test

Signed-off-by: Bruno Vavala <bruno.vavala@intel.com>
bvavala · Mar 28, 2024 · 271d792 · 271d792
1 parent a47e1de
commit 271d792
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 5 deletions.
diff --git a/pservice/pdo/pservice/enclave/enclave/enclave.cpp b/pservice/pdo/pservice/enclave/enclave/enclave.cpp
@@ -21,6 +21,7 @@
 #include <sstream>
 #include <stdexcept>
 #include <unistd.h>
+#include <algorithm>
 
 #include <sgx_uae_epid.h>
 #include "sgx_support.h"
@@ -250,10 +251,16 @@ namespace pdo {
             const HexEncodedString& inSpid
             )
         {
+            // check SPID length
             pdo::error::ThrowIf<pdo::error::ValueError>(
                 inSpid.length() != 32,
                 "Invalid SPID length");
 
+            // check SPID format
+            pdo::error::ThrowIf<pdo::error::ValueError>(
+                ! std::all_of(inSpid.begin(), inSpid.end(), ::isxdigit),
+                "Invalid SPID format");
+
             HexStringToBinary(this->spid.id, sizeof(this->spid.id), inSpid);
         } // Enclave::SetSpid
 

diff --git a/pservice/pdo/pservice/pdo_enclave.py b/pservice/pdo/pservice/pdo_enclave.py
@@ -16,6 +16,7 @@
 import json
 import time
 import toml
+from pathlib import Path
 
 from ssl import SSLError
 from requests.exceptions import Timeout
@@ -132,7 +133,7 @@ def initialize_with_configuration(config) :
     enclave._SetLogger(logger)
 
     # Ensure that the required keys are in the configuration
-    valid_keys = set(['spid', 'ias_url', 'spid_api_key'])
+    valid_keys = set(['ias_url'])
     found_keys = set(config.keys())
 
     missing_keys = valid_keys.difference(found_keys)
@@ -143,18 +144,24 @@ def initialize_with_configuration(config) :
                 '{}'.format(
                     ', '.join(sorted(list(missing_keys)))))
 
+    try:
+        spid = Path(os.path.join(config['SgxKeyRoot'], "sgx_spid.txt")).read_text()
+        spid_api_key = Path(os.path.join(config['SgxKeyRoot'], "sgx_spid_api_key.txt")).read_text()
+    except Exception as e :
+        raise Exception("Unable to access SGX keys: {}".format(str(e)))
+
     if not _ias:
         _ias = \
             ias_client.IasClient(
                 IasServer = config['ias_url'],
-                SpidApiKey = config['spid_api_key'],
-                Spid = config['spid'],
+                SpidApiKey = spid_api_key,
+                Spid = spid,
                 HttpsProxy = config.get('https_proxy', ""))
 
     if not _pdo:
         signed_enclave = __find_enclave_library(config)
         logger.debug("Attempting to load enclave at: %s", signed_enclave)
-        _pdo = enclave.pdo_enclave_info(signed_enclave, config['spid'])
+        _pdo = enclave.pdo_enclave_info(signed_enclave, spid)
         logger.info("Basename: %s", get_enclave_basename())
         logger.info("MRENCLAVE: %s", get_enclave_measurement())
 

diff --git a/pservice/pdo/pservice/scripts/PServiceCLI.py b/pservice/pdo/pservice/scripts/PServiceCLI.py
@@ -391,7 +391,9 @@ def LocalMain(config) :
         # enclave configuration is in the 'EnclaveConfig' table
         try :
             logger.debug('initialize the enclave')
-            pdo_enclave_helper.initialize_enclave(config.get('EnclaveModule'))
+            enclave_config = config['EnclaveModule']
+            enclave_config['SgxKeyRoot'] = config['SgxKeyRoot']
+            pdo_enclave_helper.initialize_enclave(enclave_config)
             logger.info('EnclaveModule; %s', config.get('EnclaveModule'))
         except Error as e :
             logger.exception('failed to initialize enclave; %s', e)
@@ -446,6 +448,8 @@ def Main() :
     parser.add_argument('--provisioning-path', help='Directories to search for the enclave data file', type=str, nargs='+')
     parser.add_argument('--provisioning-data', help='Name of the file containing enclave sealed storage', type=str)
 
+    parser.add_argument('--sgx-key-root', help='Path to SGX key root folder', type = str)
+
     options = parser.parse_args()
 
     # first process the options necessary to load the default configuration
@@ -498,6 +502,11 @@ def Main() :
         logger.error('Ledger url not provided as option or config parameter')
         sys.exit(-1)
 
+    if options.sgx_key_root :
+        config['SgxKeyRoot'] = options.sgx_key_root
+    else :
+        config['SgxKeyRoot'] = os.environ.get('PDO_SGX_KEY_ROOT', "")
+
     # set up the provisioning service configuration
     if config.get('ProvisioningService') is None :
         config['ProvisioningService'] = {