This repository has been archived by the owner on Feb 11, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
racommand.go
124 lines (117 loc) · 3.75 KB
/
racommand.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
package main
import (
"fmt"
"github.com/inclavare-containers/shelter/remoteattestation"
"github.com/inclavare-containers/shelter/utils"
"github.com/urfave/cli"
"strings"
)
var (
remoteMrenclave [32]byte
remoteMrsigner [32]byte
)
var sgxraCommand = cli.Command{
Name: "remoteattestation",
Usage: "attest IAS report obtained by inclavared and setup TLS security channel with inclavared",
ArgsUsage: `[command options]
EXAMPLE:
# shelter mrenclave`,
Flags: []cli.Flag{
cli.StringFlag{
Name: "addr",
Usage: "specify tcp or unix socket address, e.g, '--addr=tcp://ip:port or --addr=unix://path'",
},
cli.StringFlag{
Name: "log-level",
Usage: "set the level of log output",
},
cli.StringFlag{
Name: "attester",
Usage: "set the type of quote attester",
},
cli.StringFlag{
Name: "verifier",
Usage: "set the type of quote verifier",
},
cli.StringFlag{
Name: "tls",
Usage: "set the type of tls wrapper",
},
cli.StringFlag{
Name: "crypto",
Usage: "set the type of crypto wrapper",
},
cli.BoolFlag{
Name: "mutual",
Usage: "set the attestation type is mutual or not",
},
},
SkipArgReorder: true,
Action: func(cliContext *cli.Context) error {
sockAddr := cliContext.String("addr")
logLevelInit := cliContext.String("log-level")
attester := cliContext.String("attester")
verifier := cliContext.String("verifier")
tls := cliContext.String("tls")
crypto := cliContext.String("crypto")
var mutual bool = false
if cliContext.Bool("mutual") {
mutual = true
}
var ret error = nil
var tcpIp string = ""
var tcpPort string = ""
var unixSock string = ""
var manageCmd string = ""
manageCmd = utils.ManageCmd1
if sockAddr != "" {
s1 := strings.Contains(sockAddr, "tcp")
s2 := strings.Contains(sockAddr, "unix")
if !s1 && !s2 {
return fmt.Errorf("warning: specify tcp or unix socket address with error format.\n")
}
if s1 {
ss := strings.Split(sockAddr, ":")
if len(ss) < 3 {
return fmt.Errorf("warning: specify tcp socket address with error format.\n")
}
tcpPort = ss[2]
sss := strings.TrimLeft(ss[1], "//")
tcpIp = sss
if tcpIp != "" {
n := strings.Count(tcpIp, ".")
if n != 3 {
return fmt.Errorf("warning: specify tcp socket ip address with error format.\n")
}
}
} else if s2 {
ss := strings.Split(sockAddr, ":")
if len(ss) < 2 {
return fmt.Errorf("warning: specify unix socket address with error format.\n")
}
sss := strings.TrimPrefix(ss[1], "//")
unixSock = sss
}
}
//attestation based on enclave-tls in tcp socket
if tcpIp != "" || tcpPort != "" {
ret = remoteattestation.EnclaveTlsSetupTcpSock(tcpIp, tcpPort, logLevelInit, attester, verifier, tls, crypto, mutual, manageCmd)
} else if unixSock != "" {
ret = remoteattestation.EnclaveTlsSetupUnixSock(unixSock, logLevelInit, attester, verifier, tls, crypto, mutual, manageCmd)
} else if unixSock == "" && tcpIp == "" && tcpPort == "" {
//if no any socket is specified, try to connect use default tcp port to connect firstly;
ret = remoteattestation.EnclaveTlsSetupTcpSock(tcpIp, tcpPort, logLevelInit, attester, verifier, tls, crypto, mutual, manageCmd)
retstr := fmt.Sprintf("%s", ret)
if strings.Contains(retstr, "connection") {
//if tcp socket connection is refused, try to connect use default unix socket to connect as backup;
fmt.Printf("Try to connect default tcp socket failed then retry with default unix socket.\n")
ret = remoteattestation.EnclaveTlsSetupUnixSock(unixSock, logLevelInit, attester, verifier, tls, crypto, mutual, manageCmd)
}
}
if ret != nil {
return fmt.Errorf("Remote attestation failed with err: %s \n", ret)
}
fmt.Printf("Remote attestation is successful.\n")
return nil
},
}