Update attestation verification with additional quote statuses (#610)

* fix cpp linter string * update attestation API with newer report verification capability * update pdo with new crypto lib Signed-off-by: Bruno Vavala <[email protected]>
hyperledger · Aug 6, 2021 · 7c2a146 · 7c2a146
1 parent f9c5a88
commit 7c2a146
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 5 deletions.
diff --git a/common/crypto/CMakeLists.txt b/common/crypto/CMakeLists.txt
@@ -23,6 +23,7 @@ FILE(GLOB PROJECT_SOURCES
     "pdo-crypto-c-wrapper.cpp"
     "$ENV{FPC_PATH}/common/base64/base64.cpp"
     "$ENV{FPC_PATH}/common/json/parson.c"
+    "$ENV{FPC_PATH}/common/utils.c" #for append_string in parson
     "attestation-api/evidence/*.cpp"
     )
 

diff --git a/common/crypto/attestation-api/evidence/verify-evidence.cpp b/common/crypto/attestation-api/evidence/verify-evidence.cpp
@@ -150,9 +150,11 @@ bool verify_ias_evidence(
 
     {
         // verify report status
-        const int group_out_of_date_ok = 1;
-        COND2LOGERR(VERIFY_SUCCESS != verify_enclave_quote_status(ias_report.c_str(),
-                                          ias_report.length(), group_out_of_date_ok),
+        const unsigned int flags = QSF_ACCEPT_GROUP_OUT_OF_DATE | QSF_ACCEPT_CONFIGURATION_NEEDED |
+                                   QSF_ACCEPT_SW_HARDENING_NEEDED |
+                                   QSF_ACCEPT_CONFIGURATION_AND_SW_HARDENING_NEEDED;
+        COND2LOGERR(VERIFY_SUCCESS !=
+                        verify_enclave_quote_status(ias_report.c_str(), ias_report.length(), flags),
             "invalid quote status");
     }
 

diff --git a/common/crypto/pdo b/common/crypto/pdo
diff --git a/scripts/cpplinter.sh b/scripts/cpplinter.sh
@@ -48,7 +48,7 @@ done
 #if check fails, provide instructions for fixing the format
 if [[ $RET != 0 ]]
 then
-    echo "Format check failed. Run '$0 DO_FORMAT' to fix the format."
+    echo "Format check failed. Run '$0 <top folder> DO_FORMAT' to fix the format."
 fi
 
 exit $RET
+2 −1		.clang-format
+1 −1		common/crypto/CMakeLists.txt
+92 −38		common/crypto/verify_ias_report/verify-report.cpp
+33 −9		common/crypto/verify_ias_report/verify-report.h
+428 −165		common/tests/crypto/testCrypto.cpp
+0 −1		contracts/wawaka/CMakeLists.txt
+66 −77		contracts/wawaka/common/Cryptography.cpp
+33 −33		contracts/wawaka/common/Cryptography.h
+5 −14		contracts/wawaka/common/Environment.cpp
+9 −7		contracts/wawaka/common/Environment.h
+24 −28		contracts/wawaka/common/KeyValue.cpp
+54 −11		contracts/wawaka/common/KeyValue.h
+4 −0		contracts/wawaka/common/Response.h
+0 −215		contracts/wawaka/common/StringArray.cpp
+0 −50		contracts/wawaka/common/StringArray.h
+51 −0		contracts/wawaka/common/Types.cpp
+65 −0		contracts/wawaka/common/Types.h
+6 −12		contracts/wawaka/common/Util.cpp
+6 −6		contracts/wawaka/common/Util.h
+91 −7		contracts/wawaka/common/Value.cpp
+16 −10		contracts/wawaka/common/Value.h
+2 −1		contracts/wawaka/contract-build.cmake
+0 −22		contracts/wawaka/exchange/CMakeLists.txt
+0 −212		contracts/wawaka/exchange/contracts/asset_type.cpp
+0 −121		contracts/wawaka/exchange/contracts/common/Asset.cpp
+0 −68		contracts/wawaka/exchange/contracts/common/Asset.h
+0 −135		contracts/wawaka/exchange/contracts/common/AuthoritativeAsset.cpp
+0 −61		contracts/wawaka/exchange/contracts/common/AuthoritativeAsset.h
+0 −31		contracts/wawaka/exchange/contracts/common/Common.h
+0 −127		contracts/wawaka/exchange/contracts/common/EscrowClaim.cpp
+0 −63		contracts/wawaka/exchange/contracts/common/EscrowClaim.h
+0 −158		contracts/wawaka/exchange/contracts/common/IssuerAuthority.cpp
+0 −73		contracts/wawaka/exchange/contracts/common/IssuerAuthority.h
+0 −138		contracts/wawaka/exchange/contracts/common/IssuerAuthorityChain.cpp
+0 −58		contracts/wawaka/exchange/contracts/common/IssuerAuthorityChain.h
+0 −165		contracts/wawaka/exchange/contracts/common/LedgerEntry.cpp
+0 −64		contracts/wawaka/exchange/contracts/common/LedgerEntry.h
+0 −104		contracts/wawaka/exchange/contracts/common/LedgerStore.cpp
+0 −41		contracts/wawaka/exchange/contracts/common/LedgerStore.h
+0 −66		contracts/wawaka/exchange/contracts/common/StateReference.cpp
+0 −52		contracts/wawaka/exchange/contracts/common/StateReference.h
+0 −160		contracts/wawaka/exchange/contracts/exchange_base.cpp
+0 −58		contracts/wawaka/exchange/contracts/exchange_base.h
+0 −535		contracts/wawaka/exchange/contracts/issuer.cpp
+0 −330		contracts/wawaka/exchange/contracts/issuer_authority_base.cpp
+0 −49		contracts/wawaka/exchange/contracts/issuer_authority_base.h
+0 −127		contracts/wawaka/exchange/contracts/vetting_organization.cpp
+0 −97		contracts/wawaka/exchange/doc/asset_type.json
+0 −330		contracts/wawaka/exchange/doc/auction.json
+0 −272		contracts/wawaka/exchange/doc/basetypes.json
+0 −183		contracts/wawaka/exchange/doc/exchange.json
+0 −295		contracts/wawaka/exchange/doc/issuer.json
+0 −113		contracts/wawaka/exchange/doc/vetting_organization.json
+0 −105		contracts/wawaka/exchange/plugins/asset_type.py
+0 −258		contracts/wawaka/exchange/plugins/issuer.py
+0 −139		contracts/wawaka/exchange/plugins/vetting.py
+0 −111		contracts/wawaka/exchange/scripts/README.md
+0 −39		contracts/wawaka/exchange/scripts/approve_issuer.psh
+0 −28		contracts/wawaka/exchange/scripts/create_eservice_db.psh
+0 −35		contracts/wawaka/exchange/scripts/create_issuer.psh
+0 −33		contracts/wawaka/exchange/scripts/create_type.psh
+0 −34		contracts/wawaka/exchange/scripts/create_vetting.psh
+0 −235		contracts/wawaka/exchange/scripts/functional_test.psh
+0 −28		contracts/wawaka/exchange/scripts/init.psh
+0 −44		contracts/wawaka/exchange/scripts/initialize_issuer.psh
+0 −45		contracts/wawaka/exchange/scripts/issue.psh
+0 −59		contracts/wawaka/exchange/scripts/run-tests.sh
+0 −74		contracts/wawaka/exchange/scripts/setup.sh
+12 −12		contracts/wawaka/interface-test/interface-test.cpp
+43 −46		contracts/wawaka/interpreter-test/interpreter-test.cpp
+14 −23		contracts/wawaka/memory-test/memory-test.cpp
+6 −7		contracts/wawaka/mock-contract/mock-contract.cpp
+2 −2		pservice/lib/libpdo_enclave/secret_enclave.cpp