librats_verify_evidence: fix evidence verification in sgx mode

Signed-off-by: Kun Lai <me@imlk.top>
inclavare-containers · Aug 29, 2023 · da65c6e · da65c6e
1 parent 2615dc7
commit da65c6e
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 12 deletions.
diff --git a/api/librats_verify_attestation_certificate.c b/api/librats_verify_attestation_certificate.c
@@ -36,7 +36,7 @@ rats_verifier_err_t librats_verify_attestation_certificate(
 		rats_global_log_level = conf.log_level;
 	}
 
-	if ((ret = rats_verifier_init(&conf, &ctx)) != RATS_VERIFIER_ERR_NONE)
+	if ((ret = rats_verifier_init(&conf, &ctx, NULL)) != RATS_VERIFIER_ERR_NONE)
 		goto err;
 	verifier_initialized = true;
 	if ((crypto_ret = rats_crypto_wrapper_init(&conf, &ctx)) != CRYPTO_WRAPPER_ERR_NONE) {

diff --git a/api/librats_verify_evidence.c b/api/librats_verify_evidence.c
@@ -18,9 +18,8 @@ rats_verifier_err_t librats_verify_evidence(attestation_evidence_t *evidence, co
 	rats_conf_t conf;
 
 	conf.api_version = RATS_API_VERSION_DEFAULT;
-	memcpy(conf.verifier_type, evidence->type, sizeof(conf.verifier_type));
 
-	if (rats_verifier_init(&conf, &ctx) != RATS_VERIFIER_ERR_NONE)
+	if (rats_verifier_init(&conf, &ctx, evidence) != RATS_VERIFIER_ERR_NONE)
 		return RATS_VERIFIER_ERR_INIT;
 
 	rats_verifier_err_t err = ctx.verifier->opts->verify_evidence(

diff --git a/core/rats_init.c b/core/rats_init.c
@@ -122,7 +122,8 @@ rats_attester_err_t rats_attester_init(rats_conf_t *conf, rats_core_context_t *c
 	return err;
 }
 
-rats_verifier_err_t rats_verifier_init(rats_conf_t *conf, rats_core_context_t *ctx)
+rats_verifier_err_t rats_verifier_init(rats_conf_t *conf, rats_core_context_t *ctx,
+				       attestation_evidence_t *evidence)
 {
 	RATS_DEBUG("called, conf %p\n", conf);
 
@@ -154,14 +155,18 @@ rats_verifier_err_t rats_verifier_init(rats_conf_t *conf, rats_core_context_t *c
 		qsort(rats_verifiers_ctx, rats_verifier_nums, sizeof(rats_verifier_ctx_t *),
 		      rats_verifier_cmp);
 	}
-	/* Select the target verifier to be used */
-	choice = ctx->config.verifier_type;
-	if (choice[0] == '\0') {
-		choice = rats_global_core_context.config.verifier_type;
-		if (choice[0] == '\0')
-			choice = NULL;
+	if (evidence) {
+		err = rats_verifier_select_by_type(ctx, evidence->type);
+	} else {
+		/* Select the target verifier to be used */
+		choice = ctx->config.verifier_type;
+		if (choice[0] == '\0') {
+			choice = rats_global_core_context.config.verifier_type;
+			if (choice[0] == '\0')
+				choice = NULL;
+		}
+		err = rats_verifier_select(ctx, choice);
 	}
-	err = rats_verifier_select(ctx, choice);
 	if (err != RATS_VERIFIER_ERR_NONE)
 		goto err_ctx;
 

diff --git a/include/librats/verifier.h b/include/librats/verifier.h
@@ -30,7 +30,8 @@
 typedef struct rats_core_context rats_core_context_t;
 typedef struct rats_verifier_ctx rats_verifier_ctx_t;
 
-extern rats_verifier_err_t rats_verifier_init(rats_conf_t *conf, rats_core_context_t *ctx);
+extern rats_verifier_err_t rats_verifier_init(rats_conf_t *conf, rats_core_context_t *ctx,
+					      attestation_evidence_t *evidence);
 
 typedef struct rats_verifier_opts {
 	uint8_t api_version;