From 7f41847fdebc1352ec2d294bcc6e9ab97b914cff Mon Sep 17 00:00:00 2001 From: Ramakrishna Srinivasamurthy Date: Thu, 12 Nov 2020 14:46:16 +0530 Subject: [PATCH] Create Avalon attestation verification service 1. Attestation verification service to do verify IAS AVR, DCAP quote 2. Service listens on HTTP based jrpc listener and uses format json-rpc 3. Python API makes to call to attestation service 4. Shell container having pure python packages and become light-weight. Signed-off-by: Ramakrishna Srinivasamurthy --- BUILD.md | 3 +- avs/Dockerfile | 220 ++++++++++++++++++ avs/Makefile | 47 ++++ .../__init__.py | 15 ++ .../verification_service.py | 123 ++++++++++ avs/setup.py | 48 ++++ ci/docker-compose-direct-model.yaml | 20 +- .../verify_attestation_report.py | 54 +++++ common/crypto_utils/tests/run_test.sh | 2 +- .../verify_attestation_report.py | 2 +- docker-compose.yaml | 24 ++ docker/Dockerfile | 92 -------- docker/k8s/fabric/README.md | 2 +- docker/lb/README.md | 6 +- docs/TestingBesuProxyModel.rst | 2 +- docs/TestingFabricProxyModel.rst | 4 +- docs/TestingGanacheProxyModel.rst | 2 +- docs/graphene-workload-tutorial/README.md | 2 +- docs/workload-tutorial/README.md | 16 +- examples/apps/generic_client/README.md | 16 +- .../generic_client/base_generic_client.py | 10 +- .../apps/generic_client/generic_client.py | 15 +- examples/apps/heart_disease_eval/README.md | 4 +- sdk/TestingContracts.md | 2 +- tests/Demo.py | 29 +++ tests/test_ias_attestation.py | 2 +- tools/clean.sh | 2 +- tools/rebuild.sh | 2 +- tools/run_proxy_model_tests.sh | 5 +- tools/run_tests.sh | 37 +-- 30 files changed, 664 insertions(+), 144 deletions(-) create mode 100644 avs/Dockerfile create mode 100644 avs/Makefile create mode 100644 avs/attestation_verification_service/__init__.py create mode 100644 avs/attestation_verification_service/verification_service.py create mode 100644 avs/setup.py create mode 100644 common/crypto_utils/avalon_crypto_utils/verify_attestation_report.py diff --git a/BUILD.md b/BUILD.md index 70e235e5b..2a73ce751 100644 --- a/BUILD.md +++ b/BUILD.md @@ -117,7 +117,8 @@ These docker compose files can be further customized to run multiple worker pool 3. When submitting work orders using any of the sample client applications, `--worker_id` argument needs to be mentioned explicitly to choose one of the workers in the system (Note : Each pool represents a single worker). For example: ```bash ./generic_client.py -o --uri "http://avalon-listener:1947" \ - --workload_id "echo-result" --in_data "Hello" --worker_id worker-pool-2 + --workload_id "echo-result" --in_data "Hello" --worker_id worker-pool-2 \ + -avs "http://avalon-avs:6090" ``` # Standalone Build diff --git a/avs/Dockerfile b/avs/Dockerfile new file mode 100644 index 000000000..d0d345bf7 --- /dev/null +++ b/avs/Dockerfile @@ -0,0 +1,220 @@ +# Copyright 2020 Intel Corporation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ------------------------------------------------------------------------------ + +# Description: +# Builds Avalon attestaion verification service +# verification service +# +# Configuration (build) parameters +# - proxy configuration: https_proxy http_proxy ftp_proxy +# +# Build: +# $ docker build docker -f avs/Dockerfile -t avalon-avs-dev +# if behind a proxy, you might want to add also below options +# --build-arg https_proxy=$https_proxy --build-arg http_proxy=$http_proxy --build-arg ftp_proxy=$ftp_proxy + +# -------------=== build avalon attestation verification service image ===------------- +FROM ubuntu:bionic as base_image + +# Ignore timezone prompt in apt +ENV DEBIAN_FRONTEND=noninteractive + +# Add necessary packages +RUN apt-get update \ + && apt-get install -y -q \ + software-properties-common \ + python3-requests \ + python3-colorlog \ + python3-twisted \ + && apt-get clean + +# Make Python3 default +RUN ln -sf /usr/bin/python3 /usr/bin/python + + +# -------------=== python build ===------------- + +#Build python intermediate docker image +FROM ubuntu:bionic as python_image + + +# Add necessary packages +RUN apt-get update \ + && apt-get install -y -q \ + ca-certificates \ + pkg-config \ + python3-pip \ + python3-dev \ + make \ + && apt-get clean + +# Install setuptools packages using pip because +# these are not available in apt repository. +RUN pip3 install setuptools + +# Make Python3 default +RUN ln -sf /usr/bin/python3 /usr/bin/python + +# -------------=== Build openssl_image ===------------- + +#Build openssl intermediate docker image +FROM ubuntu:bionic as openssl_image + +RUN apt-get update \ + && apt-get install -y -q \ + ca-certificates \ + pkg-config \ + make \ + wget \ + tar \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +WORKDIR /tmp + +# Build ("Untrusted") OpenSSL +RUN OPENSSL_VER=1.1.1g \ + && wget https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz \ + && tar -zxf openssl-$OPENSSL_VER.tar.gz \ + && cd openssl-$OPENSSL_VER/ \ + && ./config \ + && THREADS=8 \ + && make -j$THREADS \ + && make test \ + && make install -j$THREADS + + +# -------------=== common/cpp build ===------------- + +#Build common/cpp intermediate docker image +FROM ubuntu:bionic as common_cpp_image + +RUN apt-get update \ + && apt-get install -y -q \ + pkg-config \ + cmake \ + make + + +# Copy openssl build artifacts from openssl_image +COPY --from=openssl_image /usr/local/ssl /usr/local/ssl +COPY --from=openssl_image /usr/local/bin /usr/local/bin +COPY --from=openssl_image /usr/local/include /usr/local/include +COPY --from=openssl_image /usr/local/lib /usr/local/lib + +RUN ldconfig \ + && ln -s /etc/ssl/certs/* /usr/local/ssl/certs/ + +ENV TCF_HOME=/project/avalon + +COPY ./common/cpp /project/avalon/common/cpp + +WORKDIR /project/avalon/common/cpp + +RUN mkdir -p build \ + && cd build \ + && cmake .. -DUNTRUSTED_ONLY=1 \ + && make + + +# -------------=== common/python build ===------------- + +#Build common/python intermediate docker image +FROM python_image as common_python_image + +COPY VERSION /project/avalon/ +COPY ./bin /project/avalon/bin + +ENV TCF_HOME=/project/avalon + +COPY ./common/python /project/avalon/common/python + +WORKDIR /project/avalon/common/python + +RUN echo "Building Avalon Common Python\n" \ + && make + + +# -------------=== common/verify_report_utils build ===------------- + +#Build common/verify_report_utils intermediate docker image +FROM python_image as verify_report_utils + +RUN apt-get update \ + && apt-get install -y -q \ + swig + +# Copy openssl build artifacts from openssl_image +COPY --from=openssl_image /usr/local/ssl /usr/local/ssl +COPY --from=openssl_image /usr/local/bin /usr/local/bin +COPY --from=openssl_image /usr/local/include /usr/local/include +COPY --from=openssl_image /usr/local/lib /usr/local/lib + +RUN ldconfig \ + && ln -s /etc/ssl/certs/* /usr/local/ssl/certs/ + +COPY --from=common_cpp_image /project/avalon/common/cpp/build /project/avalon/common/cpp/build +COPY VERSION /project/avalon/ +COPY ./bin /project/avalon/bin +COPY ./common/cpp /project/avalon/common/cpp + +ENV TCF_HOME=/project/avalon + +COPY ./common/verify_report_utils/ias /project/avalon/common/verify_report_utils/ias + +WORKDIR /project/avalon/common/verify_report_utils/ias + +RUN echo "Building Avalon Verify Report Utils\n" \ + && make + + +# Build image for attestation version service +FROM python_image as build_avs + +#Environment setup +ENV TCF_HOME=/project/avalon + +WORKDIR /project/avalon/ + +COPY ./avs /project/avalon/avs +COPY VERSION /project/avalon/ +COPY ./bin /project/avalon/bin + +WORKDIR /project/avalon/avs + +RUN echo "Building Avalon Attestation Verification service\n" \ + && make + + +# Build Final image and install dependent modules +FROM base_image as final_image + +COPY --from=common_python_image /project/avalon/common/python/dist/*.whl dist/ +COPY --from=verify_report_utils /project/avalon/common/verify_report_utils/ias/dist/*.whl dist/ +COPY --from=build_avs /project/avalon/avs/dist/*.whl dist/ + +# Installing wheel file requires python3-pip package. +# But python3-pip package will increase size of final docker image. +# So remove python3-pip package and dependencies after installing wheel file. +RUN apt-get update \ + && apt-get install -y -q python3-pip \ + && echo "Install Attestation verification service \n" \ + && pip3 install dist/*.whl \ + && pip3 install json-rpc \ + && echo "Remove unused packages from image\n" \ + && apt-get autoremove --purge -y -q python3-pip \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + diff --git a/avs/Makefile b/avs/Makefile new file mode 100644 index 000000000..9a4bf3e10 --- /dev/null +++ b/avs/Makefile @@ -0,0 +1,47 @@ +# Copyright 2020 Intel Corporation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +PY_VERSION=${shell python3 --version | sed 's/Python \(3\.[0-9]\).*/\1/' | cut -b 1} +MOD_VERSION=${shell ../bin/get_version} + +WHEEL_FILE=dist/attestation_verification_service-${MOD_VERSION}-py${PY_VERSION}-none-any.whl + +all : $(WHEEL_FILE) + +$(WHEEL_FILE): build_ext + @echo Build Distribution + python3 setup.py bdist_wheel + +build_ext: + @echo Build build_ext + python3 setup.py build_ext + +build : + mkdir $@ + +install: + @echo INSTALLING WHEEL FILE ================= + pip3 install $(WHEEL_FILE) + +clean: + if pip3 uninstall --yes $(WHEEL_FILE); then \ + echo UNINSTALLED $(WHEEL_FILE); fi + rm -rf build deps dist *.egg-info + find . -iname '*.pyc' -delete + find . -iname '__pycache__' -delete + + +.PHONY : all +.PHONY : clean +.PHONY : install diff --git a/avs/attestation_verification_service/__init__.py b/avs/attestation_verification_service/__init__.py new file mode 100644 index 000000000..f046bc81c --- /dev/null +++ b/avs/attestation_verification_service/__init__.py @@ -0,0 +1,15 @@ +# Copyright 2020 Intel Corporation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +all = [] diff --git a/avs/attestation_verification_service/verification_service.py b/avs/attestation_verification_service/verification_service.py new file mode 100644 index 000000000..2b94427aa --- /dev/null +++ b/avs/attestation_verification_service/verification_service.py @@ -0,0 +1,123 @@ +#!/usr/bin/env python3 + +# Copyright 2020 Intel Corporation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import logging +import json +import sys +import argparse +from listener.base_jrpc_listener import BaseJRPCListener, parse_bind_url +import verify_report.verify_attestation_report as attestation_util +from jsonrpc.exceptions import JSONRPCDispatchException + +logging.basicConfig(format="%(asctime)s - %(levelname)s - %(message)s", + level=logging.INFO) + + +class VerificationService(BaseJRPCListener): + """ + Listener to handle requests from Clients to verify + attestion verification request to verify report/quote + """ + + # The isLeaf instance variable describes whether a resource will have + # children and only leaf resources get rendered. VerificationService + # Listeneris a leaf. + # node in the derivation tree and hence isLeaf is required. + isLeaf = True + + def __init__(self): + """ + Pass through the rpc methods to the + constructor of the BaseJRPCListener. + Parameters : + rpc_methods - An array of RPC methods to which requests will + be dispatched. + """ + self.VERIFICATION_SUCCESS = 0 + self.VERIFICATION_FAILED = 1 + rpc_methods = [ + self.VerifyIASAttestationReport, + self.VerifyDCAPQuote + ] + super().__init__(rpc_methods) + + def VerifyIASAttestationReport(self, **params): + """ + RPC handler method registered with attestation + verification service to verify IAS AVR. + Parameters : + @param params - variable-length argument list + Returns : + @returns response - A jrpc response + """ + try: + input_json_str = params["raw"] + input_value_json = json.loads(input_json_str) + status = attestation_util.verify_ias_attestation_report( + input_value_json["params"]) + if status: + msg = "IAS attestation report verification success" + logging.info(msg) + code = self.VERIFICATION_SUCCESS + else: + msg = "IAS attestation report verification failed" + logging.error(msg) + code = self.VERIFICATION_FAILED + except Exception as ex: + msg = "Verifying attestation report FAILED with " + \ + str(ex) + logging.error(msg) + code = self.VERIFICATION_FAILED + + if code: + raise JSONRPCDispatchException( + code, + msg + ) + else: + return { + "code": code, + "message": msg + } + + def VerifyDCAPQuote(self, **params): + """ + RPC handler method registered with attestation + verification service to verify DCAP quote. + Parameters : + @param params - variable-length argument list + Returns : + @returns response - A jrpc response + """ + #TODO: To be implemented + return None + + +def main(args=None): + parser = argparse.ArgumentParser() + parser.add_argument( '-b', + '--bind', help='URI to listen for requests ', type=str) + options = parser.parse_args(args) + if options.bind: + host_name, port = parse_bind_url(options.bind) + else: + logging.error("Missing bind parameter!") + sys.exit(-1) + listener = VerificationService() + listener.start(host_name, port) + logging.info("Started attestation verification service listener") + +main() diff --git a/avs/setup.py b/avs/setup.py new file mode 100644 index 000000000..ba212128b --- /dev/null +++ b/avs/setup.py @@ -0,0 +1,48 @@ +#!/usr/bin/env python + +# Copyright 2018-2020 Intel Corporation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import os +import sys +import subprocess + +# This should only be run with python3 +import sys +if sys.version_info[0] < 3: + print('ERROR: must run with python3') + sys.exit(1) + +from setuptools import setup, find_packages + +tcf_root_dir = os.environ.get('TCF_HOME', '../') +version = subprocess.check_output( + os.path.join(tcf_root_dir, 'bin/get_version')).decode('ascii').strip() + +setup(name='attestation_verification_service', + version = version, + description = 'Avalon SGX Attestation Verification service', + author = 'Hyperledger Avalon', + url = 'https://github.com/hyperledger/avalon', + packages = find_packages(), + install_requires = [ + 'requests' + ], + ext_modules = [], + data_files = [], + entry_points = { + 'console_scripts': + ['attestation_verification_service = attestation_verification_service.verification_service:main'] + } +) diff --git a/ci/docker-compose-direct-model.yaml b/ci/docker-compose-direct-model.yaml index 98fdd89e4..ebe1e15a7 100644 --- a/ci/docker-compose-direct-model.yaml +++ b/ci/docker-compose-direct-model.yaml @@ -28,10 +28,11 @@ services: - DISTRO=$DISTRO working_dir: "/project/avalon/" entrypoint: "bash -c \"\ - ./tools/run_tests.sh -l avalon-listener \"" + ./tools/run_tests.sh -l avalon-listener -a avalon-avs \"" depends_on: - avalon-enclave-manager - avalon-listener + - avalon-avs avalon-enclave-manager: image: avalon-enclave-manager:${ISOLATION_ID} @@ -95,3 +96,20 @@ services: depends_on: - avalon-lmdb + avalon-avs: + image: avalon-avs:${ISOLATION_ID} + build: + context: .. + dockerfile: ./avs/Dockerfile + args: + - http_proxy + - https_proxy + - no_proxy + expose: + - 6090 + command: | + bash -c " + attestation_verification_service --bind http://avalon-avs:6090 + tail -f /dev/null + " + diff --git a/common/crypto_utils/avalon_crypto_utils/verify_attestation_report.py b/common/crypto_utils/avalon_crypto_utils/verify_attestation_report.py new file mode 100644 index 000000000..0ec23bcdb --- /dev/null +++ b/common/crypto_utils/avalon_crypto_utils/verify_attestation_report.py @@ -0,0 +1,54 @@ +# Copyright 2020 Intel Corporation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import json +import uuid +import logging +from http_client.http_jrpc_client import HttpJrpcClient +logger = logging.getLogger(__name__) + + +def verify_attestation_report(enclave_info, uri): + ''' + Function to verify quote status, signature of IAS attestation report + @params enclave_info - dict containing attestation report + @params uri is end point of avalon attestation service + ''' + + uri_client = HttpJrpcClient(uri) + # uuid4 generates random uuid and fetching + # field time_hi_version which is 16bits length + verify_report_req = { + "jsonrpc": "2.0", + "id": uuid.uuid4().fields[2], + "params": enclave_info, + "method": "VerifyIASAttestationReport" + } + json_request_str = json.dumps(verify_report_req) + try: + response = uri_client._postmsg(json_request_str) + except Exception as err: + logger.error( + "Exception occurred in communication with Attestation Service") + raise err + logger.info("Response from Attestation service %s", response) + + if "result" in response: + # Response has jrpc code is 0 on success and 1 on failure + if response["result"]["code"]: + return False + else: + return True + else: + return False diff --git a/common/crypto_utils/tests/run_test.sh b/common/crypto_utils/tests/run_test.sh index cd468b1d2..62757f270 100755 --- a/common/crypto_utils/tests/run_test.sh +++ b/common/crypto_utils/tests/run_test.sh @@ -64,7 +64,7 @@ elif [ $1 == "clean" ]; then cd $TCF_HOME//common/crypto_utils make clean - cd $TCF_HOME/common/verify_report_utils/ + cd $TCF_HOME/common/verify_report_utils/ias make clean cd $TCF_HOME/sdk diff --git a/common/verify_report_utils/ias/verify_report/verify_attestation_report.py b/common/verify_report_utils/ias/verify_report/verify_attestation_report.py index a9f4fba36..b967c5759 100644 --- a/common/verify_report_utils/ias/verify_report/verify_attestation_report.py +++ b/common/verify_report_utils/ias/verify_report/verify_attestation_report.py @@ -20,7 +20,7 @@ logger = logging.getLogger(__name__) -def verify_attestation_report(enclave_info): +def verify_ias_attestation_report(enclave_info): ''' Function to verify quote status, signature of IAS attestation report ''' diff --git a/docker-compose.yaml b/docker-compose.yaml index 6fb249512..86f36c48c 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -44,6 +44,7 @@ services: depends_on: - avalon-enclave-manager - avalon-listener + - avalon-avs avalon-enclave-manager: container_name: avalon-enclave-manager @@ -130,3 +131,26 @@ services: " depends_on: - avalon-lmdb + + avalon-avs: + container_name: avalon-avs + image: avalon-avs-dev + build: + context: . + dockerfile: ./avs/Dockerfile + args: + - http_proxy + - https_proxy + - no_proxy + environment: + - http_proxy + - https_proxy + - no_proxy + expose: + - 6090 + command: | + bash -c " + attestation_verification_service --bind http://avalon-avs:6090 + tail -f /dev/null + " + diff --git a/docker/Dockerfile b/docker/Dockerfile index 001489b61..9ddddef1b 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -65,78 +65,6 @@ RUN packages="ca-certificates pkg-config python3-pip make" \ fi; \ /project/avalon/scripts/install_packages -c install -q "$packages" -p "$pip_packages" -# -------------=== Build openssl_image ===------------- - -FROM $IMAGE as openssl_image -ARG DISTRO - -COPY ./scripts/install_packages /project/avalon/scripts/ - -RUN packages="ca-certificates pkg-config make wget tar"; \ - if [ "$DISTRO" = "centos" ] ; then \ - packages="$packages perl gcc"; \ - fi; \ - /project/avalon/scripts/install_packages -c install -q "$packages" - -WORKDIR /tmp - -# Build ("Untrusted") OpenSSL -RUN OPENSSL_VER=1.1.1g \ - && wget https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz \ - && tar -zxf openssl-$OPENSSL_VER.tar.gz \ - && cd openssl-$OPENSSL_VER/ \ - && ./config \ - && THREADS=8 \ - && make -j$THREADS \ - && make test \ - && make install -j$THREADS - -# Created an empty /usr/local/lib64 dir for bionic, because in case of centos -# we need to COPY /usr/local/lib64 for openssl artifacts which will fail for bionic -# as bionic doesn't have this directory. -RUN if [ "$DISTRO" = "bionic" ] ; then \ - mkdir /usr/local/lib64; \ - fi - -# -------------=== common/cpp build ===------------- - -#Build common/cpp intermediate docker image -FROM $IMAGE as common_cpp_image -ARG DISTRO -COPY ./scripts/install_packages /project/avalon/scripts/ - -RUN packages="pkg-config make cmake "; \ - if [ "$DISTRO" = "centos" ] ; then \ - packages="$packages gcc gcc-c++"; \ - fi; \ - /project/avalon/scripts/install_packages -c install -q "$packages" - -# Copy openssl build artifacts from openssl_image -COPY --from=openssl_image /usr/local/ssl /usr/local/ssl -COPY --from=openssl_image /usr/local/bin /usr/local/bin -COPY --from=openssl_image /usr/local/include /usr/local/include -COPY --from=openssl_image /usr/local/lib /usr/local/lib -# In case of openssl, artifacts are installed at /usr/local/lib64 -COPY --from=openssl_image /usr/local/lib64 /usr/local/lib64 - -RUN ldconfig \ - && ln -s /etc/ssl/certs/* /usr/local/ssl/certs/ - -ENV TCF_HOME=/project/avalon - -# For centos, /usr/local/lib64/pkgconfig/ path be included in PKG_CONFIG_PATH -ENV PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/usr/local/lib64/pkgconfig/ - -COPY ./common/cpp /project/avalon/common/cpp - -WORKDIR /project/avalon/common/cpp - -RUN mkdir -p build \ - && cd build \ - && cmake .. -DUNTRUSTED_ONLY=1 \ - && make - - # -------------=== common/python build ===------------- #Build common/python intermediate docker image @@ -168,18 +96,6 @@ RUN packages="swig"; \ fi; \ /project/avalon/scripts/install_packages -c install -q "$packages" -# Copy openssl build artifacts from openssl_image -COPY --from=openssl_image /usr/local/ssl /usr/local/ssl -COPY --from=openssl_image /usr/local/bin /usr/local/bin -COPY --from=openssl_image /usr/local/include /usr/local/include -COPY --from=openssl_image /usr/local/lib /usr/local/lib -# In case of openssl, artifacts are installed at /usr/local/lib64 -COPY --from=openssl_image /usr/local/lib64 /usr/local/lib64 - -RUN ldconfig \ - && ln -s /etc/ssl/certs/* /usr/local/ssl/certs/ - -COPY --from=common_cpp_image /project/avalon/common/cpp/build /project/avalon/common/cpp/build COPY VERSION /project/avalon/ COPY ./bin /project/avalon/bin COPY ./common/cpp /project/avalon/common/cpp @@ -196,13 +112,6 @@ WORKDIR /project/avalon/common/crypto_utils RUN echo "Building Avalon Common Crypto Python\n" \ && make -COPY ./common/verify_report_utils/ias /project/avalon/common/verify_report_utils/ias - -WORKDIR /project/avalon/common/verify_report_utils/ias - -RUN echo "Building Avalon Verify IAS Report Utils\n" \ - && make - # -------------=== Avalon SDK build ===------------- #Build Avalon SDK intermediate docker image @@ -276,7 +185,6 @@ COPY ./sdk/avalon_sdk/connector/blockchains/ethereum/contracts /project/avalon/s # Copy Python build artifacts COPY --from=common_python_image /project/avalon/common/python/dist/*.whl dist/ COPY --from=common_crypto_utils_image /project/avalon/common/crypto_utils/dist/*.whl dist/ -COPY --from=common_crypto_utils_image /project/avalon/common/verify_report_utils/ias/dist/*.whl dist/ COPY --from=avalon_sdk_image /project/avalon/sdk/dist/*.whl dist/ # Installing wheel file requires python3-pip package. diff --git a/docker/k8s/fabric/README.md b/docker/k8s/fabric/README.md index d86a466dd..736f23cd8 100644 --- a/docker/k8s/fabric/README.md +++ b/docker/k8s/fabric/README.md @@ -62,7 +62,7 @@ This serves as a playground to setup k8s cluster for Avalon Fabric proxy model. ```bash cd examples/apps/generic_client ./generic_client.py -b fabric --workload_id "echo-result" --in_data "Hello" \ - --worker_id "singleton-worker-1" + --worker_id "singleton-worker-1" -avs "http://avalon-avs:6090" ``` NOTE: `worker_id` should match with worker id of singleton enclave manager. diff --git a/docker/lb/README.md b/docker/lb/README.md index 97f106623..7016cee57 100644 --- a/docker/lb/README.md +++ b/docker/lb/README.md @@ -24,7 +24,8 @@ coming from clients to one of the many avalon-listeners running in backend. # run the transaction cd examples/apps/generic_client - ./generic_client.py --uri "http://avalon-lb-nginx:9947" --workload_id "echo-result" --in_data "Hello" --worker_id "singleton-worker-1" + ./generic_client.py --uri "http://avalon-lb-nginx:9947" --workload_id "echo-result" --in_data "Hello" --worker_id "singleton-worker-1" \ + -avs "http://avalon-avs:6090" ``` @@ -54,5 +55,6 @@ coming from clients to one of the many avalon-listeners running in backend. # run the transaction cd examples/apps/generic_client - ./generic_client.py --uri "http://avalon-lb-haproxy:9947" --workload_id "echo-result" --in_data "Hello" --worker_id "singleton-worker-1" + ./generic_client.py --uri "http://avalon-lb-haproxy:9947" --workload_id "echo-result" --in_data "Hello" --worker_id "singleton-worker-1" \ + -avs "http://avalon-avs:6090" ``` diff --git a/docs/TestingBesuProxyModel.rst b/docs/TestingBesuProxyModel.rst index 41d00469d..48f188237 100644 --- a/docs/TestingBesuProxyModel.rst +++ b/docs/TestingBesuProxyModel.rst @@ -110,7 +110,7 @@ To run Besu with Hyperledger Avalon, follow these steps: docker exec -it avalon-shell bash cd examples/apps/generic_client/ ./generic_client.py -b ethereum --workload_id "echo-result" -o --in_data "Hello" \ - --worker_id "singleton-worker-1" + --worker_id "singleton-worker-1" -avs "http://avalon-avs:6090" NOTE: ``worker_id`` should match with worker id of singleton enclave manager or target worker pool. This ``worker_id`` can either be the command line argument passed in to the enclave manager (Singleton or KME) diff --git a/docs/TestingFabricProxyModel.rst b/docs/TestingFabricProxyModel.rst index 7b189af4e..50bed5513 100644 --- a/docs/TestingFabricProxyModel.rst +++ b/docs/TestingFabricProxyModel.rst @@ -81,7 +81,7 @@ follow these steps: docker exec -it avalon-shell bash cd examples/apps/generic_client/ ./generic_client.py -b fabric --workload_id "echo-result" --in_data "Hello" -o \ - --worker_id "singleton-worker-1" + --worker_id "singleton-worker-1" -avs "http://avalon-avs:6090" NOTE: ``worker_id`` should match with worker id of singleton enclave manager or target worker pool. This ``worker_id`` can either be the command line argument passed in to the enclave manager (Singleton or KME) @@ -146,7 +146,7 @@ requires below changes. docker exec -it avalon-shell bash cd examples/apps/generic_client/ ./generic_client.py -b fabric --workload_id "echo-result" --in_data "Hello" -o \ - --worker_id "singleton-worker-1" + --worker_id "singleton-worker-1" -avs "http://avalon-avs:6090" Troubleshooting diff --git a/docs/TestingGanacheProxyModel.rst b/docs/TestingGanacheProxyModel.rst index d45ccba18..570e84a1c 100644 --- a/docs/TestingGanacheProxyModel.rst +++ b/docs/TestingGanacheProxyModel.rst @@ -111,7 +111,7 @@ To run Ganache with Hyperledger Avalon, follow these steps: docker exec -it avalon-shell bash cd examples/apps/generic_client/ ./generic_client.py -b ethereum --workload_id "echo-result" -o --in_data "Hello" \ - --worker_id "singleton-worker-1" + --worker_id "singleton-worker-1" -avs "http://avalon-avs:6090" NOTE: ``worker_id`` should match with worker id of singleton enclave manager or target worker pool. This ``worker_id`` can either be the command line argument passed in to the enclave manager (Singleton or KME) diff --git a/docs/graphene-workload-tutorial/README.md b/docs/graphene-workload-tutorial/README.md index 7353d9bd9..4996d606e 100644 --- a/docs/graphene-workload-tutorial/README.md +++ b/docs/graphene-workload-tutorial/README.md @@ -39,7 +39,7 @@ docker-compose -f docker-compose.yaml -f docker/compose/avalon-graphene.yaml up You could then test it by getting into the `avalon-shell` container and invoking the generic client. For example, run the generic client from `/project/avalon/examples/app/generic_client` as - ``` ./generic_client.py --uri "http://avalon-listener:1947" -w "graphene-worker-1" --workload_id \ -"python-palindrome" --in_data "God save Eva s dog" -o +"python-palindrome" --in_data "God save Eva s dog" -o -avs "http://avalon-avs:6090" ``` ### Running with Graphene SGX diff --git a/docs/workload-tutorial/README.md b/docs/workload-tutorial/README.md index 235dae2c2..8d645a44a 100644 --- a/docs/workload-tutorial/README.md +++ b/docs/workload-tutorial/README.md @@ -208,7 +208,7 @@ will be created next in [Phase 2](#phase2). ```bash examples/apps/generic_client/generic_client.py -o \ --workload_id "hello-world" --in_data "Dan" \ - --worker_id "kme-worker-1" + --worker_id "kme-worker-1" -avs "http://localhost:6090" ``` @@ -220,7 +220,7 @@ will be created next in [Phase 2](#phase2). examples/apps/generic_client/generic_client.py -o \ --uri "http://avalon-listener:1947" \ --workload_id "hello-world" --in_data "Dan" \ - --worker_id "kme-worker-1" + --worker_id "kme-worker-1" -avs "http://avalon-avs:6090" ``` @@ -307,7 +307,7 @@ In this example we name the worker-specific function `ProcessHelloWorld()`. ```bash examples/apps/generic_client/generic_client.py -o \ --workload_id "hello-world" --in_data "Jane" "Dan" \ - --worker_id "kme-worker-1" + --worker_id "kme-worker-1" -avs "http://localhost:6090" ``` If you are running Docker, run the utility from a Docker shell @@ -318,7 +318,7 @@ In this example we name the worker-specific function `ProcessHelloWorld()`. examples/apps/generic_client/generic_client.py -o \ --uri "http://avalon-listener:1947" \ --workload_id "hello-world" --in_data "Jane" "Dan" \ - --worker_id "kme-worker-1" + --worker_id "kme-worker-1" -avs "http://avalon-avs:6090" ``` * The Hello World worker should return a string @@ -494,7 +494,7 @@ to ```bash examples/apps/generic_client/generic_client.py -o \ --workload_id "hello-world" --in_data "jack" \ - --worker_id "kme-worker-1" + --worker_id "kme-worker-1" -avs "http:localhostt:6090" ``` If you are running Docker, run the utility from the Docker shell @@ -505,7 +505,7 @@ to examples/apps/generic_client/generic_client.py -o \ --uri "http://avalon-listener:1947" \ --workload_id "hello-world" --in_data "jack" \ - --worker_id "kme-worker-1" + --worker_id "kme-worker-1" -avs "http://avalon-avs:6090" ``` * The Hello World worker should return the string @@ -551,7 +551,7 @@ to examples/apps/generic_client/generic_client.py -o \ --workload_id "hello-world" --in_data \ "jack:8342EFBE7C379231A4E03C80E5BA1AC9E8ACBC5338976CE6146431D8CBF2318D" \ - --worker_id "kme-worker-1" + --worker_id "kme-worker-1" -avs "http://localhost:6090" ``` For Docker: ```bash @@ -560,7 +560,7 @@ to --uri "http://avalon-listener:1947" \ --workload_id "hello-world" --in_data \ "jack:8342EFBE7C379231A4E03C80E5BA1AC9E8ACBC5338976CE6146431D8CBF2318D" \ - --worker_id "kme-worker-1" + --worker_id "kme-worker-1" -avs "http://avalon-avs:6090" ``` * The Hello World worker should return the string `Hello , your result is ` diff --git a/examples/apps/generic_client/README.md b/examples/apps/generic_client/README.md index 1cff35f1f..b4c98cc46 100644 --- a/examples/apps/generic_client/README.md +++ b/examples/apps/generic_client/README.md @@ -93,7 +93,8 @@ worker requests on the command line. ### Echo workload using a URI ```bash ./generic_client.py -o --uri "http://localhost:1947" \ - --workload_id "echo-result" --in_data "Hello" --worker_id "singleton-worker-1" + --workload_id "echo-result" --in_data "Hello" --worker_id "singleton-worker-1" \ + -avs "http://localhost:6090" ``` NOTE: `worker_id` should match with worker id of singleton enclave manager. @@ -104,13 +105,14 @@ in the absence of command line argument, worker_id in Add or change the `--uri` parameter if using Docker: ```bash ./generic_client.py -o --uri "http://avalon-listener:1947" \ - --workload_id "echo-result" --in_data "Hello" --worker_id "singleton-worker-1" + --workload_id "echo-result" --in_data "Hello" --worker_id "singleton-worker-1" \ + -avs "http://avalon-avs:6090" ``` Or omit the URI if you use the default URI (standalone mode) : ```bash ./generic_client.py -o --workload_id "echo-result" --in_data "Hello" \ - --worker_id "singleton-worker-1" + --worker_id "singleton-worker-1" -avs "http://localhost:6090" ``` ### Heart disease eval workload using a URI @@ -119,7 +121,7 @@ Standalone mode (no Docker): ./generic_client.py -o --uri "http://localhost:1947" \ --workload_id "heart-disease-eval" \ --in_data "Data: 25 10 1 67 102 125 1 95 5 10 1 11 36 1" \ - --worker_id "singleton-worker-1" + --worker_id "singleton-worker-1" -avs "http://localhost:6090" ``` With Docker: @@ -127,7 +129,7 @@ With Docker: ./generic_client.py -o --uri "http://avalon-listener:1947" \ --workload_id "heart-disease-eval" \ --in_data "Data: 25 10 1 67 102 125 1 95 5 10 1 11 36 1" \ - --worker_id "singleton-worker-1" + --worker_id "singleton-worker-1" -avs "http://avalon-attestation-service:6090" ``` ### Echo workload using registry listing smart contract address @@ -135,13 +137,13 @@ With Docker: ./generic_client.py -o \ --address "0x9Be28B132aeE1b2c5A1C50529a636cEd807842cd" --mode "listing" \ --workload_id "echo-result" --in_data "Hello" \ - --worker_id "singleton-worker-1" + --worker_id "singleton-worker-1" -avs "http://localhost:6090" ``` ### Echo workload with input data as unencrypted plain text ```bash ./generic_client.py -o --uri "http://localhost:1947" \ --workload_id "echo-result" --in_data "Hello" -p \ - --worker_id "singleton-worker-1" + --worker_id "singleton-worker-1" -avs "http://localhost:6090" ``` diff --git a/examples/apps/generic_client/base_generic_client.py b/examples/apps/generic_client/base_generic_client.py index 7529cf6c5..4a8d9b91e 100644 --- a/examples/apps/generic_client/base_generic_client.py +++ b/examples/apps/generic_client/base_generic_client.py @@ -18,7 +18,7 @@ from avalon_sdk.work_order.work_order_params import WorkOrderParams import avalon_crypto_utils.worker_encryption as worker_encryption import avalon_crypto_utils.worker_signing as worker_signing -import verify_report.verify_attestation_report as attestation_util +import avalon_crypto_utils.verify_attestation_report as attestation_util from error_code.error_status import SignatureStatus logging.basicConfig( @@ -41,10 +41,14 @@ def __init__(self): self.encrypt = worker_encryption.WorkerEncrypt() self.signer = worker_signing.WorkerSign() - def do_worker_verification(self, worker_obj): + def do_worker_verification(self, worker_obj, uri): """ Do worker verification on proof data if it exists Proof data exists in SGX hardware mode. + @params worker_obj worker object with attestation report + @params uri end point of avalon attestation verification service + @returns True on verification success + False on verification failed """ encryption_key_signature = worker_obj.encryption_key_signature if encryption_key_signature is not None: @@ -76,7 +80,7 @@ def do_worker_verification(self, worker_obj): logging.info("Perform verification of attestation report") verify_report_status = attestation_util.verify_attestation_report( - enclave_info) + enclave_info, uri) if verify_report_status is False: logging.error("Verification of enclave sign-up info failed") return False diff --git a/examples/apps/generic_client/generic_client.py b/examples/apps/generic_client/generic_client.py index 06aa7b2ae..c770a48be 100755 --- a/examples/apps/generic_client/generic_client.py +++ b/examples/apps/generic_client/generic_client.py @@ -110,6 +110,9 @@ def __init__(self, args): # requester signature for work order requests self._requester_signature = options.requester_signature + # Avalon attestation verification service uri + self._avs_uri = options.attestation_verification_service + logging.info("******* Hyperledger Avalon Generic client *******") # mode should be one of listing or registry (default) @@ -182,6 +185,10 @@ def _parse_command_line(self, args): "-rs", "--requester_signature", help="Enable requester signature for work order requests", action="store_true") + parser.add_argument( + "-avs", "--attestation_verification_service", + help="Uri of avalon attestation verification service", + type=str) options = parser.parse_args(args) return options @@ -238,6 +245,9 @@ def uri(self): def mode(self): return self._mode + def avs(self): + return self._avs_uri + def Main(args=None): parser = GenericClient(args) @@ -280,7 +290,10 @@ def Main(args=None): session_iv = encrypt.generate_iv() # Do worker verification - generic_client_obj.do_worker_verification(worker_obj) + if generic_client_obj.do_worker_verification( + worker_obj, parser.avs()) is False: + logging.error("Worker verification failed\n") + sys.exit(-1) logging.info("**********Worker details Updated with Worker ID" + "*********\n%s\n", worker_id) diff --git a/examples/apps/heart_disease_eval/README.md b/examples/apps/heart_disease_eval/README.md index 0789fe415..dff309ef0 100644 --- a/examples/apps/heart_disease_eval/README.md +++ b/examples/apps/heart_disease_eval/README.md @@ -46,14 +46,14 @@ requests on the command line. 5. If you are running with Docker, then run this in Terminal 2: ``` bash ./generic_client.py --workload_id "heart-disease-eval" \ - --in_data "Data: 25 10 1 67 102 125 1 95 5 10 1 11 36 1" -o + --in_data "Data: 25 10 1 67 102 125 1 95 5 10 1 11 36 1" -o -avs "http://avalon-avs:6090" ``` If you are running standalone, then run this in Terminal 2: ``` bash ./generic_client.py --workload_id "heart-disease-eval" \ --uri "http://localhost:1947/" \ - --in_data "Data: 25 10 1 67 102 125 1 95 5 10 1 11 36 1" -o + --in_data "Data: 25 10 1 67 102 125 1 95 5 10 1 11 36 1" -o -avs "http://localhost:6090" ``` 6. The data will be submitted to the worker and the results will appear diff --git a/sdk/TestingContracts.md b/sdk/TestingContracts.md index 8d4fa0516..23944a2fe 100644 --- a/sdk/TestingContracts.md +++ b/sdk/TestingContracts.md @@ -85,5 +85,5 @@ ```bash cd $TCF_HOME/examples/apps/generic_client/ ./generic_client.py -o --uri "http://localhost:1947" \ - --workload_id "echo-result" --in_data "Hello" --worker_id "singleton-worker-1" + --workload_id "echo-result" --in_data "Hello" --worker_id "singleton-worker-1" -avs "http://localhost:6090" ``` diff --git a/tests/Demo.py b/tests/Demo.py index 2bd2bb90c..1fa62b56c 100644 --- a/tests/Demo.py +++ b/tests/Demo.py @@ -27,6 +27,7 @@ import avalon_crypto_utils.worker_signing as worker_signing import avalon_crypto_utils.worker_hash as worker_hash import avalon_crypto_utils.crypto_utility as crypto_utility +import avalon_crypto_utils.verify_attestation_report as attestation_util import avalon_sdk.worker.worker_details as worker import utility.file_utils as futils @@ -165,6 +166,24 @@ def local_main(config): # Worker details are loaded into Worker_Obj if "WorkerRetrieve" in input_json_str and "result" in response: worker_obj.load_worker(response["result"]["details"]) + if not worker_obj.proof_data: + LOGGER.info("Proof data is empty. " + + "Skipping verification of attestation report") + else: + # Construct enclave sign-up info json + enclave_info = { + 'verifying_key': worker_obj.verification_key, + 'encryption_key': worker_obj.encryption_key, + 'proof_data': worker_obj.proof_data, + 'enclave_persistent_id': '' + } + + if attestation_util.verify_attestation_report( + enclave_info, avs_uri): + LOGGER.info("Worker verification success") + else: + LOGGER.error("Worker verification failed") + exit(1) # ----------------------------------------------------------------- # Poll for "WorkOrderGetResult" and break when you get the result @@ -225,6 +244,7 @@ def parse_command_line(config, args): global encrypted_session_key global session_iv global requester_nonce + global avs_uri parser = argparse.ArgumentParser() parser.add_argument("--logfile", help="Name of the log file. " + @@ -239,6 +259,8 @@ def parse_command_line(config, args): default=[]) parser.add_argument("-c", "--connect_uri", help="URI to send requests to", type=str, default=[]) + parser.add_argument("-a", "--avs_uri", + help="URI to send requests to", type=str, default=[]) parser.add_argument( "output_file", help="JSON output file name", @@ -266,6 +288,13 @@ def parse_command_line(config, args): else: LOGGER.error("ERROR: Please enter the server URI") + if options.avs_uri: + avs_uri = options.avs_uri + else: + LOGGER.error("ERROR: Please enter the " + "attestation verification service URI") + exit(1) + if options.input_dir: LOGGER.info("Load Json Directory from %s", options.input_dir) input_json_dir = options.input_dir diff --git a/tests/test_ias_attestation.py b/tests/test_ias_attestation.py index a210c7f41..b6fd50685 100755 --- a/tests/test_ias_attestation.py +++ b/tests/test_ias_attestation.py @@ -29,7 +29,7 @@ import avalon_sdk.worker.worker_details as worker from avalon_sdk.work_order.work_order_params import WorkOrderParams from avalon_sdk.connector.direct.avalon_direct_client import AvalonDirectClient -import verify_report.verify_attestation_report as attestation_util +import avalon_crypto_utils.verify_attestation_report as attestation_util from error_code.error_status import WorkOrderStatus # Remove duplicate loggers diff --git a/tools/clean.sh b/tools/clean.sh index 6cad95b5f..27633ff81 100755 --- a/tools/clean.sh +++ b/tools/clean.sh @@ -78,7 +78,7 @@ cd $SRCDIR/common/crypto_utils make clean # --------------- VERIFY REPORT UTILS --------------- -cd $SRCDIR/common/verify_report_utils/ +cd $SRCDIR/common/verify_report_utils/ias make clean # --------------- SDK --------------- diff --git a/tools/rebuild.sh b/tools/rebuild.sh index cff2ac790..4fc3ed52e 100755 --- a/tools/rebuild.sh +++ b/tools/rebuild.sh @@ -214,7 +214,7 @@ try make "-j$NUM_CORES" try make install yell --------------- COMMON VERIFY REPORT UTILS PYTHON --------------- -cd $TCF_HOME/common/verify_report_utils/ || error_exit "Failed to change to the directory" +cd $TCF_HOME/common/verify_report_utils/ias || error_exit "Failed to change to the directory" try make "-j$NUM_CORES" try make install diff --git a/tools/run_proxy_model_tests.sh b/tools/run_proxy_model_tests.sh index 794b4f862..015935b96 100755 --- a/tools/run_proxy_model_tests.sh +++ b/tools/run_proxy_model_tests.sh @@ -43,14 +43,15 @@ yell "Start testing fabric generic client for echo result workload ............. yell "#------------------------------------------------------------------------------------------------" try $generic_client_path/generic_client.py --blockchain fabric \ --workload_id "echo-result" \ - --in_data "Hello Fabric proxy model" -o --worker_id $WORKER_ID + --in_data "Hello Fabric proxy model" -o --worker_id $WORKER_ID \ + -avs "http://avalon-avs:6090" yell "Start testing fabric generic client for heart disease eval workload ................" yell "#------------------------------------------------------------------------------------------------" try $generic_client_path/generic_client.py --blockchain fabric \ --workload_id "heart-disease-eval" \ --in_data "Data: 25 10 1 67 102 125 1 95 5 10 1 11 36 1" -o \ - --worker_id $WORKER_ID + --worker_id $WORKER_ID -avs "http://avalon-avs:6090" yell "#------------------------------------------------------------------------------------------------" yell "#------------------------------------------------------------------------------------------------" diff --git a/tools/run_tests.sh b/tools/run_tests.sh index 783f1642d..d49b2a7fe 100755 --- a/tools/run_tests.sh +++ b/tools/run_tests.sh @@ -27,28 +27,36 @@ generic_client_path="${TCF_HOME}/examples/apps/generic_client" # Read Listener port from config file listener_port=`grep listener_port ${TCF_HOME}/config/tcs_config.toml | awk {'print $3'}` LISTENER_URL="localhost" +ATTESTATION_VERIFICATION_SERVICE="localhost" # worker id should match with worker id of singleton enclave manager WORKER_ID="singleton-worker-1" -while getopts "l:lh" OPTCHAR ; do - case $OPTCHAR in - l ) - LISTENER_URL=$OPTARG +while getopts ":l:a:h" OPTCHAR ; do + echo "Processing $OPTCHAR : OPTIND is $OPTIND" + case "$OPTCHAR" in + l) + LISTENER_URL="$OPTARG" ;; - \?|h ) + a) + ATTESTATION_VERIFICATION_SERVICE="$OPTARG" + ;; + \?|h) BN=$(basename $0) echo "$BN: Run tests for Hyperledger Avalon" 1>&2 - echo "Usage: $BN [-l|-h|-?]" 1>&2 + echo "Usage: $BN [-l|-a|-h|-?]" 1>&2 echo "Where:" 1>&2 echo " -l specify the Listener service name" 1>&2 + echo " -a specify the attestation verification service name" 1>&2 echo " -? or -h print usage information" 1>&2 echo "Examples:" 1>&2 - echo " $BN -l avalon-listener" 1>&2 + echo " $BN -l avalon-listener -a avalon-avs" 1>&2 exit 2 ;; esac done -shift `expr $OPTIND - 1` +echo "Out of the getopts loop. OPTIND is now $OPTIND" +echo "LISTENER_URL $LISTENER_URL" +shift $OPTIND-1 yell() { echo "$0: $*" >&2; @@ -90,7 +98,8 @@ do try python3 ${TCF_HOME}/tests/Demo.py \ --logfile __screen__ --loglevel warn \ --input_dir ${TCF_HOME}/tests/$folder/ \ - --connect_uri "http://$LISTENER_URL:$listener_port" work_orders/output.json > /dev/null + --connect_uri "http://$LISTENER_URL:$listener_port" \ + --avs_uri "http://$ATTESTATION_VERIFICATION_SERVICE:6090" work_orders/output.json > /dev/null yell "#------------------------------------------------------------------------------------------------" yell "#------------------------------------------------------------------------------------------------" @@ -99,18 +108,20 @@ done yell "Start testing generic client for echo workload ................" yell "#------------------------------------------------------------------------------------------------" try $generic_client_path/generic_client.py --uri "http://$LISTENER_URL:1947" \ - --workload_id "echo-result" --in_data "Hello" --worker_id $WORKER_ID + --workload_id "echo-result" --in_data "Hello" --worker_id $WORKER_ID \ + -avs "http://$ATTESTATION_VERIFICATION_SERVICE:6090" yell "Start testing generic client for heart disease eval workload ................" yell "#------------------------------------------------------------------------------------------------" try $generic_client_path/generic_client.py --uri "http://$LISTENER_URL:1947" \ --workload_id "heart-disease-eval" \ - --in_data "Data: 25 10 1 67 102 125 1 95 5 10 1 11 36 1" --worker_id $WORKER_ID - + --in_data "Data: 25 10 1 67 102 125 1 95 5 10 1 11 36 1" --worker_id $WORKER_ID \ + -avs "http://$ATTESTATION_VERIFICATION_SERVICE:6090" yell "Start testing generic client with input data as plain text................" yell "#------------------------------------------------------------------------------------------------" try $generic_client_path/generic_client.py --uri "http://$LISTENER_URL:1947" \ - --workload_id "echo-result" --in_data "Hello" -p --worker_id $WORKER_ID + --workload_id "echo-result" --in_data "Hello" -p --worker_id $WORKER_ID \ + -avs "http://$ATTESTATION_VERIFICATION_SERVICE:6090" yell "#------------------------------------------------------------------------------------------------" yell "#------------------------------------------------------------------------------------------------"