Calling into thim agent to get collateral.

src/Linux/curl_easy.cpp

@@ -10,16 +10,24 @@
 #include <limits>
 #include <locale>
 #include "private.h"
+#include <string.h>
 
 #ifdef __LINUX__
 #include <openssl/err.h>
 #include <openssl/ssl.h>
+#include <unistd.h>
 #else
 #include <PathCch.h>
 #include <shlwapi.h>
 #include <strsafe.h>
 #endif
 
+///////////////////////////////////////////////////////////////////////////////
+// Constants
+///////////////////////////////////////////////////////////////////////////////
+static constexpr int maximum_retries = 3;
+static constexpr int initial_retry_delay_ms = 2000;
+
 ///////////////////////////////////////////////////////////////////////////////
 // Local Helper Functions
 ///////////////////////////////////////////////////////////////////////////////
@@ -70,7 +78,7 @@ char const* curl_easy::error::what() const noexcept
 ///////////////////////////////////////////////////////////////////////////////
 // curl_easy implementation
 ///////////////////////////////////////////////////////////////////////////////
-std::unique_ptr<curl_easy> curl_easy::create(const std::string& url, const std::string* const p_body)
+std::unique_ptr<curl_easy> curl_easy::create(const std::string& url, const std::string* const p_body, unsigned long dwflag, std::wstring httpVerb)
 {
     std::unique_ptr<curl_easy> easy(new curl_easy);
 
@@ -90,9 +98,17 @@ std::unique_ptr<curl_easy> curl_easy::create(const std::string& url, const std::
     easy->set_opt_or_throw(CURLOPT_FAILONERROR, 1L);
     easy->set_opt_or_throw(CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2);
 
+
+    if (wcscasecmp(httpVerb.c_str(), L"POST") == 0)
+    {
+        easy->set_opt_or_throw(CURLOPT_POST, 1L);
+    }
+    else
+    {
+        easy->set_opt_or_throw(CURLOPT_HTTPGET, 1L);
+    }
     if (p_body != nullptr && !p_body->empty())
     {
-        easy->set_opt_or_throw(CURLOPT_CUSTOMREQUEST, "GET");
         easy->set_opt_or_throw(CURLOPT_COPYPOSTFIELDS, p_body->c_str());
     }
 
@@ -128,14 +144,29 @@ curl_easy::~curl_easy()
 
 void curl_easy::perform() const
 {
-    CURLcode result = curl_easy_perform(handle);
-    if (result == CURLE_HTTP_RETURNED_ERROR)
+    int retry_delay = initial_retry_delay_ms;
+    int attempts = 0;
+    long http_code = 0;
+    do
     {
-        long http_code = 0;
-        curl_easy_getinfo (handle, CURLINFO_RESPONSE_CODE, &http_code);
-        log(SGX_QL_LOG_ERROR, "HTTP error (%zd)", http_code);
-    }
-    throw_on_error(result, "curl_easy_perform");
+        CURLcode result = curl_easy_perform(handle);
+        if ((result == CURLE_OPERATION_TIMEDOUT) && (attempts <= maximum_retries))
+	{
+	    attempts++;
+	    curl_easy_getinfo (handle, CURLINFO_RESPONSE_CODE, &http_code);   
+            log(SGX_QL_LOG_ERROR, "HTTP error (%zd)", http_code);
+            sleep(retry_delay);
+            retry_delay *= 2;
+            continue;
+         }
+	if (result == CURLE_HTTP_RETURNED_ERROR)
+        {
+            curl_easy_getinfo (handle, CURLINFO_RESPONSE_CODE, &http_code);
+            log(SGX_QL_LOG_ERROR, "HTTP error (%zd)", http_code);
+        }
+        throw_on_error(result, "curl_easy_perform");
+        return;
+    }while(true);
 }
 
 const std::vector<uint8_t>& curl_easy::get_body() const

src/Linux/curl_easy.h

@@ -36,7 +36,11 @@ class curl_easy
         char function[128]{};
     };
 
-    static std::unique_ptr<curl_easy> create(const std::string& url, const std::string* const p_body);
+    static std::unique_ptr<curl_easy> create(
+        const std::string& url,
+        const std::string* const p_body,
+        unsigned long dwFlags = 0,
+        std::wstring httpVerb = L"GET");
 
     ~curl_easy();
 

src/UnitTest/test_quote_prov.cpp

@@ -101,44 +101,80 @@ static constexpr uint8_t TEST_FMSPC[] = {0x00, 0x90, 0x6E, 0xA1, 0x00, 0x00};
 static constexpr uint8_t ICX_TEST_FMSPC[] =
     {0x00, 0x60, 0x6a, 0x00, 0x00, 0x00};
 
-// Test input (choose an arbitrary Azure server)
-static uint8_t qe_id[16] = {
-    0x00,
-    0xfb,
-    0xe6,
-    0x73,
-    0x33,
-    0x36,
-    0xea,
-    0xf7,
-    0xa4,
-    0xe3,
-    0xd8,
-    0xb9,
-    0x66,
-    0xa8,
-    0x2e,
-    0x64};
-
-static sgx_cpu_svn_t cpusvn = {
-    0x04,
-    0x04,
-    0x02,
-    0x04,
-    0xff,
-    0x80,
-    0x00,
-    0x00,
-    0x00,
-    0x00,
-    0x00,
-    0x00,
-    0x00,
-    0x00,
-    0x00,
-    0x00};
+ // Test input (choose an arbitrary Azure server)
+// static uint8_t qe_id[16] = {
+//    0x00,
+//    0xfb,
+//    0xe6,
+//    0x73,
+//    0x33,
+//    0x36,
+//    0xea,
+//    0xf7,
+//    0xa4,
+//    0xe3,
+//    0xd8,
+//    0xb9,
+//    0x66,
+//    0xa8,
+//    0x2e,
+//    0x64};
+
+static uint8_t qe_id[16] = {0x4e,
+                            0x77,
+                            0xbd,
+                            0x62,
+                            0xf4,
+                            0x64,
+                            0x0b,
+                            0xda,
+                            0x77,
+                            0xf6,
+                            0x77,
+                            0x97,
+                            0x60,
+                            0x9c,
+                            0xd8,
+                            0xed};
+
+// static sgx_cpu_svn_t cpusvn = {
+//    0x04,
+//    0x04,
+//    0x02,
+//    0x04,
+//    0xff,
+//    0x80,
+//    0x00,
+//    0x00,
+//    0x00,
+//    0x00,
+//    0x00,
+//    0x00,
+//    0x00,
+//    0x00,
+//    0x00,
+//    0x00};
+
+static sgx_cpu_svn_t cpusvn = {0x04,
+                               0x04,
+                               0x02,
+                               0x04,
+                               0x01,
+                               0x80,
+                               0x00,
+                               0x00,
+                               0x00,
+                               0x00,
+                               0x00,
+                               0x00,
+                               0x00,
+                               0x00,
+                               0x00,
+                               0x00};
+// static sgx_isv_svn_t pcesvn = 6;
+
+static sgx_isv_svn_t pcesvn = 5;
 
-static sgx_isv_svn_t pcesvn = 6;
 
 static sgx_ql_pck_cert_id_t id = {qe_id, sizeof(qe_id), &cpusvn, &pcesvn, 0};
 
@@ -458,7 +494,7 @@ static void GetCrlTest()
 {
     // This is the CRL DP used by Intel for leaf certs
     static const char* TEST_CRL_URL =
-        "https://api.trustedservices.intel.com/sgx/certification/v1/"
+        "https://api.trustedservices.intel.com/sgx/certification/v3/"
         "pckcrl?ca=processor";
 
     sgx_ql_get_revocation_info_params_t params = {
@@ -927,7 +963,11 @@ void SetupEnvironment(std::string version)
 #if defined __LINUX__
     setenv(
         "AZDCAP_BASE_CERT_URL",
-        "https://global.acccache.azure.net/sgx/certificates",
+        "https://global.acccache.azure.net/sgx/certificates/",
+        1);
+    setenv(
+        "AZDCAP_THIM_AGENT_URL",
+        "http://169.254.169.254/metadata/THIM/sgx/certificates?",
         1);
     setenv("AZDCAP_CLIENT_ID", "AzureDCAPTestsLinux", 1);
     if (!version.empty())
@@ -943,9 +983,15 @@ void SetupEnvironment(std::string version)
     }
     EXPECT_TRUE(SetEnvironmentVariableA(
         "AZDCAP_BASE_CERT_URL",
-        "https://global.acccache.azure.net/sgx/certificates"));
+        "https://global.acccache.azure.net/sgx/certificates/"));
+    EXPECT_TRUE(SetEnvironmentVariableA(
+        "AZDCAP_THIM_AGENT_URL",
+        "http://127.0.0.1:90/metadata/THIM/sgx/certificates?"));
     EXPECT_TRUE(
         SetEnvironmentVariableA("AZDCAP_CLIENT_ID", "AzureDCAPTestsWindows"));
+    EXPECT_TRUE(
+        SetEnvironmentVariableA("AZDCAP_CID", "cid=0"));
+
 #endif
 }
 
@@ -997,6 +1043,7 @@ TEST(testQuoteProv, quoteProviderTestsV2DataFromService)
     // Get the data from the service
     //
     SetupEnvironment("v2");
+
     ASSERT_TRUE(RunQuoteProviderTests());
     ASSERT_TRUE(GetQveIdentityTest());