diff --git a/rune/libenclave/intelsgx/aesmd.go b/rune/libenclave/intelsgx/aesmd.go index 2b5e2b377260c86570a81af94d68748f97482a73..f8f666ee3d4ac13a028c780b110a25c6032adb1e 100644 --- a/rune/libenclave/intelsgx/aesmd.go +++ b/rune/libenclave/intelsgx/aesmd.go @@ -189,3 +189,59 @@ func GetLaunchToken(sig []byte) ([]byte, error) { return resp.GetLaunchToken.GetToken(), nil } + +func GetQeTargetInfo() ([]byte, error) { + conn, err := dialAesmd() + if err != nil { + return nil, err + } + defer conn.Close() + + req := pb.AesmServiceRequest{} + req.GetQeTargetInfo = &pb.AesmServiceRequest_GetQeTargetInfo{ + Timeout: 10000, + } + + rdata, err := transmitAesmd(conn, &req) + if err != nil { + return nil, err + } + + resp := pb.AesmServiceResponse{} + resp.GetQeTargetInfo = &pb.AesmServiceResponse_GetQeTargetInfo{} + if err := proto.Unmarshal(rdata, &resp); err != nil { + return nil, err + } + + if resp.GetQeTargetInfo.GetError() != 0 { + return nil, fmt.Errorf("failed to get TARGETINFO (error code = %d)", + resp.GetQeTargetInfo.GetError()) + } + + targetInfo := resp.GetQeTargetInfo.GetTargetinfo() + if len(targetInfo) != TargetinfoLength { + return nil, fmt.Errorf("invalid length of TARGETINFO: (returned %d, expected %d)", + len(targetInfo), TargetinfoLength) + } + + ti := &Targetinfo{} + if err := restruct.Unpack(targetInfo, binary.LittleEndian, &ti); err != nil { + return nil, err + } + + logrus.Debugf("Quoting Enclave's TARGETINFO:\n") + logrus.Debugf(" Enclave Hash: 0x%v\n", + hex.EncodeToString(ti.Measurement[:])) + logrus.Debugf(" Enclave Attributes: 0x%v\n", + hex.EncodeToString(ti.Attributes[:])) + logrus.Debugf(" CET Attributes: %#02x\n", + ti.CetAttributes) + logrus.Debugf(" Config SVN: %#04x\n", + ti.ConfigSvn) + logrus.Debugf(" Misc Select: %#08x\n", + ti.MiscSelect) + logrus.Debugf(" Config ID: 0x%v\n", + hex.EncodeToString(ti.ConfigId[:])) + + return resp.GetQeTargetInfo.GetTargetinfo(), nil +} diff --git a/rune/libenclave/intelsgx/arch.go b/rune/libenclave/intelsgx/arch.go index 019bd2e31f66cdb7e2383081d40c1c87d3a339c5..ab3945ed5cc94b7a836befdc288969a3fb307517 100644 --- a/rune/libenclave/intelsgx/arch.go +++ b/rune/libenclave/intelsgx/arch.go @@ -26,6 +26,7 @@ const ( const ( SigStructLength = 1808 EinittokenLength = 304 + TargetinfoLength = 512 ReportLength = ReportBodyLength + 48 ReportBodyLength = 384 QuoteLength = QuoteBodyLength + ReportBodyLength + 4 @@ -79,6 +80,18 @@ type Einittoken struct { Mac [16]byte `struct:"[16]byte"` } +type Targetinfo struct { + Measurement [32]byte `struct:"[32]byte"` + Attributes [16]byte `struct:"[16]byte"` + CetAttributes uint8 `struct:"uint8"` + _ uint8 `struct:"uint8"` + ConfigSvn uint16 `struct:"uint16"` + MiscSelect uint32 `struct:"uint32"` + _ [8]byte `struct:"[8]byte"` + ConfigId [64]byte `struct:"[64]byte"` + _ [384]byte `struct:"[384]byte"` +} + type Report struct { ReportBody Keyid [32]byte `struct:"[32]byte"` diff --git a/rune/libenclave/intelsgx/proto/aesm-service.proto b/rune/libenclave/intelsgx/proto/aesm-service.proto index 4eb933b3d3fafa1719e22d84d50295035ad1c3bc..ee26c3ce7683daedada6c671999df9ac2fa609df 100644 --- a/rune/libenclave/intelsgx/proto/aesm-service.proto +++ b/rune/libenclave/intelsgx/proto/aesm-service.proto @@ -6,6 +6,10 @@ package aesm_service; // import "github.com/opencontainers/runc/libenclave/intel message AesmServiceRequest { + message GetQeTargetInfo { + uint32 timeout = 9; + } + message GetLaunchToken { bytes enclavehash = 1; bytes modulus = 2; @@ -13,15 +17,23 @@ message AesmServiceRequest { uint32 timeout = 9; } - GetLaunchToken getLaunchToken = 3; + GetQeTargetInfo getQeTargetInfo = 1; + GetLaunchToken getLaunchToken = 3; } message AesmServiceResponse { + message GetQeTargetInfo { + uint32 error = 1; + bytes targetinfo = 2; + bytes gid = 3; + } + message GetLaunchToken { uint32 error = 1; bytes token = 2; } - GetLaunchToken getLaunchToken = 3; + GetQeTargetInfo getQeTargetInfo = 1; + GetLaunchToken getLaunchToken = 3; }