Intel(R) SGX DCAP 1.12 Release

Upgraded Intel(R) Integrated Performance Primitives (IPP) Cryptography library to version 2021 update 3.
Upgraded Intel(R) SGX Architecture Enclaves based on new IPP crypto library.
Added support in Intel(R) QPL to retrieve SGX ECDSA quote verification endorsements from Intel(R) PCS.
Updated SGX QVL and QvE to support CRL in different encoding.
Updated SGX QVL and QvE to support CRL in different encoding.
Fixed bugs.

Signed-off-by: Zhang Lili <lili.z.zhang@intel.com>

Author: lzha101

Makefile

@@ -35,7 +35,7 @@ CUR_MKFILE:= $(lastword $(MAKEFILE_LIST))
 
 all: QuoteGeneration QuoteVerification PCKCertSelection PCKRetrievalTool
 
-QuoteGeneration:
+QuoteGeneration: QuoteVerification
 	$(MAKE) -C QuoteGeneration
 
 QuoteVerification:

QuoteGeneration/README.md

@@ -37,7 +37,7 @@ For Windows* OS
 **NOTE**:`sgx_dcap_dev.inf` is for Windows* Server 2016 LTSC and `sgx_dcap.inf` is for Windows* Server 2019 LTSC.
 
 ## How to install
-   Refer to the *"Installation Instructions"* section in the [Intel(R) Software Guard Extensions: Data Center Attestation Primitives Installation Guide For Windows* OS](https://download.01.org/intel-sgx/sgx-dcap/1.11/windows/docs/Intel_SGX_DCAP_Windows_SW_Installation_Guide.pdf) to install the right packages on your platform.
+   Refer to the *"Installation Instructions"* section in the [Intel(R) Software Guard Extensions: Data Center Attestation Primitives Installation Guide For Windows* OS](https://download.01.org/intel-sgx/sgx-dcap/1.12/windows/docs/Intel_SGX_DCAP_Windows_SW_Installation_Guide.pdf) to install the right packages on your platform.
 
 
 For Linux* OS

QuoteGeneration/common/inc/internal/se_version.h

@@ -28,10 +28,14 @@
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
  */
-#define STRFILEVER    "1.11.100.2"
-#define COPYRIGHT      "Copyright (C) 2021 Intel Corporation"
-#define FILEVER        1,11,100,2
-#define PRODUCTVER     1,11,100,2
-#define STRPRODUCTVER  "1.11.100.2"
+#define STRFILEVER    "1.12.100.3"
+#define COPYRIGHT      "Copyright (C) 2020 Intel Corporation"
+#define FILEVER        1,12,100,3
+#define PRODUCTVER     1,12,100,3
+#define STRPRODUCTVER  "1.12.100.3"
 #define COMPANYNAME    "Intel Corporation"
 #define PRODUCTNAME    "Intel® Software Guard Extensions"
+
+#define DEFAULT_QPL_VERSION          "1.11.101.1"
+#define QUOTE_VERIFIER_VERSION       "1.11.101.1"
+#define QUOTE_LOADER_VERSION         "1.11.101.1"

QuoteGeneration/download_prebuilt.bat

@@ -29,9 +29,9 @@
 
 @echo off
 
-set ae_file_name=prebuilt_windows_dcap_1.11.zip
-set checksum_file=SHA256SUM_prebuilt_windows_dcap_1.11.cfg
-set server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.11/windows/
+set ae_file_name=prebuilt_windows_dcap_1.12.zip
+set checksum_file=SHA256SUM_prebuilt_windows_dcap_1.12.cfg
+set server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.12/windows/
 set server_ae_url=%server_url_path%/%ae_file_name%
 set server_checksum_url=%server_url_path%/%checksum_file%
 

QuoteGeneration/download_prebuilt.sh

@@ -32,9 +32,9 @@
 
 top_dir=`dirname $0`
 out_dir=$top_dir
-ae_file_name=prebuilt_dcap_1.11.tar.gz
-checksum_file=SHA256SUM_prebuilt_dcap_1.11.cfg
-server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.11/linux
+ae_file_name=prebuilt_dcap_1.12.tar.gz
+checksum_file=SHA256SUM_prebuilt_dcap_1.12.cfg
+server_url_path=https://download.01.org/intel-sgx/sgx-dcap/1.12/linux
 server_ae_url=$server_url_path/$ae_file_name
 server_checksum_url=$server_url_path/$checksum_file
 

QuoteGeneration/installer/linux/common/libsgx-dcap-default-qpl/createTarball.sh

@@ -55,7 +55,7 @@ python ${SCRIPT_DIR}/gen_source.py --bom=BOMs/libsgx-dcap-default-qpl-package.tx
 python ${SCRIPT_DIR}/gen_source.py --bom=../licenses/BOM_license.txt --cleanup=false
 
 # Create the tarball
-SGX_VERSION=$(awk '/STRFILEVER/ {print $3}' ${ROOT_DIR}/common/inc/internal/se_version.h|sed 's/^\"\(.*\)\"$/\1/')
+SGX_VERSION=$(awk '/DEFAULT_QPL_VERSION/ {print $3}' ${ROOT_DIR}/common/inc/internal/se_version.h|sed 's/^\"\(.*\)\"$/\1/')
 pushd ${INSTALL_PATH} &> /dev/null
 sed -i "s/USR_LIB_VER=.*/USR_LIB_VER=${SGX_VERSION}/" Makefile
 tar -zcvf ${TARBALL_NAME} *

QuoteGeneration/installer/linux/common/libsgx-dcap-ql/createTarball.sh

@@ -58,7 +58,7 @@ python ${SCRIPT_DIR}/gen_source.py --bom=BOMs/libsgx-dcap-ql-package.txt  --clea
 python ${SCRIPT_DIR}/gen_source.py --bom=../licenses/BOM_license.txt --cleanup=false
 
 # Create the tarball
-SGX_VERSION=$(awk '/STRFILEVER/ {print $3}' ${ROOT_DIR}/common/inc/internal/se_version.h|sed 's/^\"\(.*\)\"$/\1/')
+SGX_VERSION=$(awk '/QUOTE_LOADER_VERSION/ {print $3}' ${ROOT_DIR}/common/inc/internal/se_version.h|sed 's/^\"\(.*\)\"$/\1/')
 pushd ${INSTALL_PATH} &> /dev/null
 sed -i "s/USR_LIB_VER=.*/USR_LIB_VER=${SGX_VERSION}/" Makefile
 tar -zcvf ${TARBALL_NAME} *

QuoteGeneration/installer/linux/common/libsgx-dcap-quote-verify/createTarball.sh

@@ -59,7 +59,7 @@ python ${SCRIPT_DIR}/gen_source.py --bom=BOMs/libsgx-dcap-qvl-package.txt  --cle
 python ${SCRIPT_DIR}/gen_source.py --bom=../licenses/BOM_license.txt --cleanup=false
 
 # Create the tarball
-SGX_VERSION=$(awk '/STRFILEVER/ {print $3}' ${ROOT_DIR}/common/inc/internal/se_version.h|sed 's/^\"\(.*\)\"$/\1/')
+SGX_VERSION=$(awk '/QUOTE_VERIFIER_VERSION/ {print $3}' ${ROOT_DIR}/common/inc/internal/se_version.h|sed 's/^\"\(.*\)\"$/\1/')
 pushd ${INSTALL_PATH} &> /dev/null
 sed -i "s/USR_LIB_VER=.*/USR_LIB_VER=${SGX_VERSION}/" Makefile
 tar -zcvf ${TARBALL_NAME} *

QuoteGeneration/installer/linux/common/sgx-dcap-pccs/BOMs/sgx-dcap-pccs.txt

@@ -11,6 +11,7 @@ DeliveryName	InstallName	FileCheckSum	FileFeature	FileOwner
 <deliverydir>/pccs/controllers/refreshController.js	<installdir>/controllers/refreshController.js	0	main	STP
 <deliverydir>/pccs/controllers/rootcacrlController.js	<installdir>/controllers/rootcacrlController.js	0	main	STP
 <deliverydir>/pccs/controllers/tcbinfoController.js	<installdir>/controllers/tcbinfoController.js	0	main	STP
+<deliverydir>/pccs/controllers/crlController.js	<installdir>/controllers/crlController.js	0	main	STP
 <deliverydir>/pccs/dao/models/fmspc_tcbs.js	<installdir>/dao/models/fmspc_tcbs.js	0	main	STP
 <deliverydir>/pccs/dao/models/index.js	<installdir>/dao/models/index.js	0	main	STP
 <deliverydir>/pccs/dao/models/pck_cert.js	<installdir>/dao/models/pck_cert.js	0	main	STP
@@ -21,8 +22,8 @@ DeliveryName	InstallName	FileCheckSum	FileFeature	FileOwner
 <deliverydir>/pccs/dao/models/platform_tcbs.js	<installdir>/dao/models/platform_tcbs.js	0	main	STP
 <deliverydir>/pccs/dao/models/platforms_registered.js	<installdir>/dao/models/platforms_registered.js	0	main	STP
 <deliverydir>/pccs/dao/models/platforms.js	<installdir>/dao/models/platforms.js	0	main	STP
-<deliverydir>/pccs/dao/models/qe_identities.js	<installdir>/dao/models/qe_identities.js	0	main	STP
-<deliverydir>/pccs/dao/models/qve_identities.js	<installdir>/dao/models/qve_identities.js	0	main	STP
+<deliverydir>/pccs/dao/models/enclave_identities.js	<installdir>/dao/models/enclave_identities.js	0	main	STP
+<deliverydir>/pccs/dao/models/crl_cache.js	<installdir>/dao/models/crl_cache.js	0	main	STP
 <deliverydir>/pccs/dao/fmspcTcbDao.js	<installdir>/dao/fmspcTcbDao.js	0	main	STP
 <deliverydir>/pccs/dao/pckCertchainDao.js	<installdir>/dao/pckCertchainDao.js	0	main	STP
 <deliverydir>/pccs/dao/pckcertDao.js	<installdir>/dao/pckcertDao.js	0	main	STP
@@ -32,15 +33,16 @@ DeliveryName	InstallName	FileCheckSum	FileFeature	FileOwner
 <deliverydir>/pccs/dao/platformsDao.js	<installdir>/dao/platformsDao.js	0	main	STP
 <deliverydir>/pccs/dao/platformsRegDao.js	<installdir>/dao/platformsRegDao.js	0	main	STP
 <deliverydir>/pccs/dao/platformTcbsDao.js	<installdir>/dao/platformTcbsDao.js	0	main	STP
-<deliverydir>/pccs/dao/qeidentityDao.js	<installdir>/dao/qeidentityDao.js	0	main	STP
-<deliverydir>/pccs/dao/qveidentityDao.js	<installdir>/dao/qveidentityDao.js	0	main	STP
+<deliverydir>/pccs/dao/enclaveIdentityDao.js	<installdir>/dao/enclaveIdentityDao.js	0	main	STP
+<deliverydir>/pccs/dao/crlCacheDao.js	<installdir>/dao/crlCacheDao.js	0	main	STP
 <deliverydir>/pccs/lib/libPCKCertSelection.so	<installdir>/lib/libPCKCertSelection.so	0	main	STP
 <deliverydir>/pccs/lib_wrapper/pcklib_wrapper.js	<installdir>/lib_wrapper/pcklib_wrapper.js	0	main	STP
 <deliverydir>/pccs/middleware/auth.js	<installdir>/middleware/auth.js	0	main	STP
 <deliverydir>/pccs/middleware/error.js	<installdir>/middleware/error.js	0	main	STP
 <deliverydir>/pccs/middleware/addRequestId.js	<installdir>/middleware/addRequestId.js	0	main	STP
 <deliverydir>/pccs/migrations/00_db_initialize.up.sql	<installdir>/migrations/00_db_initialize.up.sql	0	main	STP
 <deliverydir>/pccs/migrations/01_db_version_1.js	<installdir>/migrations/01_db_version_1.js	0	main	STP
+<deliverydir>/pccs/migrations/02_db_version_2.js	<installdir>/migrations/02_db_version_2.js	0	main	STP
 <deliverydir>/pccs/pcs_client/pcs_client.js	<installdir>/pcs_client/pcs_client.js	0	main	STP
 <deliverydir>/pccs/routes/index.js	<installdir>/routes/index.js	0	main	STP
 <deliverydir>/pccs/services/identityService.js	<installdir>/services/identityService.js	0	main	STP
@@ -54,6 +56,7 @@ DeliveryName	InstallName	FileCheckSum	FileFeature	FileOwner
 <deliverydir>/pccs/services/refreshService.js	<installdir>/services/refreshService.js	0	main	STP
 <deliverydir>/pccs/services/rootcacrlService.js	<installdir>/services/rootcacrlService.js	0	main	STP
 <deliverydir>/pccs/services/tcbinfoService.js	<installdir>/services/tcbinfoService.js	0	main	STP
+<deliverydir>/pccs/services/crlService.js	<installdir>/services/crlService.js	0	main	STP
 <deliverydir>/pccs/services/caching_modes/cachingMode.js	<installdir>/services/caching_modes/cachingMode.js	0	main	STP
 <deliverydir>/pccs/services/caching_modes/cachingModeManager.js	<installdir>/services/caching_modes/cachingModeManager.js	0	main	STP
 <deliverydir>/pccs/services/logic/commonCacheLogic.js	<installdir>/services/logic/commonCacheLogic.js	0	main	STP

QuoteGeneration/installer/linux/deb/libsgx-dcap-ql/libsgx-dcap-ql-1.0/debian/control

@@ -9,11 +9,11 @@ Homepage: https://github.com/intel/SGXDataCenterAttestationPrimitives
 Package: libsgx-dcap-ql
 Architecture: amd64
 Depends: libsgx-qe3-logic(>= @dep_version@), libsgx-pce-logic(>= @dep_version@), libsgx-ae-qve(>= @dep_version@), ${shlibs:Depends}, ${misc:Depends}
-Recommends: libsgx-dcap-quote-verify(>= @dep_version@), libsgx-quote-ex(>= 2.14)
+Recommends: libsgx-dcap-quote-verify(>= @dep_version@), libsgx-quote-ex(>= 2.15)
 Description: Intel(R) Software Guard Extensions Data Center Attestation Primitives
 
 Package: libsgx-dcap-ql-dev
 Section: devel
 Architecture: amd64
-Depends: libsgx-dcap-ql (= @dep_version@), libsgx-headers (>= 2.14)
+Depends: libsgx-dcap-ql (= @dep_version@), libsgx-headers (>= 2.15)
 Description: Intel(R) Software Guard Extensions Data Center Attestation Primitives For Developers