rune/libenclave: Pass IAS resonpse in the format of map[string]string to init-runelet

Signed-off-by: N Yilin Li <YiLin.Li@linux.alibaba.com>

rune/libenclave: Pass IAS resonpse in the format of map[string]string to init-runelet
Signed-off-by: N Yilin Li <YiLin.Li@linux.alibaba.com>
0f0693db · YiLin.Li · jia zhang · 44b238c9 · 0f0693db · 0f0693db
5 changed file
--- a/rune/libenclave/agent.go
+++ b/rune/libenclave/agent.go
@@ -159,9 +159,9 @@ func handleRequest(conn net.Conn, id int) {
 	defer connFile.Close()

 	if req.Attest != nil {
-		logrus.Infof("In function handleRequest: get a attest request")
+		logrus.Infof("In function handleRequest: get an attest request")
 		resp.Attest = &pb.AgentServiceResponse_Attest{}
-		err = enclaveRuntime.LaunchAttestation(req.Attest.Spid,
+		_, err := enclaveRuntime.LaunchAttestation(req.Attest.Spid,
 			req.Attest.SubscriptionKey,
 			req.Attest.Product,
 			req.Attest.QuoteType)

--- a/rune/libenclave/internal/runtime/core/core.go
+++ b/rune/libenclave/internal/runtime/core/core.go
@@ -25,8 +25,8 @@ func (pal *enclaveRuntimeCore) Init(args string, logLevel string) (err error) {
 	return fmt.Errorf("enclave runtime core Init() unimplemented")
 }

-func (pal *enclaveRuntimeCore) Attest(string, string, uint32, uint32) (err error) {
-	return fmt.Errorf("enclave runtime core Attest() unimplemented")
+func (pal *enclaveRuntimeCore) Attest(string, string, uint32, uint32) (map[string]string, error) {
+	return nil, fmt.Errorf("enclave runtime core Attest() unimplemented")
 }

 func (pal *enclaveRuntimeCore) Exec(cmd []string, envp []string, stdio [3]*os.File) (int32, error) {

--- a/rune/libenclave/internal/runtime/enclave_runtime.go
+++ b/rune/libenclave/internal/runtime/enclave_runtime.go
@@ -12,7 +12,7 @@ import (

 type EnclaveRuntime interface {
 	Init(args string, logLevel string) error
-	Attest(string, string, uint32, uint32) error
+	Attest(string, string, uint32, uint32) (map[string]string, error)
 	Exec(cmd []string, envp []string, stdio [3]*os.File) (int32, error)
 	Kill(sig int, pid int) error
 	Destroy() error
@@ -49,7 +49,7 @@ func StartInitialization(config *configs.InitEnclaveConfig, logLevel string) (*E
 	return rt, nil
 }

-func (rt *EnclaveRuntimeWrapper) LaunchAttestation(spid string, subscriptionKey string, product uint32, quoteType uint32) error {
+func (rt *EnclaveRuntimeWrapper) LaunchAttestation(spid string, subscriptionKey string, product uint32, quoteType uint32) (map[string]string, error) {
 	logrus.Debugf("attesting enclave runtime")

 	return rt.runtime.Attest(spid, subscriptionKey, product, quoteType)

--- a/rune/libenclave/internal/runtime/pal/pal_linux.go
+++ b/rune/libenclave/internal/runtime/pal/pal_linux.go
@@ -87,27 +87,27 @@ func parseAttestParameters(spid string, subscriptionKey string, product uint32)
 	return p
 }

-func (pal *enclaveRuntimePal) Attest(spid string, subscriptionKey string, product uint32, quoteType uint32) (err error) {
+func (pal *enclaveRuntimePal) Attest(spid string, subscriptionKey string, product uint32, quoteType uint32) (map[string]string, error) {
 	if pal.GetLocalReport == nil {
-		return nil
+		return nil, nil
 	}

 	targetInfo, err := intelsgx.GetQeTargetInfo()
 	if err != nil {
-		return err
+		return nil, err
 	}

 	if len(targetInfo) != intelsgx.TargetinfoLength {
-		return fmt.Errorf("len(targetInfo) is not %d, but %d", intelsgx.TargetinfoLength, len(targetInfo))
+		return nil, fmt.Errorf("len(targetInfo) is not %d, but %d", intelsgx.TargetinfoLength, len(targetInfo))
 	}

 	// get local report of SGX
 	report, err := pal.GetLocalReport(targetInfo)
 	if err != nil {
-		return err
+		return nil, err
 	}
 	if len(report) != intelsgx.ReportLength {
-		return fmt.Errorf("len(report) is not %d, but %d", intelsgx.ReportLength, len(report))
+		return nil, fmt.Errorf("len(report) is not %d, but %d", intelsgx.ReportLength, len(report))
 	}

 	// get quote from QE(aesmd)
@@ -117,12 +117,12 @@ func (pal *enclaveRuntimePal) Attest(spid string, subscriptionKey string, produc
 	}
 	quote, err := intelsgx.GetQuote(report, spid, linkable)
 	if err != nil {
-		return err
+		return nil, err
 	}

 	q := &intelsgx.Quote{}
 	if err := restruct.Unpack(quote, binary.LittleEndian, &q); err != nil {
-		return err
+		return nil, err
 	}

 	// get IAS remote attestation report
@@ -131,20 +131,20 @@ func (pal *enclaveRuntimePal) Attest(spid string, subscriptionKey string, produc
 	svc, err := attestation.NewService(p, verbose)
 	if err != nil {
 		log.Fatal(err)
-		return err
+		return nil, err
 	}

 	if err = svc.Check(quote); err != nil {
 		log.Fatal(err)
-		return err
+		return nil, err
 	}

-	status, _, err := svc.GetVerifiedReport(quote)
+	status, iasReport, err := svc.GetVerifiedReport(quote)
 	if err != nil {
-		return fmt.Errorf("%s", err)
+		return nil, fmt.Errorf("%s", err)
 	}

 	svc.ShowStatus(status)

-	return nil
+	return iasReport, nil
 }
--- a/rune/libenclave/runelet.go
+++ b/rune/libenclave/runelet.go
@@ -73,7 +73,7 @@ func StartInitialization(cmd []string, cfg *RuneletConfig) (exitCode int32, err

 		// Launch a remote attestation to the enclave runtime.
 		if config.RaType == sgx.EPID {
-			if err = rt.LaunchAttestation(config.RaEpidSpid, config.RaEpidSubscriptionKey, config.IsProductEnclave, config.RaEpidIsLinkable); err != nil {
+			if _, err := rt.LaunchAttestation(config.RaEpidSpid, config.RaEpidSubscriptionKey, config.IsProductEnclave, config.RaEpidIsLinkable); err != nil {
 				return 1, err
 			}
 		}
@@ -313,6 +313,7 @@ func remoteAttest(agentPipe *os.File, config *configs.InitEnclaveConfig, notifyS
 	} else {
 		err = fmt.Errorf(resp.Attest.Error)
 	}
+
 	return resp.Attest.ExitCode, err
 }