Create module hash for each module in SGX lib-rats (#1745)

Current SGX lib-rats wasm module hash is stored in a global buffer,
which may be overwritten if there are multiple wasm module loadings.
We move the module hash into the enclave module to resolve the issue.

And rename the SGX_IPFS macro/variable in Makefile and Enclave.edl to
make the code more consistent.

And refine the sgx-ra sample document.

core/iwasm/common/wasm_runtime_common.c

@@ -1160,6 +1160,12 @@ wasm_runtime_deinstantiate(WASMModuleInstanceCommon *module_inst)
     wasm_runtime_deinstantiate_internal(module_inst, false);
 }
 
+WASMModuleCommon *
+wasm_runtime_get_module(WASMModuleInstanceCommon *module_inst)
+{
+    return (WASMModuleCommon *)((WASMModuleInstance *)module_inst)->module;
+}
+
 WASMExecEnv *
 wasm_runtime_create_exec_env(WASMModuleInstanceCommon *module_inst,
                              uint32 stack_size)

core/iwasm/common/wasm_runtime_common.h

@@ -488,6 +488,10 @@ wasm_runtime_instantiate(WASMModuleCommon *module, uint32 stack_size,
 WASM_RUNTIME_API_EXTERN void
 wasm_runtime_deinstantiate(WASMModuleInstanceCommon *module_inst);
 
+/* See wasm_export.h for description */
+WASM_RUNTIME_API_EXTERN WASMModuleCommon *
+wasm_runtime_get_module(WASMModuleInstanceCommon *module_inst);
+
 /* See wasm_export.h for description */
 WASM_RUNTIME_API_EXTERN WASMFunctionInstanceCommon *
 wasm_runtime_lookup_function(WASMModuleInstanceCommon *const module_inst,

core/iwasm/include/wasm_export.h

@@ -357,6 +357,17 @@ wasm_runtime_load_from_sections(wasm_section_list_t section_list, bool is_aot,
 WASM_RUNTIME_API_EXTERN void
 wasm_runtime_unload(wasm_module_t module);
 
+/**
+ * Get the module hash of a WASM module, currently only available on
+ * linux-sgx platform when the remote attestation feature is enabled
+ *
+ * @param module the WASM module to retrieve
+ *
+ * @return the module hash of the WASM module
+ */
+char *
+wasm_runtime_get_module_hash(wasm_module_t module);
+
 /**
  * Set WASI parameters.
  *
@@ -444,6 +455,16 @@ wasm_runtime_instantiate(const wasm_module_t module,
 WASM_RUNTIME_API_EXTERN void
 wasm_runtime_deinstantiate(wasm_module_inst_t module_inst);
 
+/**
+ * Get WASM module from WASM module instance
+ *
+ * @param module_inst the WASM module instance to retrieve
+ *
+ * @return the WASM module
+ */
+WASM_RUNTIME_API_EXTERN wasm_module_t
+wasm_runtime_get_module(wasm_module_inst_t module_inst);
+
 WASM_RUNTIME_API_EXTERN bool
 wasm_runtime_is_wasi_mode(wasm_module_inst_t module_inst);
 

core/iwasm/libraries/lib-rats/lib_rats_common.h

@@ -11,9 +11,14 @@
 #include <stdint.h>
 #include <stddef.h>
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 #define SGX_QUOTE_MAX_SIZE 8192
 #define SGX_USER_DATA_SIZE 64
 #define SGX_MEASUREMENT_SIZE 32
+
 /* clang-format off */
 typedef struct rats_sgx_evidence {
     uint8_t quote[SGX_QUOTE_MAX_SIZE];          /* The quote of the Enclave */
@@ -28,4 +33,8 @@ typedef struct rats_sgx_evidence {
 } rats_sgx_evidence_t;
 /* clang-format on */
 
-#endif
+#ifdef __cplusplus
+}
+#endif
+
+#endif

core/iwasm/libraries/lib-rats/lib_rats_wrapper.c

@@ -16,13 +16,13 @@
 #include "bh_common.h"
 #include "lib_rats_common.h"
 
-extern char wasm_module_hash[SHA256_DIGEST_LENGTH];
-
 static int
 librats_collect_wrapper(wasm_exec_env_t exec_env, char **evidence_json,
                         const char *buffer, uint32_t buffer_size)
 {
     wasm_module_inst_t module_inst = get_module_inst(exec_env);
+    wasm_module_t module = wasm_runtime_get_module(module_inst);
+    char *wasm_module_hash = wasm_runtime_get_module_hash(module);
 
     char *json, *str_ret;
     uint32_t str_ret_offset;
@@ -112,4 +112,4 @@ get_lib_rats_export_apis(NativeSymbol **p_lib_rats_apis)
 {
     *p_lib_rats_apis = native_symbols_lib_rats;
     return sizeof(native_symbols_lib_rats) / sizeof(NativeSymbol);
-}
+}

core/iwasm/libraries/lib-rats/lib_rats_wrapper.h

@@ -10,6 +10,7 @@
 
 #include <stdint.h>
 #include <string.h>
+
 #include "lib_rats_common.h"
 
 #ifdef __cplusplus
@@ -44,4 +45,4 @@ librats_parse_evidence(const char *evidence_json, uint32_t json_size,
 }
 #endif
 
-#endif
+#endif