check_hw - support for diagnosing DCAP

fryingeggman · May 6, 2024 · 3f497f7 · 3f497f7
1 parent da9266e
commit 3f497f7
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 50 deletions.
diff --git a/check-hw/Cargo.lock b/check-hw/Cargo.lock
diff --git a/check-hw/Cargo.toml b/check-hw/Cargo.toml
@@ -23,3 +23,4 @@ enclave-ffi-types = { path = "../cosmwasm/enclaves/ffi-types", features = [
 clap = "2.33"
 parking_lot = "0.11"
 lazy_static = "1.4"
+log = "0.4.17"
diff --git a/check-hw/build.rs b/check-hw/build.rs
@@ -11,4 +11,7 @@ fn main() {
     println!("cargo:rustc-link-lib=static=sgx_ukey_exchange");
     println!("cargo:rustc-link-lib=dylib=sgx_urts");
     println!("cargo:rustc-link-lib=dylib=sgx_uae_service");
+
+    println!("cargo:rustc-link-lib=dylib=sgx_dcap_ql");
+    println!("cargo:rustc-link-lib=dylib=sgx_dcap_quoteverify");
 }
diff --git a/check-hw/src/enclave_api.rs b/check-hw/src/enclave_api.rs
@@ -13,6 +13,8 @@ use sgx_types::{
     sgx_report_t, sgx_spid_t, sgx_status_t, sgx_target_info_t, sgx_update_info_bit_t,
 };
 
+include!("../../cosmwasm/packages/sgx-vm/src/attestation_dcap.rs");
+
 // ecalls
 
 extern "C" {
@@ -186,53 +188,3 @@ pub extern "C" fn ocall_read_db(
 pub extern "C" fn ocall_allocate(_buffer: *const u8, _length: usize) -> UserSpaceBuffer {
     unimplemented!()
 }
-
-#[no_mangle]
-pub extern "C" fn ocall_get_quote_ecdsa_params(
-    ret_val: *mut sgx_status_t,
-    p_qe_info: *mut sgx_target_info_t,
-    p_quote_size: *mut u32,
-) -> sgx_status_t {
-    unimplemented!()
-}
-#[no_mangle]
-pub extern "C" fn ocall_get_quote_ecdsa(
-    ret_val: *mut sgx_status_t,
-    p_report: *const sgx_report_t,
-    p_quote: *mut u8,
-    n_quote: u32,
-) -> sgx_status_t {
-    unimplemented!()
-}
-
-#[no_mangle]
-pub extern "C" fn ocall_get_quote_ecdsa_collateral(
-    ret_val: *mut sgx_status_t,
-    p_quote: *const u8,
-    n_quote: u32,
-    p_col: *mut u8,
-    n_col: u32,
-    p_col_out: *mut u32,
-) -> sgx_status_t {
-    unimplemented!()
-}
-
-#[no_mangle]
-pub extern "C" fn ocall_verify_quote_ecdsa(
-    ret_val: *mut sgx_status_t,
-    p_quote: *const u8,
-    n_quote: u32,
-    p_col: *const u8,
-    n_col: u32,
-    p_target_info: *const sgx_target_info_t,
-    time_s: i64,
-    p_qve_report_info: *mut sgx_ql_qe_report_info_t,
-    p_supp_data: *mut u8,
-    n_supp_data: u32,
-    p_supp_data_size: *mut u32,
-    p_time_s: *mut i64,
-    p_collateral_expiration_status: *mut u32,
-    p_qv_result: *mut sgx_ql_qv_result_t,
-) -> sgx_status_t {
-    unimplemented!()
-}
diff --git a/cosmwasm/enclaves/execute/src/registration/check_patch_level.rs b/cosmwasm/enclaves/execute/src/registration/check_patch_level.rs
@@ -14,6 +14,9 @@ use crate::registration::attestation::create_attestation_report;
 #[cfg(feature = "SGX_MODE_HW")]
 use crate::registration::cert::verify_quote_status;
 
+#[cfg(feature = "SGX_MODE_HW")]
+use crate::registration::offchain::get_attestation_report_dcap;
+
 #[cfg(not(feature = "epid_whitelist_disabled"))]
 use crate::registration::cert::check_epid_gid_is_whitelisted;
 
@@ -52,6 +55,12 @@ pub unsafe extern "C" fn ecall_check_patch_level(
     // generate temporary key for attestation
     let temp_key_result = enclave_crypto::KeyPair::new().unwrap();
 
+    let res_dcap = unsafe { get_attestation_report_dcap(&temp_key_result) };
+    if res_dcap.is_ok() {
+        println!("DCAP attestation ok");
+        return NodeAuthResult::Success;
+    }
+
     let signed_report = match create_attestation_report(
         &temp_key_result.get_pubkey(),
         SIGNATURE_TYPE,