diff --git a/rune/libenclave/agent.go b/rune/libenclave/agent.go index cd2f42e5e5b867214d76997dcf042e7e7efa7294..27ec6d480d6846e83700846acec5eb6c1928e915 100644 --- a/rune/libenclave/agent.go +++ b/rune/libenclave/agent.go @@ -159,9 +159,9 @@ func handleRequest(conn net.Conn, id int) { defer connFile.Close() if req.Attest != nil { - logrus.Infof("In function handleRequest: get a attest request") + logrus.Infof("In function handleRequest: get an attest request") resp.Attest = &pb.AgentServiceResponse_Attest{} - err = enclaveRuntime.LaunchAttestation(req.Attest.Spid, + _, err := enclaveRuntime.LaunchAttestation(req.Attest.Spid, req.Attest.SubscriptionKey, req.Attest.Product, req.Attest.QuoteType) diff --git a/rune/libenclave/internal/runtime/core/core.go b/rune/libenclave/internal/runtime/core/core.go index 2fc2256503d1983c77efab0be717625b496c9e04..2982aac8f508e92d76be7dc1cc048eeb07474eef 100644 --- a/rune/libenclave/internal/runtime/core/core.go +++ b/rune/libenclave/internal/runtime/core/core.go @@ -25,8 +25,8 @@ func (pal *enclaveRuntimeCore) Init(args string, logLevel string) (err error) { return fmt.Errorf("enclave runtime core Init() unimplemented") } -func (pal *enclaveRuntimeCore) Attest(string, string, uint32, uint32) (err error) { - return fmt.Errorf("enclave runtime core Attest() unimplemented") +func (pal *enclaveRuntimeCore) Attest(string, string, uint32, uint32) (map[string]string, error) { + return nil, fmt.Errorf("enclave runtime core Attest() unimplemented") } func (pal *enclaveRuntimeCore) Exec(cmd []string, envp []string, stdio [3]*os.File) (int32, error) { diff --git a/rune/libenclave/internal/runtime/enclave_runtime.go b/rune/libenclave/internal/runtime/enclave_runtime.go index c9ba41744f04665e7527d7dd71d2ce4b01d2394c..dbd4d4b4bd3e9478c49264afd88feb3f3c98cc16 100644 --- a/rune/libenclave/internal/runtime/enclave_runtime.go +++ b/rune/libenclave/internal/runtime/enclave_runtime.go @@ -12,7 +12,7 @@ import ( type EnclaveRuntime interface { Init(args string, logLevel string) error - Attest(string, string, uint32, uint32) error + Attest(string, string, uint32, uint32) (map[string]string, error) Exec(cmd []string, envp []string, stdio [3]*os.File) (int32, error) Kill(sig int, pid int) error Destroy() error @@ -49,7 +49,7 @@ func StartInitialization(config *configs.InitEnclaveConfig, logLevel string) (*E return rt, nil } -func (rt *EnclaveRuntimeWrapper) LaunchAttestation(spid string, subscriptionKey string, product uint32, quoteType uint32) error { +func (rt *EnclaveRuntimeWrapper) LaunchAttestation(spid string, subscriptionKey string, product uint32, quoteType uint32) (map[string]string, error) { logrus.Debugf("attesting enclave runtime") return rt.runtime.Attest(spid, subscriptionKey, product, quoteType) diff --git a/rune/libenclave/internal/runtime/pal/pal_linux.go b/rune/libenclave/internal/runtime/pal/pal_linux.go index ad800dedd2bd351a2f1529bfa9dcab429a77e173..a26e72c26895d93daee65146f8b7623f24149ac6 100644 --- a/rune/libenclave/internal/runtime/pal/pal_linux.go +++ b/rune/libenclave/internal/runtime/pal/pal_linux.go @@ -87,27 +87,27 @@ func parseAttestParameters(spid string, subscriptionKey string, product uint32) return p } -func (pal *enclaveRuntimePal) Attest(spid string, subscriptionKey string, product uint32, quoteType uint32) (err error) { +func (pal *enclaveRuntimePal) Attest(spid string, subscriptionKey string, product uint32, quoteType uint32) (map[string]string, error) { if pal.GetLocalReport == nil { - return nil + return nil, nil } targetInfo, err := intelsgx.GetQeTargetInfo() if err != nil { - return err + return nil, err } if len(targetInfo) != intelsgx.TargetinfoLength { - return fmt.Errorf("len(targetInfo) is not %d, but %d", intelsgx.TargetinfoLength, len(targetInfo)) + return nil, fmt.Errorf("len(targetInfo) is not %d, but %d", intelsgx.TargetinfoLength, len(targetInfo)) } // get local report of SGX report, err := pal.GetLocalReport(targetInfo) if err != nil { - return err + return nil, err } if len(report) != intelsgx.ReportLength { - return fmt.Errorf("len(report) is not %d, but %d", intelsgx.ReportLength, len(report)) + return nil, fmt.Errorf("len(report) is not %d, but %d", intelsgx.ReportLength, len(report)) } // get quote from QE(aesmd) @@ -117,12 +117,12 @@ func (pal *enclaveRuntimePal) Attest(spid string, subscriptionKey string, produc } quote, err := intelsgx.GetQuote(report, spid, linkable) if err != nil { - return err + return nil, err } q := &intelsgx.Quote{} if err := restruct.Unpack(quote, binary.LittleEndian, &q); err != nil { - return err + return nil, err } // get IAS remote attestation report @@ -131,20 +131,20 @@ func (pal *enclaveRuntimePal) Attest(spid string, subscriptionKey string, produc svc, err := attestation.NewService(p, verbose) if err != nil { log.Fatal(err) - return err + return nil, err } if err = svc.Check(quote); err != nil { log.Fatal(err) - return err + return nil, err } - status, _, err := svc.GetVerifiedReport(quote) + status, iasReport, err := svc.GetVerifiedReport(quote) if err != nil { - return fmt.Errorf("%s", err) + return nil, fmt.Errorf("%s", err) } svc.ShowStatus(status) - return nil + return iasReport, nil } diff --git a/rune/libenclave/runelet.go b/rune/libenclave/runelet.go index a32f69c1e0d38a7ca458f3ea3172103df6d5ff0d..af86097c94b89cc91b1b35fa8b20165bf9750116 100644 --- a/rune/libenclave/runelet.go +++ b/rune/libenclave/runelet.go @@ -73,7 +73,7 @@ func StartInitialization(cmd []string, cfg *RuneletConfig) (exitCode int32, err // Launch a remote attestation to the enclave runtime. if config.RaType == sgx.EPID { - if err = rt.LaunchAttestation(config.RaEpidSpid, config.RaEpidSubscriptionKey, config.IsProductEnclave, config.RaEpidIsLinkable); err != nil { + if _, err := rt.LaunchAttestation(config.RaEpidSpid, config.RaEpidSubscriptionKey, config.IsProductEnclave, config.RaEpidIsLinkable); err != nil { return 1, err } } @@ -313,6 +313,7 @@ func remoteAttest(agentPipe *os.File, config *configs.InitEnclaveConfig, notifyS } else { err = fmt.Errorf(resp.Attest.Error) } + return resp.Attest.ExitCode, err }