Open zhiminghufighting opened 2 years ago
According to the discussion, there are 3 options:
OPT 1:cherry pick the necessary SM2/3 source code chunks to openssl used by rats-tls OPT 2:call openssl/babassl high level APIs for SM2/3 OPT 3:implement enclavazation for babassl
Background: rats-tls need to support Secure and trusted communication of heterogeneous HW-TEE nodes.
image
As shown in above picture: Step 1: enclave-tls-server running in SGX node will generate ecdsa cert and verify CSV cert. Step2: enclave-tls-client running in CSV node will generate csv cert and verify SGX ecdsa cert.
Problem: Right now, I have added CSV verifier libverifier_csv.so and attester libattester_csv.so. The problem is how can enclave-tls-server running in SGX node verify CSV cert with libverifier_csv.so while generating SGX cert? Since all codes are running enclave in SGX enclave, how can enclave-tls-server running in enclave registers csv verifier and calls csv verifier to verify CSV cert?