linux-sgx: Improve the remote attestation (#1695)

The current implementation of remote attestation does not take into
account the integrity of the wasm module. The SHA256 of the wasm
module has been put into user_data to generate the quote, and more
parameters are exposed for further verification.

product-mini/platforms/linux-sgx/enclave-sample/Enclave/Enclave.cpp

@@ -12,6 +12,12 @@
 #include "wasm_export.h"
 #include "bh_platform.h"
 
+#if WASM_ENABLE_LIB_RATS != 0
+#include <openssl/sha.h>
+
+char wasm_module_hash[SHA256_DIGEST_LENGTH];
+#endif
+
 extern "C" {
 typedef int (*os_print_function_t)(const char *message);
 extern void
@@ -243,6 +249,13 @@ handle_cmd_load_module(uint64 *args, uint32 argc)
 
     *(EnclaveModule **)args_org = enclave_module;
 
+#if WASM_ENABLE_LIB_RATS != 0
+    SHA256_CTX sha256;
+    SHA256_Init(&sha256);
+    SHA256_Update(&sha256, wasm_file, wasm_file_size);
+    SHA256_Final((unsigned char *)wasm_module_hash, &sha256);
+#endif
+
     LOG_VERBOSE("Load module success.\n");
 }
 

product-mini/platforms/linux-sgx/enclave-sample/Enclave/Enclave.edl

@@ -3,15 +3,16 @@
  * SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
  */
 
-#define LIB_RATS 0
+#define WASM_ENABLE_LIB_RATS 0
 #define SGX_IPFS 0
 
 enclave {
     from "sgx_tstdc.edl" import *;
     from "sgx_pthread.edl" import *;
     from "sgx_wamr.edl" import *;
-#if LIB_RATS != 0
+#if WASM_ENABLE_LIB_RATS != 0
     from "rats.edl" import *;
+    from "sgx_tsgxssl.edl" import *;
 #endif
 #if SGX_IPFS != 0
     from "sgx_tprotected_fs.edl" import *;