types: remove sgx feature

Signed-off-by: Jun Kimura <jun.kimura@datachain.jp>

enclave-modules/ecall-handler/src/enclave_manage/attestation.rs

@@ -6,7 +6,6 @@ use ecall_commands::{CommandContext, IASRemoteAttestationInput, IASRemoteAttesta
 use enclave_remote_attestation::{
     attestation::create_attestation_report, report::validate_quote_status,
 };
-use lcp_types::Time;
 use sgx_types::{sgx_quote_sign_type_t, sgx_spid_t};
 
 pub(crate) fn ias_remote_attestation(
@@ -24,10 +23,10 @@ pub(crate) fn ias_remote_attestation(
             spid,
             &input.ias_key,
         )?;
-        verify_report(&report, Time::now())?;
+        verify_report(cctx.current_timestamp, &report)?;
         report
     };
-    validate_quote_status(&report.get_avr()?)?;
+    validate_quote_status(cctx.current_timestamp, &report.get_avr()?)?;
     Ok(IASRemoteAttestationResult { report })
 }
 
@@ -45,7 +44,7 @@ pub(crate) fn simulate_remote_attestation(
         input.advisory_ids,
         input.isv_enclave_quote_status,
     )?;
-    validate_quote_status(&avr)?;
+    validate_quote_status(cctx.current_timestamp, &avr)?;
     Ok(ecall_commands::SimulateRemoteAttestationResult { avr })
 }
 

enclave-modules/remote-attestation/Cargo.toml

@@ -22,7 +22,7 @@ rustls = { git = "https://github.com/mesalock-linux/rustls", branch = "mesalock_
 
 host-api = { path = "../host-api" }
 
-lcp-types = { path = "../../modules/types", default-features = false, features = ["sgx"] }
+lcp-types = { path = "../../modules/types", default-features = false }
 crypto = { path = "../../modules/crypto", default-features = false }
 attestation-report = { path = "../../modules/attestation-report", default-features = false }
 ocall-commands = { path = "../../modules/ocall-commands", default-features = false }

enclave-modules/remote-attestation/src/report.rs

@@ -8,19 +8,26 @@ use log::*;
 use ocall_commands::{GetReportAttestationStatusInput, GetReportAttestationStatusResult};
 use sgx_types::{sgx_platform_info_t, sgx_status_t};
 
-pub fn validate_quote_status(avr: &AttestationVerificationReport) -> Result<Quote, Error> {
+pub fn validate_quote_status(
+    current_timestamp: Time,
+    avr: &AttestationVerificationReport,
+) -> Result<Quote, Error> {
     // 1. Verify quote body
     let quote = avr.parse_quote().map_err(Error::attestation_report)?;
 
     // 2. Check quote's timestamp is within 24H
-    let now = Time::now();
     info!(
-        "Time: now={:?} quote_timestamp={:?}",
-        now, quote.attestation_time
+        "Time: current_timestamp={:?} quote_timestamp={:?}",
+        current_timestamp, quote.attestation_time
     );
 
-    if now >= (quote.attestation_time + Duration::from_secs(60 * 60 * 24)).map_err(Error::time)? {
-        return Err(Error::too_old_report_timestamp(now, quote.attestation_time));
+    if current_timestamp
+        >= (quote.attestation_time + Duration::from_secs(60 * 60 * 24)).map_err(Error::time)?
+    {
+        return Err(Error::too_old_report_timestamp(
+            current_timestamp,
+            quote.attestation_time,
+        ));
     }
 
     // 3. Verify quote status (mandatory field)

modules/attestation-report/src/verification.rs

@@ -26,10 +26,12 @@ static SUPPORTED_SIG_ALGS: SignatureAlgorithms = &[
 ];
 
 pub fn verify_report(
+    current_timestamp: Time,
     report: &EndorsedAttestationVerificationReport,
-    current_time: Time,
 ) -> Result<(), Error> {
-    let current_unix_timestamp = current_time.duration_since(TmTime::unix_epoch()).unwrap();
+    let current_unix_timestamp = current_timestamp
+        .duration_since(TmTime::unix_epoch())
+        .unwrap();
     // NOTE: Currently, webpki::Time's constructor only accepts seconds as unix timestamp.
     // Therefore, the current time are rounded up conservatively.
     let secs = if current_unix_timestamp.subsec_nanos() > 0 {

modules/ecall-commands/src/commands.rs

@@ -3,6 +3,7 @@ use crate::{
     LightClientResult,
 };
 use crypto::SealedEnclaveKey;
+use lcp_types::Time;
 use serde::{Deserialize, Serialize};
 use store::TxId;
 
@@ -20,13 +21,18 @@ impl ECallCommand {
 
 #[derive(Serialize, Deserialize, Debug)]
 pub struct CommandContext {
+    pub current_timestamp: Time,
     pub sealed_ek: Option<SealedEnclaveKey>,
     pub tx_id: TxId,
 }
 
 impl CommandContext {
-    pub fn new(sealed_ek: Option<SealedEnclaveKey>, tx_id: TxId) -> Self {
-        Self { sealed_ek, tx_id }
+    pub fn new(current_timestamp: Time, sealed_ek: Option<SealedEnclaveKey>, tx_id: TxId) -> Self {
+        Self {
+            current_timestamp,
+            sealed_ek,
+            tx_id,
+        }
     }
 }
 

modules/enclave-api/Cargo.toml

@@ -12,6 +12,7 @@ flex-error = { version = "0.4.4" }
 rsa = { version = "0.9.2", features = ["pem"], optional = true }
 sha2 = { version = "0.10.6", default-features = false, features = ["oid"], optional = true }
 
+lcp-types = { path = "../types" }
 commitments = { path = "../commitments" }
 ecall-commands = { path = "../ecall-commands", features = ["std"] }
 keymanager = { path = "../keymanager" }

modules/enclave-api/src/api/primitive.rs

@@ -3,6 +3,7 @@ use crate::{
     ffi, Error, Result,
 };
 use ecall_commands::{Command, CommandContext, CommandResult, ECallCommand, EnclaveKeySelector};
+use lcp_types::Time;
 use log::*;
 use sgx_types::{sgx_enclave_id_t, sgx_status_t};
 use store::transaction::{CommitStore, Tx};
@@ -14,14 +15,15 @@ pub trait EnclavePrimitiveAPI<S: CommitStore>: EnclaveInfo + HostStoreTxManager<
             "prepare command: inner={:?} update_key={:?}",
             cmd, update_key
         );
+        let current_timestamp = Time::now();
         let tx = self.begin_tx(update_key)?;
 
         let cctx = match cmd.get_enclave_key() {
             Some(addr) => {
                 let ski = self.get_key_manager().load(addr)?;
-                CommandContext::new(Some(ski.sealed_ek), tx.get_id())
+                CommandContext::new(current_timestamp, Some(ski.sealed_ek), tx.get_id())
             }
-            None => CommandContext::new(None, tx.get_id()),
+            None => CommandContext::new(current_timestamp, None, tx.get_id()),
         };
 
         let ecmd = ECallCommand::new(cctx, cmd);

modules/types/Cargo.toml

@@ -5,7 +5,6 @@ edition = "2021"
 
 [dependencies]
 sgx_types = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" }
-sgx_tstd = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk", features = ["untrusted_time"], optional = true }
 prost = { version = "0.11", default-features = false }
 ibc = { version = "0.29.0", default-features = false, features = ["serde"], optional = true }
 lcp-proto = { path = "../../proto", default-features = false }
@@ -24,9 +23,6 @@ default = ["std"]
 std = [
     "flex-error/std"
 ]
-sgx = [
-    "sgx_tstd",
-]
 ibc = [
     "dep:ibc"
 ]

modules/types/src/time.rs

@@ -23,13 +23,6 @@ impl Time {
         Time(TmTime::from_unix_timestamp(now.as_secs() as i64, now.subsec_nanos()).unwrap())
     }
 
-    #[cfg(all(feature = "sgx", not(feature = "std")))]
-    pub fn now() -> Self {
-        use sgx_tstd::time::{SystemTime, UNIX_EPOCH};
-        let now = SystemTime::now().duration_since(UNIX_EPOCH).unwrap();
-        Time(TmTime::from_unix_timestamp(now.as_secs() as i64, now.subsec_nanos()).unwrap())
-    }
-
     pub fn unix_epoch() -> Self {
         Time(TmTime::unix_epoch())
     }