1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
extern crate sgx_trts;
extern crate sgx_types;
use serde_json::Value;
use teaclave_attestation::report::SgxQuote;
use teaclave_attestation::EndorsedAttestationReport;
use teaclave_attestation::{key, AttestationConfig};
use teaclave_binder::proto::{
ECallCommand, FinalizeEnclaveInput, FinalizeEnclaveOutput, InitEnclaveInput, InitEnclaveOutput,
RawJsonInput, RawJsonOutput,
};
use teaclave_binder::{handle_ecall, register_ecall_handler};
use teaclave_service_enclave_utils::ServiceEnclave;
use teaclave_types::TeeServiceError;
use teaclave_types::{self, TeeServiceResult};
fn attestation(raw_json_input: &RawJsonInput) -> anyhow::Result<()> {
let v: serde_json::Value = serde_json::from_str(&raw_json_input.json)?;
let attestation_config = AttestationConfig::new(
v["algorithm"].as_str().unwrap(),
v["url"].as_str().unwrap(),
v["key"].as_str().unwrap(),
v["spid"].as_str().unwrap(),
)?;
let key_pair = key::NistP256KeyPair::new()?;
let report = match *attestation_config {
AttestationConfig::NoAttestation => EndorsedAttestationReport::default(),
AttestationConfig::WithAttestation(ref config) => {
EndorsedAttestationReport::new(config, key_pair.pub_k())?
}
};
let attn_report: Value = serde_json::from_slice(&report.report)?;
let sgx_quote_body = {
let quote_encoded = attn_report["isvEnclaveQuoteBody"]
.as_str()
.ok_or_else(|| anyhow::anyhow!("report error"))?;
let quote_raw = base64::decode(quote_encoded.as_bytes())?;
SgxQuote::parse_from(quote_raw.as_slice())?
};
println!("Remote Attestation Report:");
println!("{}", serde_json::to_string_pretty(&attn_report)?);
println!();
println!("ISV Enclave Quote Body:");
println!("{:?}", sgx_quote_body);
Ok(())
}
#[handle_ecall]
fn handle_remote_attestation(input: &RawJsonInput) -> TeeServiceResult<RawJsonOutput> {
match attestation(input) {
Ok(_) => Ok(RawJsonOutput::default()),
Err(e) => {
log::error!("Failed to attest: {}", e);
Err(TeeServiceError::ServiceError)
}
}
}
#[handle_ecall]
fn handle_init_enclave(_: &InitEnclaveInput) -> TeeServiceResult<InitEnclaveOutput> {
ServiceEnclave::init(env!("CARGO_PKG_NAME"))?;
Ok(InitEnclaveOutput)
}
#[handle_ecall]
fn handle_finalize_enclave(_: &FinalizeEnclaveInput) -> TeeServiceResult<FinalizeEnclaveOutput> {
ServiceEnclave::finalize()?;
Ok(FinalizeEnclaveOutput)
}
register_ecall_handler!(
type ECallCommand,
(ECallCommand::Raw, RawJsonInput, RawJsonOutput),
(ECallCommand::InitEnclave, InitEnclaveInput, InitEnclaveOutput),
(ECallCommand::FinalizeEnclave, FinalizeEnclaveInput, FinalizeEnclaveOutput),
);