harald/vault-auth-tee
1
0
Fork 0
mirror of https://github.com/matter-labs/vault-auth-tee.git synced 2025-07-20 23:33:56 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: enable clearing the sgx_mrsigner and sgx_mrenclave field

Browse source 
Add the ability to clear the `sgx_mrsigner` and `sgx_mrenclave` field.

Otherwise we cannot switch from `sgx_mrenclave` to `sgx_mrsigner` based
authentication.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
This commit is contained in:
Harald Hoyer 2024-02-27 11:55:56 +01:00
parent 0f9a672c99
commit 94c86df4d5
Signed by: harald
GPG key ID: F519A1143B3FBE32
1 changed files with 12 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

8
path_tees.go
View file

@ -249,21 +249,25 @@ func (b *backend) pathTeeWrite(ctx context.Context, req *logical.Request, d *fra
}
func handleSGXConfig(d *framework.FieldData, tee *TeeEntry) (*logical.Response, error) {
if sgxMrsignerRaw, ok := d.GetOk("sgx_mrsigner"); ok && sgxMrsignerRaw.(string) != "" {
if sgxMrsignerRaw, ok := d.GetOk("sgx_mrsigner"); ok {
tee.SgxMrsigner = strings.ToLower(sgxMrsignerRaw.(string))
if tee.SgxMrsigner != "" {
b, err := hex.DecodeString(tee.SgxMrsigner)
if err != nil || len(b) != 32 {
return logical.ErrorResponse("`sgx_mrsigner` must be 32 byte hex encoded"), nil
}
}
}
if sgxMrenclaveRaw, ok := d.GetOk("sgx_mrenclave"); ok && sgxMrenclaveRaw.(string) != "" {
if sgxMrenclaveRaw, ok := d.GetOk("sgx_mrenclave"); ok {
tee.SgxMrenclave = strings.ToLower(sgxMrenclaveRaw.(string))
if tee.SgxMrenclave != "" {
b, err := hex.DecodeString(tee.SgxMrenclave)
if err != nil || len(b) != 32 {
return logical.ErrorResponse("`sgx_mrenclave` must be 32 byte hex encoded"), nil
}
}
}
if tee.SgxMrsigner == "" && tee.SgxMrenclave == "" {
return logical.ErrorResponse("either `sgx_mrsigner` or `sgx_mrenclave` must be set"), nil