; time_t untrusted_time; bool b; @@ -73,7 +70,7 @@ bool verify_dcap_direct_evidence(ByteArray& evidence, ByteArray& expected_statem CATCH(b, root = json::parse(evidence_str)); COND2LOGERR(!b, "bad dcap evidence json"); - //get attestation + //get attestation/quote std::string b64attestation_str; std::string attestation_str; CATCH(b, b64attestation_str = root[ATTESTATION_TAG].template get()); @@ -114,6 +111,10 @@ bool verify_dcap_direct_evidence(ByteArray& evidence, ByteArray& expected_statem //verify quote { + ByteArray certification_data; + uint32_t certification_data_size; + uint16_t certification_data_type; + qvl_status = sgxAttestationGetQECertificationDataSize(quote.data(), quote.size(), &certification_data_size); COND2LOGERR(qvl_status != STATUS_OK, "error certification data size: %x", qvl_status);