From 0f0693db426309378a5b2812b2c605c9a39fc33e Mon Sep 17 00:00:00 2001 From: "YiLin.Li" Date: Thu, 3 Sep 2020 08:42:50 +0000 Subject: [PATCH] rune/libenclave: Pass IAS resonpse in the format of map[string]string to init-runelet Signed-off-by: Yilin Li --- rune/libenclave/agent.go | 4 +-- rune/libenclave/internal/runtime/core/core.go | 4 +-- .../internal/runtime/enclave_runtime.go | 4 +-- .../internal/runtime/pal/pal_linux.go | 26 +++++++++---------- rune/libenclave/runelet.go | 3 ++- 5 files changed, 21 insertions(+), 20 deletions(-) diff --git a/rune/libenclave/agent.go b/rune/libenclave/agent.go index cd2f42e..27ec6d4 100644 --- a/rune/libenclave/agent.go +++ b/rune/libenclave/agent.go @@ -159,9 +159,9 @@ func handleRequest(conn net.Conn, id int) { defer connFile.Close() if req.Attest != nil { - logrus.Infof("In function handleRequest: get a attest request") + logrus.Infof("In function handleRequest: get an attest request") resp.Attest = &pb.AgentServiceResponse_Attest{} - err = enclaveRuntime.LaunchAttestation(req.Attest.Spid, + _, err := enclaveRuntime.LaunchAttestation(req.Attest.Spid, req.Attest.SubscriptionKey, req.Attest.Product, req.Attest.QuoteType) diff --git a/rune/libenclave/internal/runtime/core/core.go b/rune/libenclave/internal/runtime/core/core.go index 2fc2256..2982aac 100644 --- a/rune/libenclave/internal/runtime/core/core.go +++ b/rune/libenclave/internal/runtime/core/core.go @@ -25,8 +25,8 @@ func (pal *enclaveRuntimeCore) Init(args string, logLevel string) (err error) { return fmt.Errorf("enclave runtime core Init() unimplemented") } -func (pal *enclaveRuntimeCore) Attest(string, string, uint32, uint32) (err error) { - return fmt.Errorf("enclave runtime core Attest() unimplemented") +func (pal *enclaveRuntimeCore) Attest(string, string, uint32, uint32) (map[string]string, error) { + return nil, fmt.Errorf("enclave runtime core Attest() unimplemented") } func (pal *enclaveRuntimeCore) Exec(cmd []string, envp []string, stdio [3]*os.File) (int32, error) { diff --git a/rune/libenclave/internal/runtime/enclave_runtime.go b/rune/libenclave/internal/runtime/enclave_runtime.go index c9ba417..dbd4d4b 100644 --- a/rune/libenclave/internal/runtime/enclave_runtime.go +++ b/rune/libenclave/internal/runtime/enclave_runtime.go @@ -12,7 +12,7 @@ import ( type EnclaveRuntime interface { Init(args string, logLevel string) error - Attest(string, string, uint32, uint32) error + Attest(string, string, uint32, uint32) (map[string]string, error) Exec(cmd []string, envp []string, stdio [3]*os.File) (int32, error) Kill(sig int, pid int) error Destroy() error @@ -49,7 +49,7 @@ func StartInitialization(config *configs.InitEnclaveConfig, logLevel string) (*E return rt, nil } -func (rt *EnclaveRuntimeWrapper) LaunchAttestation(spid string, subscriptionKey string, product uint32, quoteType uint32) error { +func (rt *EnclaveRuntimeWrapper) LaunchAttestation(spid string, subscriptionKey string, product uint32, quoteType uint32) (map[string]string, error) { logrus.Debugf("attesting enclave runtime") return rt.runtime.Attest(spid, subscriptionKey, product, quoteType) diff --git a/rune/libenclave/internal/runtime/pal/pal_linux.go b/rune/libenclave/internal/runtime/pal/pal_linux.go index ad800de..a26e72c 100644 --- a/rune/libenclave/internal/runtime/pal/pal_linux.go +++ b/rune/libenclave/internal/runtime/pal/pal_linux.go @@ -87,27 +87,27 @@ func parseAttestParameters(spid string, subscriptionKey string, product uint32) return p } -func (pal *enclaveRuntimePal) Attest(spid string, subscriptionKey string, product uint32, quoteType uint32) (err error) { +func (pal *enclaveRuntimePal) Attest(spid string, subscriptionKey string, product uint32, quoteType uint32) (map[string]string, error) { if pal.GetLocalReport == nil { - return nil + return nil, nil } targetInfo, err := intelsgx.GetQeTargetInfo() if err != nil { - return err + return nil, err } if len(targetInfo) != intelsgx.TargetinfoLength { - return fmt.Errorf("len(targetInfo) is not %d, but %d", intelsgx.TargetinfoLength, len(targetInfo)) + return nil, fmt.Errorf("len(targetInfo) is not %d, but %d", intelsgx.TargetinfoLength, len(targetInfo)) } // get local report of SGX report, err := pal.GetLocalReport(targetInfo) if err != nil { - return err + return nil, err } if len(report) != intelsgx.ReportLength { - return fmt.Errorf("len(report) is not %d, but %d", intelsgx.ReportLength, len(report)) + return nil, fmt.Errorf("len(report) is not %d, but %d", intelsgx.ReportLength, len(report)) } // get quote from QE(aesmd) @@ -117,12 +117,12 @@ func (pal *enclaveRuntimePal) Attest(spid string, subscriptionKey string, produc } quote, err := intelsgx.GetQuote(report, spid, linkable) if err != nil { - return err + return nil, err } q := &intelsgx.Quote{} if err := restruct.Unpack(quote, binary.LittleEndian, &q); err != nil { - return err + return nil, err } // get IAS remote attestation report @@ -131,20 +131,20 @@ func (pal *enclaveRuntimePal) Attest(spid string, subscriptionKey string, produc svc, err := attestation.NewService(p, verbose) if err != nil { log.Fatal(err) - return err + return nil, err } if err = svc.Check(quote); err != nil { log.Fatal(err) - return err + return nil, err } - status, _, err := svc.GetVerifiedReport(quote) + status, iasReport, err := svc.GetVerifiedReport(quote) if err != nil { - return fmt.Errorf("%s", err) + return nil, fmt.Errorf("%s", err) } svc.ShowStatus(status) - return nil + return iasReport, nil } diff --git a/rune/libenclave/runelet.go b/rune/libenclave/runelet.go index a32f69c..af86097 100644 --- a/rune/libenclave/runelet.go +++ b/rune/libenclave/runelet.go @@ -73,7 +73,7 @@ func StartInitialization(cmd []string, cfg *RuneletConfig) (exitCode int32, err // Launch a remote attestation to the enclave runtime. if config.RaType == sgx.EPID { - if err = rt.LaunchAttestation(config.RaEpidSpid, config.RaEpidSubscriptionKey, config.IsProductEnclave, config.RaEpidIsLinkable); err != nil { + if _, err := rt.LaunchAttestation(config.RaEpidSpid, config.RaEpidSubscriptionKey, config.IsProductEnclave, config.RaEpidIsLinkable); err != nil { return 1, err } } @@ -313,6 +313,7 @@ func remoteAttest(agentPipe *os.File, config *configs.InitEnclaveConfig, notifyS } else { err = fmt.Errorf(resp.Attest.Error) } + return resp.Attest.ExitCode, err } -- GitLab