rune: revise remote attestation optional configurations type

1. transfer config.RaType from string type to uint32 type.
2. rename config.RaEpidQuoteType as config.RaEpidIsLinkable.
3. set config.RaEpidIsLinkable type as uint32.
Signed-off-by: NYilin Li <YiLin.Li@linux.alibaba.com>

rune/libcontainer/configs/enclave.go

@@ -10,8 +10,8 @@ type Enclave struct {
 	Type                  string `json:"type"`
 	Path                  string `json:"path"`
 	Args                  string `json:"args,omitempty"`
-	RaType                string `json:"ra_type,omitempty"`
+	RaType                uint32 `json:"ra_type,omitempty"`
 	RaEpidSpid            string `json:"ra_epid_spid,omitempty"`
 	RaEpidSubscriptionKey string `json:"ra_epid_subscription_key,omitempty"`
-	RaEpidQuoteType       string `json:"ra_epid_quote_type,omitempty"`
+	RaEpidIsLinkable      uint32 `json:"ra_epid_is_linkable,omitempty"`
 }

rune/libcontainer/configs/validate/validator.go

@@ -9,6 +9,8 @@ import (
 	"github.com/opencontainers/runc/libcontainer/configs"
 	"github.com/opencontainers/runc/libcontainer/intelrdt"
 	"github.com/opencontainers/runc/libenclave"
+	"github.com/opencontainers/runc/libenclave/attestation/sgx"
+	"github.com/opencontainers/runc/libenclave/intelsgx"
 	selinux "github.com/opencontainers/selinux/go-selinux"
 )
 
@@ -224,6 +226,13 @@ func (v *ConfigValidator) enclave(config *configs.Config) error {
 		return err
 	}
 
+	if config.Enclave.RaType == sgx.InvalidRaType {
+		return fmt.Errorf("Unsupported ra_type Configuration %v!\n", config.Enclave.RaType)
+	}
+
+	if config.Enclave.RaEpidIsLinkable == intelsgx.InvalidQuoteSignatureType {
+		return fmt.Errorf("Unsupported ra_epid_is_linkable Configuration %v!\n", config.Enclave.RaEpidIsLinkable)
+	}
 	return nil
 }
 

rune/libcontainer/process_linux.go

@@ -147,7 +147,7 @@ func (p *setnsProcess) start() (err error) {
 				RaType:                p.config.Config.Enclave.RaType,
 				RaEpidSpid:            p.config.Config.Enclave.RaEpidSpid,
 				RaEpidSubscriptionKey: p.config.Config.Enclave.RaEpidSubscriptionKey,
-				RaEpidQuoteType:       p.config.Config.Enclave.RaEpidQuoteType,
+				RaEpidIsLinkable:      p.config.Config.Enclave.RaEpidIsLinkable,
 			}
 			err := utils.WriteJSON(p.messageSockPair.parent, config)
 			if err != nil {
@@ -481,7 +481,7 @@ func (p *initProcess) start() (retErr error) {
 				RaType:                p.config.Config.Enclave.RaType,
 				RaEpidSpid:            p.config.Config.Enclave.RaEpidSpid,
 				RaEpidSubscriptionKey: p.config.Config.Enclave.RaEpidSubscriptionKey,
-				RaEpidQuoteType:       p.config.Config.Enclave.RaEpidQuoteType,
+				RaEpidIsLinkable:      p.config.Config.Enclave.RaEpidIsLinkable,
 			}
 			err := utils.WriteJSON(p.messageSockPair.parent, config)
 			if err != nil {

rune/libcontainer/specconv/spec_linux.go

@@ -20,6 +20,8 @@ import (
 	"github.com/opencontainers/runc/libcontainer/devices"
 	"github.com/opencontainers/runc/libcontainer/seccomp"
 	libcontainerUtils "github.com/opencontainers/runc/libcontainer/utils"
+	"github.com/opencontainers/runc/libenclave/attestation/sgx"
+	"github.com/opencontainers/runc/libenclave/intelsgx"
 	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/sirupsen/logrus"
 
@@ -332,9 +334,17 @@ func createEnclaveConfig(spec *specs.Spec, config *configs.Config) {
 		args = strings.Join(a, " ")
 	}
 
-	ra_type := filterOut(env, "ENCLAVE_RA_TYPE")
-	if ra_type == "" {
-		ra_type = libcontainerUtils.SearchLabels(config.Labels, "ra_type")
+	raType := filterOut(env, "ENCLAVE_RA_TYPE")
+	if raType == "" {
+		raType = libcontainerUtils.SearchLabels(config.Labels, "ra_type")
+	}
+	var ra_type uint32
+	if strings.EqualFold(raType, "EPID") {
+		ra_type = sgx.EPID
+	} else if strings.EqualFold(raType, "DCAP") {
+		ra_type = sgx.DCAP
+	} else {
+		ra_type = sgx.InvalidRaType
 	}
 
 	ra_epid_spid := filterOut(env, "ENCLAVE_RA_EPID_SPID")
@@ -347,9 +357,17 @@ func createEnclaveConfig(spec *specs.Spec, config *configs.Config) {
 		ra_epid_subscription_key = libcontainerUtils.SearchLabels(config.Labels, "ra_epid_subscription_key")
 	}
 
-	ra_epid_quote_type := filterOut(env, "ENCLAVE_RA_EPID_SIGNATURE_TYPE")
-	if ra_epid_quote_type == "" {
-		ra_epid_quote_type = libcontainerUtils.SearchLabels(config.Labels, "ra_epid_quote_type")
+	linkable := filterOut(env, "ENCLAVE_RA_EPID_IS_LINKABLE")
+	if linkable == "" {
+		linkable = libcontainerUtils.SearchLabels(config.Labels, "ra_epid_is_linkable")
+	}
+	var ra_epid_is_linkable uint32
+	if strings.EqualFold(linkable, "true") {
+		ra_epid_is_linkable = intelsgx.QuoteSignatureTypeLinkable
+	} else if strings.EqualFold(linkable, "false") {
+		ra_epid_is_linkable = intelsgx.QuoteSignatureTypeUnlinkable
+	} else {
+		ra_epid_is_linkable = intelsgx.InvalidQuoteSignatureType
 	}
 
 	if etype != "" {
@@ -360,7 +378,7 @@ func createEnclaveConfig(spec *specs.Spec, config *configs.Config) {
 			RaType:                ra_type,
 			RaEpidSpid:            ra_epid_spid,
 			RaEpidSubscriptionKey: ra_epid_subscription_key,
-			RaEpidQuoteType:       ra_epid_quote_type,
+			RaEpidIsLinkable:      ra_epid_is_linkable,
 		}
 	}
 }

rune/libenclave/configs/config.go

@@ -4,8 +4,8 @@ type InitEnclaveConfig struct {
 	Type                  string `json:"type"`
 	Path                  string `json:"path"`
 	Args                  string `json:"args"`
-	RaType                string `json:"ra_type"`
+	RaType                uint32 `json:"ra_type"`
 	RaEpidSpid            string `json:"ra_epid_spid"`
 	RaEpidSubscriptionKey string `json:"ra_epid_subscription_key"`
-	RaEpidQuoteType       string `json:"ra_epid_quote_type"`
+	RaEpidIsLinkable      uint32 `json:"ra_epid_is_linkable"`
 }

rune/libenclave/intelsgx/arch.go

@@ -115,6 +115,7 @@ type Quote struct {
 const (
 	QuoteSignatureTypeUnlinkable = iota
 	QuoteSignatureTypeLinkable
+	InvalidQuoteSignatureType
 )
 
 const (