Skip to content

I
inclavare-containers

openanolis / inclavare-containers

通知 4
Star 7
Fork 0
I
inclavare-containers
切换分支/标签
查找文件 普通视图历史永久链接Permalink
gen-quote.go 2.2 KB
Newer Older
Y
runectl && sgx-tools: rename runectl as sgx-tools.  
YiLin.Li 已提交
1 
package main // import "github.com/inclavare-containers/sgx-tools"
jia zhang's avatar
rune && runectl: Support to retrieve enclave quote from aesm service  
jia zhang 已提交
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 

import (
	"fmt"
	"github.com/opencontainers/runc/libenclave/intelsgx"
	"github.com/sirupsen/logrus"
	"github.com/urfave/cli"
	"io"
	"io/ioutil"
	"os"
)

var generateQuoteCommand = cli.Command{
	Name:  "gen-quote",
	Usage: "retrieve a quote from aesmd",
	ArgsUsage: `[command options]

EXAMPLE:
For example, generate the quote file according to the given local report file:
Y
runectl && sgx-tools: rename runectl as sgx-tools.  
YiLin.Li 已提交
21 
	# sgx-tools gen-quote --report foo.rep`,
jia zhang's avatar
rune && runectl: Support to retrieve enclave quote from aesm service  
jia zhang 已提交
22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 
	Flags: []cli.Flag{
		cli.StringFlag{
			Name:  "report",
			Usage: "path to the input report file containing REPORT",
		},
		cli.StringFlag{
			Name:  "quote",
			Usage: "path to the output quote file containing QUOTE",
		},
		cli.StringFlag{
			Name:  "spid",
			Usage: "spid",
		},
		cli.BoolFlag{
			Name:  "linkable",
Y
rune: add attest command to support to remote attestation.  
YiLin.Li 已提交
37 
			Usage: "specify the EPID signatures policy type",
jia zhang's avatar
rune && runectl: Support to retrieve enclave quote from aesm service  
jia zhang 已提交
38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 
		},
	},
	Action: func(context *cli.Context) error {
		reportPath := context.String("report")
		if reportPath == "" {
			return fmt.Errorf("report argument cannot be empty")
		}

		spid := context.String("spid")
		if spid == "" {
			return fmt.Errorf("spid argument cannot be empty")
		}

		if context.GlobalBool("verbose") {
			logrus.SetLevel(logrus.DebugLevel)
		}

		quotePath := context.String("quote")
		if quotePath == "" {
			quotePath = "quote.bin"
		}

		rf, err := os.Open(reportPath)
		if err != nil {
			if os.IsNotExist(err) {
				return fmt.Errorf("report file %s not found", reportPath)
			}
			return err
		}
		defer rf.Close()

		var rfi os.FileInfo
		rfi, err = rf.Stat()
		if err != nil {
			return err
		}

		if rfi.Size() != intelsgx.ReportLength {
			return fmt.Errorf("report file %s not match REPORT", reportPath)
		}

		buf := make([]byte, intelsgx.ReportLength)
		if _, err = io.ReadFull(rf, buf); err != nil {
			return fmt.Errorf("report file %s read failed", reportPath)
		}

		linkable := false
		if context.Bool("linkable") {
			linkable = true
		}

		quote, err := intelsgx.GetQuote(buf, spid, linkable)
		if err != nil {
			return err
		}

		if err := ioutil.WriteFile(quotePath, quote, 0664); err != nil {
			return err
		}

		logrus.Infof("target enclave's quote file %s saved", quotePath)

		return nil
	},
	SkipArgReorder: true,
}