Merge openenclave#2402

2402: Query registered attesters/verifiers r=soccerGB a=yentsanglee There could be more than one registered plugins. Query API provides a way for the relying party and the attester to negotiate a common evidence format before transmitting quote. Co-authored-by: Yen Lee <[email protected]>
lsds · Jan 18, 2020 · d4aa3af · d4aa3af
2 parents 8911dfd + f7e1397
commit d4aa3af
Showing 1 changed file with 52 additions and 6 deletions.
diff --git a/docs/DesignDocs/CustomAttestation.md b/docs/DesignDocs/CustomAttestation.md
@@ -734,15 +734,40 @@ oe_result_t oe_verify_evidence(
     size_t* claims_length);
 
 /**
- * oe_free_claims_list
+ * oe_get_registered_attester_format_ids
  *
- * Frees a claims list.
+ * Get the unique identifiers of all registered attesters.
  *
- * @param[in] claims The list of claims.
- * @param[in] claims_length The length of the claims list.
+ * @param[out] format_ids The list of the UUIDs of the registered attesters.
+ * @param[out] format_ids_length The length of the UUIDs list.
  * @retval OE_OK on success.
  */
-oe_result_t oe_free_claims_list(oe_claim_t* claims, size_t claims_length);
+oe_result_t oe_get_registered_attester_format_ids(
+    oe_uuid_t** format_ids,
+    size_t* format_ids_length);
+
+/**
+ * oe_get_registered_verifier_format_ids
+ *
+ * Get the unique identifiers of all registered verifiers.
+ *
+ * @param[out] format_ids The list of the UUIDs of the registered verifiers.
+ * @param[out] format_ids_length The length of the UUIDs list.
+ * @retval OE_OK on success.
+ */
+oe_result_t oe_get_registered_verifier_format_ids(
+    oe_uuid_t** format_ids,
+    size_t* format_ids_length);
+
+/**
+ * oe_free_format_ids
+ *
+ * Frees the attester/verifier format ids.
+ *
+ * @param[in] format_ids The list of the attester/verifier UUIDs.
+ * @retval OE_OK on success.
+ */
+oe_result_t oe_free_format_ids(oe_uuid_t* format_ids);
 ```
 
 The outputs returned by `oe_get_evidence` will begin with the header
@@ -927,9 +952,24 @@ size_t params_size = sizeof(params);
 oe_claim_t claims = { ... };
 size_t claims_size = ...;
 
+/* Receive the evidence format ids that the verifier supports */
+recv(VERIFIER_SOCKET_FD, evidence_format_ids, evidence_format_id_length, 0);
+
+/* Get registered attester format ids and find a common format */
+oe_get_registered_attester_format_ids(*format_ids, &format_ids_length);
+for (size_t m = 0; m < format_ids_length; m++)
+{
+    for (size_t n = 0; n < evidence_format_id_length; n++)
+    if (format_ids[m] == evidence_format_ids[n])
+    {
+        common_format_id = format_ids[m];
+        break;
+    }
+}
+
 /* Get evidence. */
 oe_get_evidence(
-    MY_PLUGIN_UUID,
+    common_format_id,
     OE_EVIDENCE_FLAGS_REMOTE_ATTESTATION,
     claims,
     claims_size,
@@ -945,6 +985,7 @@ send(VERIFIER_SOCKET_FD, evidence, evidence_size, 0);
 send(VERIFIER_SOCKET_FD, endorsements, endorsements_size, 0);
 
 /* Free data and unregister plugin. */
+oe_free_format_id(format_ids);
 oe_free_evidence(evidence, endorsements);
 oe_unregister_attester(my_plugin_attester());
 ```
@@ -961,6 +1002,10 @@ struct my_plugin_verifier_config_data_t config = { ... };
 size_t config_size = sizeof(config);
 oe_register_verifier(my_plugin_verifier(), &config, config_size);
 
+/* Tell enclave the format ids the verifier supports */
+oe_get_registered_verifier_format_ids(*format_ids, &format_ids_length);
+send(ENCLAVE_SOCKET_FD, *format_ids, format_ids_length, 0);
+
 /* Receive evidence and endorsement buffer from enclave. */
 recv(ENCLAVE_SOCKET_FD, evidence, evidence_size, 0);
 recv(ENCLAVE_SOCKET_FD, endorsements, endorsements_size, 0);
@@ -985,6 +1030,7 @@ oe_verify_evidence(
     &claims_size);
 
 /* Free data and unregister plugin. */
+oe_free_format_id(format_ids);
 oe_free_claims_list(claims, claims_size);
 oe_unregister_verifier(my_plugin_verifier());
 ```