More robust SPID checking inside the enclave and cosmetic updates

The enclave only performs length check on the SPID, but it does not check the hex format. Previously this was performed on shell variables. This makes the enclave check more robust. Finally, additional naming updates are pushed to align with current conventions. Signed-off-by: Bruno Vavala <[email protected]>
hyperledger-labs · Apr 9, 2024 · f34f9a0 · f34f9a0
1 parent dc66961
commit f34f9a0
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 3 deletions.
diff --git a/eservice/pdo/eservice/enclave/enclave/enclave.cpp b/eservice/pdo/eservice/enclave/enclave/enclave.cpp
@@ -22,6 +22,7 @@
 #include <stdexcept>
 #include <unistd.h>
 #include <pthread.h>
+#include <algorithm>
 
 #include <sgx_uae_epid.h>
 #include "sgx_support.h"
@@ -327,10 +328,16 @@ namespace pdo {
             const HexEncodedString& inSpid
             )
         {
+            // check SPID length
             pdo::error::ThrowIf<pdo::error::ValueError>(
                 inSpid.length() != 32,
                 "Invalid SPID length");
 
+            // check SPID format
+            pdo::error::ThrowIf<pdo::error::ValueError>(
+                ! std::all_of(inSpid.begin(), inSpid.end(), ::isxdigit),
+                "Invalid SPID format");
+
             HexStringToBinary(this->spid.id, sizeof(this->spid.id), inSpid);
         } // Enclave::SetSpid
 

diff --git a/eservice/pdo/eservice/enclave/enclave_info.cpp b/eservice/pdo/eservice/enclave/enclave_info.cpp
@@ -35,7 +35,7 @@ bool is_sgx_simulator()
 pdo_enclave_info::pdo_enclave_info(
     const std::string& enclaveModulePath,
     const std::string& spid,
-    const int num_of_enclaves
+    const int numberOfEnclaves
     )
 {
     SAFE_LOG1(PDO_LOG_INFO, "Initializing SGX PDO enclave");
@@ -44,7 +44,7 @@ pdo_enclave_info::pdo_enclave_info(
 
     pdo_err_t ret = pdo::enclave_api::base::Initialize(enclaveModulePath,
                                                        spid,
-                                                       num_of_enclaves);
+                                                       numberOfEnclaves);
     ThrowPDOError(ret);
     SAFE_LOG1(PDO_LOG_INFO, "SGX PDO enclave initialized.");
 

diff --git a/eservice/pdo/eservice/enclave/enclave_info.h b/eservice/pdo/eservice/enclave/enclave_info.h
@@ -26,7 +26,7 @@ class pdo_enclave_info
     pdo_enclave_info(
         const std::string& enclaveModulePath,
         const std::string& spid,
-        const int num_of_enclaves
+        const int numberOfEnclaves
         );
     virtual ~pdo_enclave_info();
     std::string get_epid_group();

diff --git a/pservice/pdo/pservice/enclave/enclave/enclave.cpp b/pservice/pdo/pservice/enclave/enclave/enclave.cpp
@@ -21,6 +21,7 @@
 #include <sstream>
 #include <stdexcept>
 #include <unistd.h>
+#include <algorithm>
 
 #include <sgx_uae_epid.h>
 #include "sgx_support.h"
@@ -250,10 +251,16 @@ namespace pdo {
             const HexEncodedString& inSpid
             )
         {
+            // check SPID length
             pdo::error::ThrowIf<pdo::error::ValueError>(
                 inSpid.length() != 32,
                 "Invalid SPID length");
 
+            // check SPID format
+            pdo::error::ThrowIf<pdo::error::ValueError>(
+                ! std::all_of(inSpid.begin(), inSpid.end(), ::isxdigit),
+                "Invalid SPID format");
+
             HexStringToBinary(this->spid.id, sizeof(this->spid.id), inSpid);
         } // Enclave::SetSpid