Enable DCAP quote generation

build/__tools__/expand-config

@@ -78,6 +78,7 @@ try :
     LedgerType = os.environ["PDO_LEDGER_TYPE"]
     SPID = os.environ["PDO_SPID"]
     SPID_API_KEY = os.environ["PDO_SPID_API_KEY"]
+    PDO_ATTESTATION_TYPE = os.environ["PDO_ATTESTATION_TYPE"]
 except KeyError as ke :
     print("incomplete configuration, missing definition of {0}".format(str(ke)))
     sys.exit(-1)
@@ -112,7 +113,8 @@ config_map = {
     'eservice_key_format': EserviceKeyFormat,
     'proxy' : HttpsProxy,
     'spid' : SPID,
-    'spid_api_key' : SPID_API_KEY
+    'spid_api_key' : SPID_API_KEY,
+    'attestation_type' : PDO_ATTESTATION_TYPE
 }
 
 # -----------------------------------------------------------------

build/__tools__/verify-pre-conf.sh

@@ -47,6 +47,17 @@ if [ "${SGX_MODE}" = "HW" ]; then
     if [[ ! "${PDO_SPID_API_KEY}" =~ ^[A-Fa-f0-9]{32}$ ]]; then
 	warn "PDO_SPID_API_KEY is not defined correctly, should be a a 32-byte hex key"
     fi
+
+    if [[ ! "${PDO_ATTESTATION_TYPE}" = "epid-linkable" ]] && [[ ! "${PDO_ATTESTATION_TYPE}" = "dcap" ]]; then
+        die "PDO_ATTESTATION_TYPE=${PDO_ATTESTATION_TYPE} not defined epid-linkable or dcap in HW mode"
+    fi
+fi
+
+if [ "${SGX_MODE}" = "SIM" ]; then
+    if [[ ! "${PDO_ATTESTATION_TYPE}" = "simulated" ]]; then
+        die "PDO_ATTESTATION_TYPE=${PDO_ATTESTATION_TYPE} not defined simulated in SIM mode"
+    fi
 fi
 
+
 exit $F_VERIFIED

build/common-config.sh

@@ -68,6 +68,12 @@ var_set() {
 	"
 	env_key_sort[$i]="SGX_MODE"; i=$i+1; export SGX_MODE=${env_val[SGX_MODE]}
 
+    env_val[PCCS_URL]="${PCCS_URL:-https://$(hostname -A | cut -d" " -f1):8081/sgx/certification/v3/}"
+    env_desc[PCCS_URL]="
+        PCCS_URL is the URL of the SGX PCCS service necessary for dcap-based attestations.
+    "
+    env_key_sort[$i]="PCCS_URL"; i=$i+1; export PCCS_URL=${env_val[PCCS_URL]}
+
 	env_val[PDO_LEDGER_URL]="${PDO_LEDGER_URL:-http://127.0.0.1:6600}"
 	env_desc[PDO_LEDGER_URL]="
 		PDO_LEDGER_URL is the URL is to submit transactions to the ledger.
@@ -132,6 +138,13 @@ var_set() {
 	"
 	env_key_sort[$i]="PDO_ENCLAVE_CODE_SIGN_PEM"; i=$i+1; export PDO_ENCLAVE_CODE_SIGN_PEM=${env_val[PDO_ENCLAVE_CODE_SIGN_PEM]}
 
+    env_val[PDO_ATTESTATION_TYPE]="${PDO_ATTESTATION_TYPE:-$(cat ${PDO_SGX_KEY_ROOT}/sgx_attestation_type.txt)}"
+    env_desc[PDO_ATTESTATION_TYPE]="
+        PDO_ATTESTATION_TYPE indicates the type of attestation that will be used.
+        simulated in SIM mode; epid-linkable or dcap in HW mode.
+    "
+    env_key_sort[$i]="PDO_ATTESTATION_TYPE"; i=$i+1; export PDO_ATTESTATION_TYPE=${env_val[PDO_ATTESTATION_TYPE]}
+
 	env_val[PDO_SPID]="${PDO_SPID:-$(cat ${PDO_SGX_KEY_ROOT}/sgx_spid.txt)}"
 	env_desc[PDO_SPID]="
 		PDO_SPID is the ID that accompanies the certificate registered
@@ -231,6 +244,7 @@ do
 	    unset PDO_ENCLAVE_CODE_SIGN_PEM
 	    unset PDO_SPID
 	    unset PDO_SPID_API_KEY
+	    unset PDO_ATTESTATION_TYPE
             ;;
         --evalable-export|-e)
 	    is_sourced=0

build/keys/sgx_mode_hw/.gitignore

@@ -1,3 +1,4 @@
 ias_root_ca.cert
 ias_signing.cert
 sgx_ias_key.pem
+sgx_attestation_type.txt

build/keys/sgx_mode_sim/sgx_attestation_type.txt

@@ -0,0 +1 @@
+simulated

build/opt/pdo/etc/template/enclave.toml

@@ -33,3 +33,6 @@ https_proxy = '${proxy}'
 
 # spid_api_key is a 32-digit hex string tied to the SPID
 spid_api_key = '${spid_api_key}'
+
+# attestation type is a string: 'simulated', epid-linkable, or 'dcap'
+attestation_type = '${attestation_type}'

docker/Dockerfile.pdo-build

@@ -51,7 +51,7 @@
 #     you will have to
 #     - PDO_SGX_KEY_ROOT env var pointing to the directory with the actual files and/or
 #       PDO_LEDGER_URL properly configured ..
-#     - unset PDO_SPID PDO_SPID_API_KEY
+#     - unset PDO_SPID PDO_SPID_API_KEY PDO_ATTESTATION_TYPE
 #     - call 'source /project/pdo/src/private-data-objects/build/common-config.sh'
 #     - run 'make -C /project/pdo/src/private-data-objects/build conf'
 #   - if you want to debug with gdb and alike, you also might want to add options

docker/Dockerfile.pdo-dev

@@ -67,6 +67,9 @@ ARG SGX=2.15.1
 ARG OPENSSL=1.1.1g
 ARG SGXSSL=2.10_1.1.1g
 
+ARG PCCS_URL=https://localhost:8081/sgx/certification/v3/
+ENV PCCS_URL=${PCCS_URL}
+
 ARG ADD_APT_PKGS=
 
 # Add necessary packages
@@ -154,6 +157,17 @@ RUN echo "deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu ${U
       #   is split into corresponding smaller libraries and header-files to make
       #   integration with DCAP easier and minimize pulling in unnecessary dependencies
 
+# Install SGX DCAP packages
+RUN apt-get install -y \
+    libsgx-dcap-ql \
+    libsgx-dcap-ql-dev \
+    libsgx-dcap-default-qpl
+
+# Disable certificate check for PCCS
+RUN sed -i 's/"use_secure_cert": true/"use_secure_cert": false/' /etc/sgx_default_qcnl.conf
+# set the PCCS URL provided as input
+RUN sed -i 's#"pccs_url": ".*"#"pccs_url": "'${PCCS_URL}'"#' /etc/sgx_default_qcnl.conf
+
 # Install SGX SDK
 RUN mkdir -p /opt/intel
 WORKDIR /opt/intel

docker/Makefile

@@ -25,10 +25,25 @@ DOCKER_COMPOSE_FILES_CCF += ccf-pdo.yaml ccf-pdo.local-code.yaml
 DOCKER_COMPOSE_FILES_CCF_ONLY += ccf.yaml ccf.local-code.yaml
 
 ifeq ($(SGX_MODE),HW)
-   DOCKER_COMPOSE_FILES_CCF += ccf-pdo.sgx.yaml
-   SGX_DEVICE_PATH=$(shell if [ -e "/dev/isgx" ]; then echo "/dev/isgx"; elif [ -e "/dev/sgx/enclave" ]; then echo "/dev/sgx/enclave"; else echo "ERROR: NO SGX DEVICE FOUND"; fi)
-   DOCKER_COMPOSE_COMMAND := env SGX_DEVICE_PATH=${SGX_DEVICE_PATH} ${DOCKER_COMPOSE_COMMAND}
+	DOCKER_COMPOSE_FILES_CCF += pdo.sgx.yaml
+
+	SGX_ATTESTATION_TYPE=$(shell if [ -e "./sgx/sgx_attestation_type.txt" ]; then cat "./sgx/sgx_attestation_type.txt"; fi)
+
+ifeq ($(SGX_ATTESTATION_TYPE),epid-linkable)
+	SGX_DEVICE_PATH=$(shell if [ -e "/dev/isgx" ]; then echo "/dev/isgx"; elif [ -e "/dev/sgx/enclave" ]; then echo "/dev/sgx/enclave"; else echo "ERROR: NO SGX DEVICE FOUND"; fi)
+endif
+
+ifeq ($(SGX_ATTESTATION_TYPE),dcap)
+	SGX_DEVICE_PATH=$(shell if [ -e "/dev/sgx_enclave" ]; then echo "/dev/sgx_enclave"; else echo "ERROR: NO SGX DEVICE FOUND"; fi)
+	SGX_PROVISION_DEVICE_PATH=$(shell if [ -e "/dev/sgx_provision" ]; then echo "/dev/sgx_provision"; else echo "ERROR: NO SGX PROV DEVICE FOUND"; fi)
+	# set pccs url: grab from env, or assume it's in the local host listening on 8081
+	PCCS_URL:=$(if $(PCCS_URL),$(PCCS_URL),https://$(shell hostname -A | cut -d" " -f1):8081/sgx/certification/v3/)
+	DOCKER_BUILD_OPTS := ${DOCKER_BUILD_OPTS} --build-arg PCCS_URL=${PCCS_URL}
 endif
+
+	DOCKER_COMPOSE_COMMAND := env SGX_DEVICE_PATH=${SGX_DEVICE_PATH} env SGX_PROVISION_DEVICE_PATH=${SGX_PROVISION_DEVICE_PATH} ${DOCKER_COMPOSE_COMMAND}
+endif
+
 ifdef http_proxy
    DO_PROXY = 1
 endif
@@ -96,9 +111,10 @@ test-env-setup-with-no-build-ccf:
 	-$(DOCKER_COMPOSE_COMMAND) $(DOCKER_COMPOSE_OPTS_CCF) down
 	# - start services
 	$(DOCKER_COMPOSE_COMMAND) $(DOCKER_COMPOSE_OPTS_CCF) up -d
+	# - configure
 	if [ "$(SGX_MODE)" = "HW" ]; then \
        $(DOCKER_COMPOSE_COMMAND) $(DOCKER_COMPOSE_OPTS_CCF) \
-		   exec -T pdo-build bash -c 'source /etc/bash.bashrc && export PDO_SGX_KEY_ROOT=/project/pdo/build/opt/pdo/etc/keys/sgx/ && unset PDO_SPID PDO_SPID_API_KEY PDO_HOSTNAME && source /project/pdo/src/private-data-objects/build/common-config.sh && make -C /project/pdo/src/private-data-objects/build force-conf register'; \
+		   exec -T pdo-build bash -c 'source /etc/bash.bashrc && export PDO_SGX_KEY_ROOT=/project/pdo/build/opt/pdo/etc/keys/sgx/ && unset PDO_SPID PDO_SPID_API_KEY PDO_HOSTNAME PDO_ATTESTATION_TYPE && source /project/pdo/src/private-data-objects/build/common-config.sh && make -C /project/pdo/src/private-data-objects/build force-conf register'; \
     fi
 
 test-with-no-build-ccf: test-env-setup-with-no-build-ccf

docker/pdo.sgx.yaml

@@ -0,0 +1,53 @@
+# Copyright 2017 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ------------------------------------------------------------------------------
+
+# This docker-compose file extends the basic ccf-pdo template with support
+# for SGX in hardware mode. To use add a '-f pdo.sgx.yaml' _after_ the
+# '-f ccf-pdo.yaml'. This can also be combined with ccf-pdo.local-code.yaml.
+
+# Before you can run the containers in hardware mode, you will have to prepare following
+# files in the sgx subdirectory
+# - sgx_spid.txt
+# - sgx_spid_api_key.txt
+# - sgx_ias_key.pem
+# - sgx_attestation_type.txt
+# See 'build/common-config -h' for information on the content of these files
+#
+# in the pdo-build shell (see ccf-pdo.yaml), before doing any operation
+# you also will have to register sgx-related information in the ledger with
+# following steps
+#    export PDO_SGX_KEY_ROOT=/project/pdo/build/opt/pdo/etc/keys/sgx/
+#    unset PDO_SPID PDO_SPID_API_KEY PDO_ATTESTATION_TYPE
+#    source /project/pdo/src/private-data-objects/build/common-config.sh
+#    make -C /project/pdo/src/private-data-objects/build conf register
+
+version: "2.1"
+
+services:
+
+  # PDO EHS, PS and client ...
+  pdo-build:
+    image: pdo-sgx-build
+    container_name: pdo-sgx-build
+    build:
+      args:
+        SGX_MODE: HW
+    volumes:
+      - ${PDO_SGX_KEY_ROOT:-./sgx/}:/project/pdo/build/opt/pdo/etc/keys/sgx/
+      - /var/run/aesmd:/var/run/aesmd
+    devices:
+      - ${SGX_DEVICE_PATH:-/dev/isgx}:${SGX_DEVICE_PATH:-/dev/isgx}
+      - ${SGX_PROVISION_DEVICE_PATH:-/dev/null}:${SGX_PROVISION_DEVICE_PATH:-/tmp/no_prov_device}
+

docker/sgx/.gitignore

@@ -1,3 +1,4 @@
 enclave_code_sign.pem
 sgx_ias_key.pem
 sgx_spid.txt
+sgx_attestation_type.txt

docs/environment.md

@@ -51,7 +51,7 @@ them to the environment.
 
 Passing parameter `--reset-keys` will unset key variables
 `PDO_ENCLAVE_CODE_SIGN_PEM`,
-`PDO_SPID` and `PDO_SPID_API_KEY` before setting variables.
+`PDO_SPID`, `PDO_SPID_API_KEY`, `PDO_ATTESTATION_TYPE` before setting variables.
 
 <!-- -------------------------------------------------- -->
 <!-- -------------------------------------------------- -->
@@ -152,6 +152,13 @@ you should provide your own version, at least for `PDO_SPID` and
 [BUILD document](install.md) for more information.
 
 <!-- -------------------------------------------------- -->
+
+### `PCCS_URL`
+(default: `https://$(hostname -A | cut -d" " -f1):8081/sgx/certification/v3/`)
+
+`PCCS_URL` is the url of the SGX PCCS service which is necessary for DCAP attestations.
+For other types of attestations, this value is ignored.
+
 ### `PDO_ENCLAVE_CODE_SIGN_PEM`
 (default: `${PDO_SGX_KEY_ROOT}/enclave_code_sign.pem`):
 
@@ -196,6 +203,14 @@ The default value will work for SGX simulation mode. See
 [SGX section](install.md#SGX) of the [BUILD document](install.md) for
 instructions to create the API key to support SGX hardware mode.
 
+### `PDO_ATTESTATION_TYPE`
+(default `simulated`)
+
+`PDO_ATTESTATION_TYPE` contains the type of attestation used by the eservice
+for the contract enclave.
+The default value is `simulated`, in SGX SIM mode.
+In SGX HW mode, the available types are `epid-linkable` and `dcap`.
+
 <!-- -------------------------------------------------- -->
 <!-- -------------------------------------------------- -->
 ## Ledger Environment Variables

docs/install.md

@@ -127,6 +127,7 @@ or you can define yours with `export PDO_SGX_KEY_ROOT=<your folder>`):
 * save your API key in `${PDO_SGX_KEY_ROOT}/sgx_spid_api_key.txt`
 * save the IAS root CA certificate in `${PDO_SGX_KEY_ROOT}/sgx_ias_key.pem`
   (`wget https://certificates.trustedservices.intel.com/Intel_SGX_Attestation_RootCA.pem -O ${PDO_SGX_KEY_ROOT}/sgx_ias_key.pem`)
+* save the attestation type `epid-linkable` or `dcap` in `${PDO_SGX_KEY_ROOT}/sgx_attestation_type.txt`
 
 #### Install the SGX Kernel Driver (Hardware Support)
 

eservice/bin/register-with-ledger.sh

@@ -50,6 +50,12 @@ if (( "$#" == 1 )) ; then
     SPID=$1
 fi
 
+#Set ATTESTATION_TYPE to parameter if passed
+ATTESTATION_TYPE=$PDO_ATTESTATION_TYPE
+if (( "$#" == 2 )) ; then
+    ATTESTATION_TYPE=$2
+fi
+
 function DeriveIasPublicKey {
     try test -e ${PDO_IAS_SIGNING_CERT_PATH}
     try openssl x509 -pubkey -noout -in ${PDO_IAS_SIGNING_CERT_PATH} > ${PDO_IAS_KEY_PEM}
@@ -69,13 +75,16 @@ function DeriveIasPublicKey {
 # However, getting basename via enclave invocation & quote is somewhat cleaner than below ..
 function Store {
     : "${SPID:?Need PDO_SPID environment variable set or passed in for valid MR_BASENAME}"
+    : "${ATTESTATION_TYPE:?Need PDO_ATTESTATION_TYPE environment variable set or passed in}"
     try test -e ${ETCDIR}/${ESERVICE_TOML}
     try test -e ${ETCDIR}/${ENCLAVE_TOML}
     yell Download IAS certificates and Compute the enclave information
     try eservice-enclave-info \
         --spid ${SPID} \
+        --attestation-type ${ATTESTATION_TYPE} \
         --save ${eservice_enclave_info_file} \
         --loglevel warn \
+        --logfile __screen__ \
         --identity ${ESERVICE_IDENTITY} \
         --config ${ESERVICE_TOML} ${ENCLAVE_TOML} \
         --config-dir ${ETCDIR}
@@ -105,9 +114,13 @@ function Register {
 }
 
 if [ "$SGX_MODE" = "HW" ]; then
-    Store
-    DeriveIasPublicKey
-    Register
+    if [ "$ATTESTATION_TYPE" = "epid-linkable" ]; then
+        Store
+        DeriveIasPublicKey
+        Register
+    else
+        yell Registration failed! attestation type not set to epid-linkable
+    fi
 else
     yell Registration failed! SGX_MODE not set to HW
 fi

eservice/docs/test-scripts.md

@@ -70,6 +70,7 @@ The following configuration variables can be specified:
   * ``ias_url`` --  URL of the Intel Attestation Service (IAS) server (ignored)
   * ``https_proxy`` -- proxy used to contact IAS server (ignored)
   * ``spid_api_key`` -- the api key corresponding to spid (ignored)
+  * ``attestation_type`` -- the type of attestation that the eservice will use (ignored)
 
 * ``contract`` -- the base name of the contract to use, this is
   expected to reference a file found in ``SchemeSearchPath``

eservice/etc/sample_eservice.toml

@@ -94,3 +94,6 @@ https_proxy = ''
 
 # spid_api_key is a 32-digit hex string tied to the SPID
 spid_api_key = 'DEADBEEF00000000DEADBEEF00000000'
+
+# attestation type is a string: 'simulated', epid-linkable, or 'dcap'
+attestation_type = 'simulated'

eservice/pdo/eservice/enclave/enclave/base.cpp

@@ -75,6 +75,7 @@ std::string pdo::enclave_api::base::GetLastError(void)
 pdo_err_t pdo::enclave_api::base::Initialize(
     const std::string& inPathToEnclave,
     const HexEncodedString& inSpid,
+    const std::string& inAttestationType,
     const int numOfEnclaves
     )
 {
@@ -96,6 +97,7 @@ pdo_err_t pdo::enclave_api::base::Initialize(
             for (pdo::enclave_api::Enclave& enc : g_Enclave)
             {
                 enc.SetSpid(inSpid);
+                enc.SetAttestationType(inAttestationType);
                 enc.Load(inPathToEnclave);
                 enc.StartWorker();
             }

eservice/pdo/eservice/enclave/enclave/base.h

@@ -64,6 +64,7 @@ namespace pdo
             pdo_err_t Initialize(
                 const std::string& inPathToEnclave,
                 const HexEncodedString& inSpid,
+                const std::string& inAttestationType,
                 const int numOfEnclaves
                 );