PPID decryption tool

[nshyrei]

This PR adds a tool to decrypt PPID (Platform Provisioning ID) from a PCE (Provisioning Certification) enclave. The idea is based on the existing tool from Intel - PCKRetrievalTool which retrieves platform-related info from PCE, but for PPID the tool encrypts the resulting data. To solve this we create 2 functions that create an RSA key-pair from constant parameters that we control and decrypt the resulting PPID.

Project modules:

1. ID enclave. Contains functionality to create a pair of RSA keys for PCE enclave and PPID decryption function which is also a part of ID enclave. The functionality of this module is placed inside an enclave so that no adversary can pull RSA parameters or private key we use to decrypt the PPID;
2. PCE enclave. Contains functionality to return PPID in encrypted form. Compiled C code for this enclave comes directly from Intel in the form of a prebuilt so file. To connect it to our code we have to provide an enclave definition file (.edl) and produce a
   C wrapper using sgx_edger8r tool;
3. Main.c file in the root of the project. Entry point of the program, it connects 2 enclaves above together and prints the decrypted PPID to the console.

Additional info:

1. More info about PPID, PCE and the whole process it fits into which is called DCAP can be found in the following link:
   https://docs.enclaive.cloud/confidential-cloud/technology-in-depth/intel-sgx/technology/concepts/dcap-attestation-framework
2. PCKRetrievalTool link: https://github.com/intel/SGXDataCenterAttestationPrimitives/tree/main/tools/PCKRetrievalTool

[jethrogb]

intel-sgx/ppid-decryption-tool

The tool's purpose is not to decrypt the PPID. That the PCE encrypts the PPID prior to export is an internal detail.

[nshyrei]

Should it be "ppid-export-tool" then ?

[raoulstrackx]

I'll continue reviewing when these comments have been addressed

[raoulstrackx]

This is hard to follow. Can you ensure the ppid enclave has one entrypoint: get_plaintext_ppid that's called here. Whenever there's more info needed from the pce enclave, the ppid enclave can issues ocalls (i.e., calls to userspace, that in turn calls into the pce enclave). These ocalls of the ppid enclave need to be specified in the untrusted section in the edl file. See here as an example. After that a lot of the defines and variables can be removed from this main file.

[nshyrei]

I remember you were telling me that you can't call one enclave inside the other.

[aditijannu]

Can you add a README file in your PR which includes some of the details mentioned in the PR description? It would be helpful for anyone who is new to this and provides a simple introduction to this tool.