Merge pull request #371 from CESSProject/feat/dcap

Feat/dcap

crates/cestory/api/src/ecall_args.rs

@@ -50,5 +50,8 @@ pub struct InitArgs {
     /// The max retry times of getting the attestation report.
     pub ra_max_retries: u32,
 
+    /// The type of ceseal's remote attestation method,None means epid.
+    pub ra_type: Option<String>,
+
     pub role: WorkerRole,
 }

crates/cestory/src/ceseal_service.rs

@@ -459,10 +459,20 @@ impl<Platform: pal::Platform + Serialize + DeserializeOwned> CesealApi for RpcSe
 
         let challenge_handler = ChallengeHandlerInfo { challenge, sgx_local_report, ecdh_pubkey };
         let handler_hash = sp_core::hashing::blake2_256(&challenge_handler.encode());
+
+        let attestation_provider = if let Some(r) = cestory.args.ra_type.clone(){
+            if r == "dcap" {
+                Some(AttestationProvider::Dcap)
+            } else {
+                Some(AttestationProvider::Ias)
+            }
+        } else {
+            Some(AttestationProvider::Ias)
+        };
         let attestation = if !dev_mode {
             Some(create_attestation_report_on(
                 &cestory.platform,
-                Some(AttestationProvider::Ias),
+                attestation_provider,
                 &handler_hash,
                 cestory.args.ra_timeout,
                 cestory.args.ra_max_retries,

crates/cestory/src/pois.rs

@@ -727,12 +727,6 @@ impl PoisVerifierApi for PoisVerifierServer {
         //Concatenate all hashes to calculate the total hash
         let mut total_proof_hash = vec![0u8; 32];
         total_proof_hasher.result(&mut total_proof_hash);
-        info!("-----------------------total_proof_hash:{:?}",total_proof_hash.clone());
-        info!("-----------------------front:{}",front);
-        info!("-----------------------rear:{}",rear);
-        info!("-----------------------acc:{:?}",acc.clone());
-        info!("-----------------------space_chals:{:?}",space_chals.clone());
-        info!("-----------------------result:{}",result);
 
         //compute signature
         let sig_struct = ResponseSpaceProofVerifyTotalSignatureMember {

scripts/docker/ceseal/gramine/start-with-handover.sh

@@ -36,21 +36,17 @@ if [ "$RA_METHOD" = "dcap" ]; then
     echo "Dcap version found"
     rm -rf /opt/ceseal/releases/current/dcap-ver/data
     mv /opt/ceseal/releases/current/dcap-ver/* /opt/ceseal/releases/current/
-  else
-    echo "Dcap version not found but running with 'dcap' RA method. panic..."
-    exit 0
+    rm -rf /opt/ceseal/releases/current/dcap-ver
   fi
 else
   if [ -e "/opt/ceseal/releases/current/epid-ver" ]; then
     echo "Epid version found"
     rm -rf /opt/ceseal/releases/current/epid-ver/data
     mv /opt/ceseal/releases/current/epid-ver/* /opt/ceseal/releases/current/
-  else
-    echo "Epid version not found but running with 'epid' RA method. panic..."
-    exit 0
+    rm -rf /opt/ceseal/releases/current/epid-ver
   fi
 fi
 
 
-./handover
+./handover --ra-type=$RA_METHOD
 cd /opt/ceseal/releases/current && SKIP_AESMD=1 ./start.sh

scripts/docker/ceseal/gramine/start.sh

@@ -40,8 +40,25 @@ echo "Data dir '${DATA_DIR}'"
 GRAMINE_SGX_BIN=${GRAMINE_SGX_BIN:-"${WORK_DIR}/gramine-sgx"}
 GRAMINE_DIRECT_BIN=${GRAMINE_DIRECT_BIN:-"gramine-direct"}
 
+##check version need to use this
+if [ "$RA_METHOD" = "dcap" ]; then
+  if [ -e "/opt/ceseal/releases/current/dcap-ver" ]; then
+    echo "Dcap version found"
+    rm -rf /opt/ceseal/releases/current/dcap-ver/data
+    mv /opt/ceseal/releases/current/dcap-ver/* /opt/ceseal/releases/current/
+    rm -rf /opt/ceseal/releases/current/dcap-ver
+  fi
+else
+  if [ -e "/opt/ceseal/releases/current/epid-ver" ]; then
+    echo "Epid version found"
+    rm -rf /opt/ceseal/releases/current/epid-ver/data
+    mv /opt/ceseal/releases/current/epid-ver/* /opt/ceseal/releases/current/
+    rm -rf /opt/ceseal/releases/current/epid-ver
+  fi
+fi
+
 if [ -L ${DATA_DIR} ] && [ ! -e ${DATA_DIR} ]; then
-  mkdir -p $(readlink -f $DATA_DIR)
+  mkdir -p $(readlink $DATA_DIR)
 fi
 mkdir -p "${DATA_DIR}/protected_files"
 mkdir -p "${DATA_DIR}/storage_files"

standalone/teeworker/ceseal/src/main.rs

@@ -59,6 +59,8 @@ struct Args {
     #[arg(long)]
     request_handover_from: Option<String>,
 
+    #[arg(long)]
+    ra_type: Option<String>,
     /// Safe mode level
     ///
     /// - 0, All features enabled.
@@ -130,7 +132,6 @@ fn main() -> Result<()> {
 #[tracing::instrument(name = "main", skip_all)]
 async fn serve(sgx: bool, args: Args) -> Result<()> {
     info!(sgx, "Starting ceseal...");
-
     let sealing_path;
     let storage_path;
     if sgx {
@@ -153,7 +154,6 @@ async fn serve(sgx: bool, args: Args) -> Result<()> {
             fs::create_dir_all(p)?;
         }
     }
-
     let listener_addr = {
         let ip = args.address.as_ref().map_or("0.0.0.0", String::as_str);
         let port = args.port.unwrap_or(8000);
@@ -185,6 +185,7 @@ async fn serve(sgx: bool, args: Args) -> Result<()> {
             no_rcu: args.no_rcu,
             ra_timeout: args.ra_timeout,
             ra_max_retries: args.ra_max_retries,
+            ra_type: args.ra_type,
             role: args.role,
         }
     };

standalone/teeworker/handover/src/arg.rs

@@ -62,4 +62,10 @@ pub struct Args {
         default_value = "1888"
     )]
     pub previous_ceseal_port: u64,
+
+    #[arg(
+        long,
+        help = "remote attestation type",
+    )]
+    pub ra_type: String,
 }

standalone/teeworker/handover/src/main.rs

@@ -117,7 +117,10 @@ async fn main() {
 
 	//start current version ceseal
 	let command = Command::new("/opt/ceseal/releases/current/gramine-sgx")
-		.args(&["ceseal", &format!("--request-handover-from=http://localhost:{}", args.previous_ceseal_port)])
+		.args(&["ceseal",
+		&format!("--request-handover-from=http://localhost:{}", args.previous_ceseal_port),
+		&format!("--ra-type={}", args.ra_type),
+		])
 		.current_dir(&args.current_version_ceseal_path)
 		.stdout(Stdio::piped())
 		.stderr(Stdio::piped())