You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@teaclave.apache.org by ms...@apache.org on 2020/03/09 16:06:52 UTC
[incubator-teaclave] branch develop updated: [attestation]: Fix a
typo and add some doc (#233)
This is an automated email from the ASF dual-hosted git repository.
mssun pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/incubator-teaclave.git
The following commit(s) were added to refs/heads/develop by this push:
new 489dcb5 [attestation]: Fix a typo and add some doc (#233)
489dcb5 is described below
commit 489dcb57cbf9d04d8d95a2bc7e9480fd1204cbf9
Author: Sammy <li...@baidu.com>
AuthorDate: Tue Mar 10 00:06:39 2020 +0800
[attestation]: Fix a typo and add some doc (#233)
---
attestation/src/attestation.rs | 2 +-
attestation/src/key.rs | 11 +++++++++--
attestation/src/platform.rs | 4 ++--
3 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/attestation/src/attestation.rs b/attestation/src/attestation.rs
index c7ddf07..881c7ab 100644
--- a/attestation/src/attestation.rs
+++ b/attestation/src/attestation.rs
@@ -63,7 +63,7 @@ impl RemoteAttestation {
impl AttestedTlsConfig {
fn new(attestation_config: &AttestationConfig) -> Result<AttestedTlsConfig> {
- let key_pair = key::Secp256k1KeyPair::new()?;
+ let key_pair = key::NistP256KeyPair::new()?;
let report = match attestation_config {
AttestationConfig::NoAttestation => EndorsedAttestationReport::default(),
AttestationConfig::WithAttestation(config) => {
diff --git a/attestation/src/key.rs b/attestation/src/key.rs
index 8696fba..ebf99c5 100644
--- a/attestation/src/key.rs
+++ b/attestation/src/key.rs
@@ -22,12 +22,14 @@ use std::prelude::v1::*;
pub const CERT_VALID_DAYS: i64 = 90i64;
-pub struct Secp256k1KeyPair {
+/// NistP256KeyPair stores a pair of ECDSA (private, public) key based on the NIST P-256 curve
+/// (a.k.a secp256r1).
+pub struct NistP256KeyPair {
prv_k: sgx_ec256_private_t,
pub pub_k: sgx_ec256_public_t,
}
-impl Secp256k1KeyPair {
+impl NistP256KeyPair {
pub fn new() -> Result<Self> {
let ecc_handle = SgxEccHandle::new();
ecc_handle.open()?;
@@ -70,6 +72,11 @@ impl Secp256k1KeyPair {
})
}
+ /// create_cert_with_extension makes a self-signed x509-v3 cert with SGX attestation report as
+ /// extensions.
+ /// @reference [Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile][1]
+ ///
+ /// [1]: https://tools.ietf.org/pdf/rfc5280.pdf
pub fn create_cert_with_extension(
&self,
issuer: &str,
diff --git a/attestation/src/platform.rs b/attestation/src/platform.rs
index 08449f8..2bac1ec 100644
--- a/attestation/src/platform.rs
+++ b/attestation/src/platform.rs
@@ -149,14 +149,14 @@ pub mod tests {
fn test_create_sgx_isv_enclave_report() {
let (_ak_id, qe_target_info) = init_sgx_quote().unwrap();
- let key_pair = key::Secp256k1KeyPair::new().unwrap();
+ let key_pair = key::NistP256KeyPair::new().unwrap();
let sgx_report_result = create_sgx_isv_enclave_report(key_pair.pub_k, qe_target_info);
assert!(sgx_report_result.is_ok());
}
fn test_get_sgx_quote() {
let (ak_id, qe_target_info) = init_sgx_quote().unwrap();
- let key_pair = key::Secp256k1KeyPair::new().unwrap();
+ let key_pair = key::NistP256KeyPair::new().unwrap();
let sgx_report = create_sgx_isv_enclave_report(key_pair.pub_k, qe_target_info).unwrap();
let quote_result = get_sgx_quote(&ak_id, sgx_report);
assert!(quote_result.is_ok());
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@teaclave.apache.org
For additional commands, e-mail: commits-help@teaclave.apache.org