This is an automated email from the ASF dual-hosted git repository. dingyu pushed a commit to branch dcap-retrieve in repository https://gitbox.apache.org/repos/asf/incubator-teaclave-sgx-sdk.git
commit 05948e558aceecd240ffa78ccede8050d393a4ea Author: Yu Ding <[email protected]> AuthorDate: Fri Jun 19 00:02:07 2020 -0700 first dcap tool commit add dcap pck retrieval sample --- samplecode/dcap-pckretrieval/Makefile | 159 +++++++++++++ samplecode/dcap-pckretrieval/app/Cargo.toml | 16 ++ samplecode/dcap-pckretrieval/app/build.rs | 41 ++++ samplecode/dcap-pckretrieval/app/src/main.rs | 250 +++++++++++++++++++++ samplecode/dcap-pckretrieval/bin/.gitkeep | 0 samplecode/dcap-pckretrieval/enclave/Cargo.toml | 42 ++++ .../dcap-pckretrieval/enclave/Enclave.config.xml | 10 + samplecode/dcap-pckretrieval/enclave/Enclave.edl | 30 +++ samplecode/dcap-pckretrieval/enclave/Enclave.lds | 9 + .../dcap-pckretrieval/enclave/Enclave_private.pem | 39 ++++ samplecode/dcap-pckretrieval/enclave/Makefile | 38 ++++ samplecode/dcap-pckretrieval/enclave/Xargo.toml | 95 ++++++++ samplecode/dcap-pckretrieval/enclave/src/lib.rs | 48 ++++ .../enclave/x86_64-unknown-linux-sgx.json | 31 +++ samplecode/dcap-pckretrieval/lib/readme.txt | 1 + 15 files changed, 809 insertions(+) diff --git a/samplecode/dcap-pckretrieval/Makefile b/samplecode/dcap-pckretrieval/Makefile new file mode 100644 index 0000000..bb3f6dd --- /dev/null +++ b/samplecode/dcap-pckretrieval/Makefile @@ -0,0 +1,159 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +######## SGX SDK Settings ######## + +SGX_SDK ?= /opt/intel/sgxsdk +SGX_MODE ?= HW +SGX_ARCH ?= x64 + +TOP_DIR := ../.. +include $(TOP_DIR)/buildenv.mk + +ifeq ($(shell getconf LONG_BIT), 32) + SGX_ARCH := x86 +else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32) + SGX_ARCH := x86 +endif + +ifeq ($(SGX_ARCH), x86) + SGX_COMMON_CFLAGS := -m32 + SGX_LIBRARY_PATH := $(SGX_SDK)/lib + SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign + SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r +else + SGX_COMMON_CFLAGS := -m64 + SGX_LIBRARY_PATH := $(SGX_SDK)/lib64 + SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign + SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r +endif + +ifeq ($(SGX_DEBUG), 1) +ifeq ($(SGX_PRERELEASE), 1) +$(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!) +endif +endif + +ifeq ($(SGX_DEBUG), 1) + SGX_COMMON_CFLAGS += -O0 -g +else + SGX_COMMON_CFLAGS += -O2 +endif + +SGX_COMMON_CFLAGS += -fstack-protector + +######## CUSTOM Settings ######## + +CUSTOM_LIBRARY_PATH := ./lib +CUSTOM_BIN_PATH := ./bin +CUSTOM_EDL_PATH := ../../edl +CUSTOM_COMMON_PATH := ../../common + +######## EDL Settings ######## + +Enclave_EDL_Files := enclave/Enclave_t.c enclave/Enclave_t.h app/Enclave_u.c app/Enclave_u.h + +######## APP Settings ######## + +App_Rust_Flags := --release +App_SRC_Files := $(shell find app/ -type f -name '*.rs') $(shell find app/ -type f -name 'Cargo.toml') +App_Include_Paths := -I ./app -I./include -I$(SGX_SDK)/include -I$(CUSTOM_EDL_PATH) +App_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths) + +App_Rust_Path := ./app/target/release +App_Enclave_u_Object :=app/libEnclave_u.a +App_Name := bin/PCKIDRetrievalTool + +######## Enclave Settings ######## + +ifneq ($(SGX_MODE), HW) + Trts_Library_Name := sgx_trts_sim + Service_Library_Name := sgx_tservice_sim +else + Trts_Library_Name := sgx_trts + Service_Library_Name := sgx_tservice +endif +Crypto_Library_Name := sgx_tcrypto +KeyExchange_Library_Name := sgx_tkey_exchange +ProtectedFs_Library_Name := sgx_tprotected_fs + +RustEnclave_C_Files := $(wildcard ./enclave/*.c) +RustEnclave_C_Objects := $(RustEnclave_C_Files:.c=.o) +RustEnclave_Include_Paths := -I$(CUSTOM_COMMON_PATH)/inc -I$(CUSTOM_EDL_PATH) -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/stlport -I$(SGX_SDK)/include/epid -I ./enclave -I./include + +RustEnclave_Link_Libs := -L$(CUSTOM_LIBRARY_PATH) -lenclave +RustEnclave_Compile_Flags := $(SGX_COMMON_CFLAGS) $(ENCLAVE_CFLAGS) $(RustEnclave_Include_Paths) +RustEnclave_Link_Flags := -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \ + -Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \ + -Wl,--start-group -lsgx_tstdc -l$(Service_Library_Name) -l$(Crypto_Library_Name) $(RustEnclave_Link_Libs) -Wl,--end-group \ + -Wl,--version-script=enclave/Enclave.lds \ + $(ENCLAVE_LDFLAGS) + +RustEnclave_Name := enclave/enclave.so +Signed_RustEnclave_Name := bin/enclave.signed.so + +.PHONY: all +all: $(App_Name) $(Signed_RustEnclave_Name) + +######## EDL Objects ######## + +$(Enclave_EDL_Files): $(SGX_EDGER8R) enclave/Enclave.edl + $(SGX_EDGER8R) --trusted enclave/Enclave.edl --search-path $(SGX_SDK)/include --search-path ../../edl --trusted-dir enclave + $(SGX_EDGER8R) --untrusted enclave/Enclave.edl --search-path $(SGX_SDK)/include --search-path ../../edl --untrusted-dir app + @echo "GEN => $(Enclave_EDL_Files)" + +######## App Objects ######## + +app/Enclave_u.o: $(Enclave_EDL_Files) + @$(CC) $(App_C_Flags) -c app/Enclave_u.c -o $@ + @echo "CC <= $<" + +$(App_Enclave_u_Object): app/Enclave_u.o + $(AR) rcsD $@ $^ + cp $(App_Enclave_u_Object) ./lib + +$(App_Name): $(App_Enclave_u_Object) $(App_SRC_Files) + @cd app && SGX_SDK=$(SGX_SDK) cargo build $(App_Rust_Flags) + @echo "Cargo => $@" + mkdir -p bin + cp $(App_Rust_Path)/PCKIDRetrievalTool ./bin + +######## Enclave Objects ######## + +enclave/Enclave_t.o: $(Enclave_EDL_Files) + @$(CC) $(RustEnclave_Compile_Flags) -c enclave/Enclave_t.c -o $@ + @echo "CC <= $<" + +$(RustEnclave_Name): enclave enclave/Enclave_t.o + @$(CXX) enclave/Enclave_t.o -o $@ $(RustEnclave_Link_Flags) + @echo "LINK => $@" + +$(Signed_RustEnclave_Name): $(RustEnclave_Name) + mkdir -p bin + @$(SGX_ENCLAVE_SIGNER) sign -key enclave/Enclave_private.pem -enclave $(RustEnclave_Name) -out $@ -config enclave/Enclave.config.xml + @echo "SIGN => $@" + +.PHONY: enclave +enclave: + $(MAKE) -C ./enclave/ + + +.PHONY: clean +clean: + @rm -f $(App_Name) $(RustEnclave_Name) $(Signed_RustEnclave_Name) enclave/*_t.* app/*_u.* lib/*.a + @cd enclave && cargo clean && rm -f Cargo.lock + @cd app && cargo clean && rm -f Cargo.lock diff --git a/samplecode/dcap-pckretrieval/app/Cargo.toml b/samplecode/dcap-pckretrieval/app/Cargo.toml new file mode 100644 index 0000000..933b96f --- /dev/null +++ b/samplecode/dcap-pckretrieval/app/Cargo.toml @@ -0,0 +1,16 @@ +[package] +name = "PCKIDRetrievalTool" +version = "1.0.0" +authors = ["The Teaclave Authors"] +build = "build.rs" + +[dependencies] +sgx_types = { git = "https://github.com/apache/teaclave-sgx-sdk.git"; } +sgx_urts = { git = "https://github.com/apache/teaclave-sgx-sdk.git"; } +itertools = "*" +libloading = "*" + +[patch.'https://github.com/apache/teaclave-sgx-sdk.git'] +sgx_types = { path = "../../../sgx_types" } +sgx_urts = { path = "../../../sgx_urts" } + diff --git a/samplecode/dcap-pckretrieval/app/build.rs b/samplecode/dcap-pckretrieval/app/build.rs new file mode 100644 index 0000000..ad6509b --- /dev/null +++ b/samplecode/dcap-pckretrieval/app/build.rs @@ -0,0 +1,41 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License.. + +use std::env; + +fn main() { + let sdk_dir = env::var("SGX_SDK").unwrap_or_else(|_| "/opt/intel/sgxsdk".to_string()); + let is_sim = env::var("SGX_MODE").unwrap_or_else(|_| "HW".to_string()); + + println!("cargo:rustc-link-search=native=../lib"); + println!("cargo:rustc-link-lib=static=Enclave_u"); + + println!("cargo:rustc-link-search=native={}/lib64", sdk_dir); + + // if the linker failed to find libsgx_dcap_ql.so, please make sure that + // (1) libsgx-dcap-ql is installed + // (2) libsgx_dcap_ql.so exists. typicall at /usr/lib/x86_64-linux-gnu + // if libsgx_dcap_ql.so.1 is there, but no libsgx-dcap_ql, + // just create a symlink by + // ln -s libsgx_dcap_ql.so.1 libsgx_dcap_ql.so + println!("cargo:rustc-link-lib=dylib=sgx_dcap_ql"); + match is_sim.as_ref() { + "SW" => println!("cargo:rustc-link-lib=dylib=sgx_urts_sim"), + "HW" => println!("cargo:rustc-link-lib=dylib=sgx_urts"), + _ => println!("cargo:rustc-link-lib=dylib=sgx_urts"), // Treat undefined as HW + } +} diff --git a/samplecode/dcap-pckretrieval/app/src/main.rs b/samplecode/dcap-pckretrieval/app/src/main.rs new file mode 100644 index 0000000..8bff4e5 --- /dev/null +++ b/samplecode/dcap-pckretrieval/app/src/main.rs @@ -0,0 +1,250 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License.. + +#![allow(non_snake_case)] + +extern crate itertools; +extern crate libloading; +extern crate sgx_types; +extern crate sgx_urts; +use itertools::*; +use sgx_types::*; +use sgx_urts::SgxEnclave; + +static ENCLAVE_FILE: &'static str = "enclave.signed.so"; + +extern "C" { + fn enclave_create_report( + eid: sgx_enclave_id_t, + retval: *mut i32, + p_qe3_target: &sgx_target_info_t, + p_report: *mut sgx_report_t, + ) -> sgx_status_t; +} + +fn init_enclave() -> SgxResult<SgxEnclave> { + let mut launch_token: sgx_launch_token_t = [0; 1024]; + let mut launch_token_updated: i32 = 0; + // call sgx_create_enclave to initialize an enclave instance + // Debug Support: set 2nd parameter to 1 + let debug = 0; + let mut misc_attr = sgx_misc_attribute_t { + secs_attr: sgx_attributes_t { flags: 0, xfrm: 0 }, + misc_select: 0, + }; + SgxEnclave::create( + ENCLAVE_FILE, + debug, + &mut launch_token, + &mut launch_token_updated, + &mut misc_attr, + ) +} + +fn main() { + // quote holds the generated quote + let quote: Vec<u8> = generate_quote().unwrap(); + + // this quote has type `sgx_quote3_t` and is structured as: + // sgx_quote3_t { + // header: sgx_quote_header_t, + // report_body: sgx_report_body_t, + // signature_data_len: uint32_t, // 1116 + // signature_data { // 1116 bytes payload + // sig_data: sgx_ql_ecdsa_sig_data_t { // 576 = 64x3 +384 header + // sig: [uint8_t; 64], + // attest_pub_key: [uint8_t; 64], + // qe3_report: sgx_report_body_t, // 384 + // qe3_report_sig: [uint8_t; 64], + // auth_certification_data { // 2 + 32 = 34 + // sgx_ql_auth_data_t: u16 // observed 32, size of following auth_data + // auth_data: [u8; sgx_ql_auth_data_t] + // } + // sgx_ql_certification_data_t {/ 2 + 4 + 500 + // cert_key_type: uint16_t, + // size: uint32_t, // observed 500, size of following certificateion_data + // certification_data { // 500 bytes + // } + // } + // } + // } + // } + let p_quote3: *const sgx_quote3_t = quote.as_ptr() as *const sgx_quote3_t; + + // copy heading bytes to a sgx_quote3_t type to simplify access + let quote3: sgx_quote3_t = unsafe { *p_quote3 }; + + let quote_signature_data_vec: Vec<u8> = quote[std::mem::size_of::<sgx_quote3_t>()..].into(); + + //println!("quote3 header says signature data len = {}", quote3.signature_data_len); + //println!("quote_signature_data len = {}", quote_signature_data_vec.len()); + + assert_eq!( + quote3.signature_data_len as usize, + quote_signature_data_vec.len() + ); + + // signature_data has a header of sgx_ql_ecdsa_sig_data_t structure + //let p_sig_data: * const sgx_ql_ecdsa_sig_data_t = quote_signature_data_vec.as_ptr() as _; + // mem copy + //let sig_data = unsafe { * p_sig_data }; + + // sgx_ql_ecdsa_sig_data_t is followed by sgx_ql_auth_data_t + // create a new vec for auth_data + let auth_certification_data_offset = std::mem::size_of::<sgx_ql_ecdsa_sig_data_t>(); + let p_auth_data: *const sgx_ql_auth_data_t = + (quote_signature_data_vec[auth_certification_data_offset..]).as_ptr() as _; + let auth_data_header: sgx_ql_auth_data_t = unsafe { *p_auth_data }; + //println!("auth_data len = {}", auth_data_header.size); + + let auth_data_offset = + auth_certification_data_offset + std::mem::size_of::<sgx_ql_auth_data_t>(); + + // It should be [0,1,2,3...] + // defined at https://github.com/intel/SGXDataCenterAttestationPrimitives/blob/4605fae1c606de4ff1191719433f77f050f1c33c/QuoteGeneration/quote_wrapper/quote/qe_logic.cpp#L1452 + //let auth_data_vec: Vec<u8> = quote_signature_data_vec[auth_data_offset..auth_data_offset + auth_data_header.size as usize].into(); + //println!("Auth data:\n{:?}", auth_data_vec); + + let temp_cert_data_offset = auth_data_offset + auth_data_header.size as usize; + let p_temp_cert_data: *const sgx_ql_certification_data_t = + quote_signature_data_vec[temp_cert_data_offset..].as_ptr() as _; + let temp_cert_data: sgx_ql_certification_data_t = unsafe { *p_temp_cert_data }; + + //println!("certification data offset = {}", temp_cert_data_offset); + //println!("certification data size = {}", temp_cert_data.size); + + let cert_info_offset = + temp_cert_data_offset + std::mem::size_of::<sgx_ql_certification_data_t>(); + + //println!("cert info offset = {}", cert_info_offset); + // this should be the last structure + assert_eq!( + quote_signature_data_vec.len(), + cert_info_offset + temp_cert_data.size as usize + ); + + let tail_content = quote_signature_data_vec[cert_info_offset..].to_vec(); + let enc_ppid_len = 384; + let enc_ppid: &[u8] = &tail_content[0..enc_ppid_len]; + let pce_id: &[u8] = &tail_content[enc_ppid_len..enc_ppid_len + 2]; + let cpu_svn: &[u8] = &tail_content[enc_ppid_len + 2..enc_ppid_len + 2 + 16]; + let pce_isvsvn: &[u8] = &tail_content[enc_ppid_len + 2 + 16..enc_ppid_len + 2 + 18]; + println!("EncPPID:\n{:02x}", enc_ppid.iter().format("")); + println!("PCE_ID:\n{:02x}", pce_id.iter().format("")); + println!("TCBr - CPUSVN:\n{:02x}", cpu_svn.iter().format("")); + println!("TCBr - PCE_ISVSVN:\n{:02x}", pce_isvsvn.iter().format("")); + println!("QE_ID:\n{:02x}", quote3.header.user_data.iter().format("")); +} + +// Re-invent App/utility.cpp +// int generate_quote(uint8_t **quote_buffer, uint32_t& quote_size) +fn generate_quote() -> Option<Vec<u8>> { + let mut ti: sgx_target_info_t = sgx_target_info_t::default(); + + let _l = libloading::Library::new("./libdcap_quoteprov.so.1").unwrap(); + println!("Step1: Call sgx_qe_get_target_info:"); + //println!("sgx_qe_get_target_info = {:p}", sgx_qe_get_target_info as * const _); + + let qe3_ret = unsafe { sgx_qe_get_target_info(&mut ti as *mut _) }; + + if qe3_ret != sgx_quote3_error_t::SGX_QL_SUCCESS { + println!("Error in sgx_qe_get_target_info. {:?}\n", qe3_ret); + return None; + } + + //println!("target_info.mr_enclave = {:?}", ti.mr_enclave.m); + //println!("target_info.config_id = {:02x}", ti.config_id.iter().format(" ")); + + let quote_size = std::mem::size_of::<sgx_target_info_t>(); + let mut v: Vec<u8> = vec![0; quote_size]; + unsafe { + std::ptr::copy_nonoverlapping( + &ti as *const sgx_target_info_t as *const u8, + v.as_mut_ptr() as *mut u8, + quote_size, + ); + } + + //println!("quote = {:?}", v); + + println!("succeed!\nStep2: Call create_app_report:"); + let app_report: sgx_report_t = if let Some(r) = create_app_enclave_report(&ti) { + println!("succeed! \nStep3: Call sgx_qe_get_quote_size:"); + r + } else { + println!("\nCall to create_app_report() failed\n"); + return None; + }; + + //println!("app_report.body.cpu_svn = {:02x}", app_report.body.cpu_svn.svn.iter().format("")); + //println!("app_report.body.misc_select = {:08x}", app_report.body.misc_select); + //println!("app_report.key_id = {:02x}", app_report.key_id.id.iter().format("")); + //println!("app_report.mac = {:02x}", app_report.mac.iter().format("")); + + let mut quote_size: u32 = 0; + let qe3_ret = unsafe { sgx_qe_get_quote_size(&mut quote_size as _) }; + + if qe3_ret != sgx_quote3_error_t::SGX_QL_SUCCESS { + println!("Error in sgx_qe_get_quote_size . {:?}\n", qe3_ret); + return None; + } + + println!("succeed!"); + + let mut quote_vec: Vec<u8> = vec![0; quote_size as usize]; + + println!("\nStep4: Call sgx_qe_get_quote:"); + + let qe3_ret = + unsafe { sgx_qe_get_quote(&app_report as _, quote_size, quote_vec.as_mut_ptr() as _) }; + + if qe3_ret != sgx_quote3_error_t::SGX_QL_SUCCESS { + println!("Error in sgx_qe_get_quote. {:?}\n", qe3_ret); + return None; + } + + Some(quote_vec) +} + +fn create_app_enclave_report(qe_ti: &sgx_target_info_t) -> Option<sgx_report_t> { + let enclave = if let Ok(r) = init_enclave() { + r + } else { + return None; + }; + + let mut retval = 0; + let mut ret_report: sgx_report_t = sgx_report_t::default(); + + let result = unsafe { + enclave_create_report( + enclave.geteid(), + &mut retval, + qe_ti, + &mut ret_report as *mut sgx_report_t, + ) + }; + match result { + sgx_status_t::SGX_SUCCESS => {} + _ => { + println!("[-] ECALL Enclave Failed {}!", result.as_str()); + return None; + } + } + enclave.destroy(); + Some(ret_report) +} diff --git a/samplecode/dcap-pckretrieval/bin/.gitkeep b/samplecode/dcap-pckretrieval/bin/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/samplecode/dcap-pckretrieval/enclave/Cargo.toml b/samplecode/dcap-pckretrieval/enclave/Cargo.toml new file mode 100644 index 0000000..45065af --- /dev/null +++ b/samplecode/dcap-pckretrieval/enclave/Cargo.toml @@ -0,0 +1,42 @@ +[package] +name = "PCKIDRetrievalTool" +version = "1.0.0" +authors = ["The Teaclave Authors"] + +[lib] +name = "pckidretrievaltool" +crate-type = ["staticlib"] + +[features] +default = [] + +[target.'cfg(not(target_env = "sgx"))'.dependencies] +sgx_types = { git = "https://github.com/apache/teaclave-sgx-sdk.git"; } +sgx_tstd = { git = "https://github.com/apache/teaclave-sgx-sdk.git"; } +sgx_trts = { git = "https://github.com/apache/teaclave-sgx-sdk.git"; } +sgx_tse = { git = "https://github.com/apache/teaclave-sgx-sdk.git"; } +[patch.'https://github.com/apache/teaclave-sgx-sdk.git'] +sgx_alloc = { path = "../../../sgx_alloc" } +sgx_build_helper = { path = "../../../sgx_build_helper" } +sgx_cov = { path = "../../../sgx_cov" } +sgx_crypto_helper = { path = "../../../sgx_crypto_helper" } +sgx_libc = { path = "../../../sgx_libc" } +sgx_rand = { path = "../../../sgx_rand" } +sgx_rand_derive = { path = "../../../sgx_rand_derive" } +sgx_serialize = { path = "../../../sgx_serialize" } +sgx_serialize_derive = { path = "../../../sgx_serialize_derive" } +sgx_serialize_derive_internals = { path = "../../../sgx_serialize_derive_internals" } +sgx_tcrypto = { path = "../../../sgx_tcrypto" } +sgx_tcrypto_helper = { path = "../../../sgx_tcrypto_helper" } +sgx_tdh = { path = "../../../sgx_tdh" } +sgx_tkey_exchange = { path = "../../../sgx_tkey_exchange" } +sgx_tprotected_fs = { path = "../../../sgx_tprotected_fs" } +sgx_trts = { path = "../../../sgx_trts" } +sgx_tse = { path = "../../../sgx_tse" } +sgx_tseal = { path = "../../../sgx_tseal" } +sgx_tstd = { path = "../../../sgx_tstd" } +sgx_tunittest = { path = "../../../sgx_tunittest" } +sgx_types = { path = "../../../sgx_types" } +sgx_ucrypto = { path = "../../../sgx_ucrypto" } +sgx_unwind = { path = "../../../sgx_unwind" } +sgx_urts = { path = "../../../sgx_urts" } diff --git a/samplecode/dcap-pckretrieval/enclave/Enclave.config.xml b/samplecode/dcap-pckretrieval/enclave/Enclave.config.xml new file mode 100644 index 0000000..5b97ad8 --- /dev/null +++ b/samplecode/dcap-pckretrieval/enclave/Enclave.config.xml @@ -0,0 +1,10 @@ +<EnclaveConfiguration> + <ProdID>0x1</ProdID> + <ISVSVN>1</ISVSVN> + <TCSNum>1</TCSNum> + <TCSPolicy>1</TCSPolicy> + <HW>0</HW> + <StackMaxSize>0x2000</StackMaxSize> + <HeapMaxSize>0x4000</HeapMaxSize> + <DisableDebug>1</DisableDebug> +</EnclaveConfiguration> diff --git a/samplecode/dcap-pckretrieval/enclave/Enclave.edl b/samplecode/dcap-pckretrieval/enclave/Enclave.edl new file mode 100644 index 0000000..097453f --- /dev/null +++ b/samplecode/dcap-pckretrieval/enclave/Enclave.edl @@ -0,0 +1,30 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. + +enclave { + from "sgx_tstd.edl" import *; + from "sgx_stdio.edl" import *; + from "sgx_file.edl" import *; + include "sgx_report.h" + + trusted { + /* define ECALLs here. */ + public uint32_t enclave_create_report([in]const sgx_target_info_t* p_qe3_target, + [out]sgx_report_t* p_report); + + }; +}; diff --git a/samplecode/dcap-pckretrieval/enclave/Enclave.lds b/samplecode/dcap-pckretrieval/enclave/Enclave.lds new file mode 100644 index 0000000..e3d9d0e --- /dev/null +++ b/samplecode/dcap-pckretrieval/enclave/Enclave.lds @@ -0,0 +1,9 @@ +enclave.so +{ + global: + g_global_data_sim; + g_global_data; + enclave_entry; + local: + *; +}; diff --git a/samplecode/dcap-pckretrieval/enclave/Enclave_private.pem b/samplecode/dcap-pckretrieval/enclave/Enclave_private.pem new file mode 100644 index 0000000..314705b --- /dev/null +++ b/samplecode/dcap-pckretrieval/enclave/Enclave_private.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4QIBAAKCAYEAkfZLXB3p7SYhqBmRbiBlTaCQ1dWWsVCGkgrcN/IAKxsh2XRJ +CtEEGoY3gOeZynZOAGx+eT3TskLF2/WDeQp3PKYsLlflcPwJY1ICaUBYzVtFKM/w +19uNXA5njiXdkZmOpXvsl97P0T24+ll+uL55BayuLHitshY5CD9ITkzcckn5q1cv +QsEXud/Q1l/jxE/+gghqFkSjCoxC4272XPfM177bPk0MIsIBWp/IQJWOykdk0Xlb +KMkjWhk9pTThbdqHxwcXeY6FhiBAO1QcofWzHDuSrhKA5A7zBosbVUAs7D1iyZKK +E9n+R8F4yOrGZ4lN8pJ/+WyJRcuxdoAmaYbIM99tYHos3pY/+9F9/llTSQj0K5G1 +m/9rMzS+uT58bX2yIQXLSRaikITNz78GNDH1E33rC1hK3iYjr5Cec9gjtaZPHq3H +qnv01IRt6n7pcmSWR04FFLahOMCCt1/Zk4U9IOvy+teJU/qibsIxxoLdgZzi4vY4 +WafHaR8b0qp8XhC7AgEDAoIBgGFO3OgT8UjEFnARC57AQ4kVtePjucuLBGFcks/2 +qsdna+ZNhgc2ArxZelXvu9xO3qry/vt+jSGB2T1OV6YG+ihuyB7lQ6CoBkI2rEYq +5d482MXf9eU9COgJml7D6Qu7tG5SnbqUiot+e1GQ/yXUUK5zHshQc8wO0LAqMDQz +PaGGpnI6H4HWD9E/4I7ql9g1VFawRrmDF1xdgez0pD36iI/UkimIssHWq5G/2tW5 +CdwvmIumPMXbbOa7fm4jQPPnBCpP9BQ3LKKNjIW5TKU4RNIChFzLOEUhhl6PRvwk +8SQcRJsEx/ixsziWKm3x8iVK4UQZjom2HEIGVeF/ZUQ7fMbuLJnhZWwoSFonM/G/ +EOTfccnp+ZvVgtDq2iMZCFrSp3bZGUxC3+T/iFQpEC93FnhhnGyCD7ulo01o8xpH +qrNIuLeXjWUGOoFXLyq0WyaHnTwnHDQPK4EsVyqiX4YC6ppMPfdutYolBzFOm5a9 +TbyIVvfI64cgUhj6frOgYyVM2wKBwQDi0VQglAobzmPY8iJ/5di446xcmt764bZ8 +slBwYqJfG8hRWWZrXuyT42BaN58hvGFIvLro2msMRjpMYjWBZIOXhgPQ5ss7hK5G +Ik9Xf9JGfXKbn1rdLl4g7swVGWHioZVtniN4S6ICPBaRJ60ytRhxABgDARVw/XyO +bnSAFc7nvIrNrdFAo3Q3M1XArWvho28RKZF8oT9sGJ4vK8X/3NMvda30D9uswt/8 +btL41u2BSr13ZvcVMyyBh4RDdFUZnycCgcEApL3VOqe4dn2JmcwHKjtzKFQfxkbN +gXry/AHgaqYg1vczj7H3s3CE3vzYycg8Ddyaw69vQgDz1nv2V97ZAckJcfQmqMFJ +gNUlLnRgvDrnqzxW4RNkVRDI2OWrb3+OAqAhgSIB3mawtslqwFnAuko67etoZZQd +07AyLQS9TFbUwPyvPZyiUk8o205RacL01vW7W+nJSf6giuVhyECESqQKCgPoE6Gd +WAA3qF11a4/7ZYWi9+Hf+cQfwh/ZgcWSjH5NAoHBAJc2OBW4Br00QpChbFVD5dCX +yD28lKdBJFMhivWXFuoShYuQ7vI/SGKXlZF6ahZ9ljB90fCRnLLZfDLsI6uYV7pZ +V+CZ3NJYdC7BijpVNtmo9xJqPJN0PsCfMri7lpcWY55pbPrdFqwoDwtvyMx4uvYA +EAIAuPX+Uwme+FVj30UoXIkei4Bs+CTM49XI8pZs9LYbtlMWKkgQaXTH2VU94h+j +yU1f58iB6qhJ4fs586uHKPpEpLjMyFZaWCz4OLu/bwKBwG3T43xv0E7+W7vdWhwn +ohriv9mEiQD8of1WlZxuwI9Pd7UhT8z1ren95dva0rPoZy0fn4FV9+RSpDqUkKvb +W6FNbxsrhlXjbh74QH18mnIoOetiQuNgheXuckpVCVcVa6tsAT7vIHnbnIA71dGG +0fPyRZkNaTfKzB4DKN2POICodNO9wYw0xeeJi5vXTeSj0j1GhjFUawdDloWAWDHC +sVwCmrfBE5AAJRro+PJf/O5ZF0/r6qaCv9a/5laDtwhUMwKBwDp16J55+fy6S7BZ +/LdMSim1XGxHdk+eT/ViBjXk+Ltr8IGDp72sI+nA3NK0u1vRNUYkdH3qj6zocusu +t1+NH0mah1BNvqU/lWkGZe5kJ6FDFYnL8OB+ChNXNKZaT09GOcG2DxSFN9g5u3EK +doIX5Qku7Ra3LElgTcINoNb2JJ9go8Tl9AwdUICX9FAuA1k6GxrdIcbhtOA+tI2G +2jSl4qqd3uTTDdkzw0eW08pJxtAPxwTi2BENfOSbsA1c4TVExA== +-----END RSA PRIVATE KEY----- diff --git a/samplecode/dcap-pckretrieval/enclave/Makefile b/samplecode/dcap-pckretrieval/enclave/Makefile new file mode 100644 index 0000000..786b6af --- /dev/null +++ b/samplecode/dcap-pckretrieval/enclave/Makefile @@ -0,0 +1,38 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +Rust_Enclave_Name := libenclave.a +Rust_Enclave_Files := $(wildcard src/*.rs) +Rust_Target_Path := $(CURDIR)/../../../xargo + +ifeq ($(MITIGATION-CVE-2020-0551), LOAD) +export MITIGATION_CVE_2020_0551=LOAD +else ifeq ($(MITIGATION-CVE-2020-0551), CF) +export MITIGATION_CVE_2020_0551=CF +endif + +.PHONY: all + +all: $(Rust_Enclave_Name) + +$(Rust_Enclave_Name): $(Rust_Enclave_Files) +ifeq ($(XARGO_SGX), 1) + RUST_TARGET_PATH=$(Rust_Target_Path) xargo build --target x86_64-unknown-linux-sgx --release + cp ./target/x86_64-unknown-linux-sgx/release/libpckidretrievaltool.a ../lib/libenclave.a +else + cargo build --release + cp ./target/release/libpckidretrievaltool.a ../lib/libenclave.a +endif diff --git a/samplecode/dcap-pckretrieval/enclave/Xargo.toml b/samplecode/dcap-pckretrieval/enclave/Xargo.toml new file mode 100644 index 0000000..ffb4272 --- /dev/null +++ b/samplecode/dcap-pckretrieval/enclave/Xargo.toml @@ -0,0 +1,95 @@ +[dependencies] +alloc = {} + +[dependencies.sgx_types] +path = "../../../sgx_types" +stage = 1 + +[dependencies.sgx_alloc] +path = "../../../sgx_alloc" +stage = 1 + +[dependencies.sgx_unwind] +path = "../../../sgx_unwind" +stage = 1 + +[dependencies.sgx_demangle] +path = "../../../sgx_demangle" +stage = 1 + +[dependencies.panic_abort] +path = "../../../sgx_panic_abort" +stage = 1 + +[dependencies.sgx_libc] +path = "../../../sgx_libc" +stage = 2 + +[dependencies.sgx_tkey_exchange] +path = "../../../sgx_tkey_exchange" +stage = 2 + +[dependencies.sgx_tse] +path = "../../../sgx_tse" +stage = 2 + +[dependencies.sgx_tcrypto] +path = "../../../sgx_tcrypto" +stage = 2 + +[dependencies.sgx_trts] +path = "../../../sgx_trts" +stage = 3 + +[dependencies.sgx_backtrace_sys] +path = "../../../sgx_backtrace_sys" +stage = 3 + +[dependencies.panic_unwind] +path = "../../../sgx_panic_unwind" +stage = 3 + +[dependencies.sgx_tdh] +path = "../../../sgx_tdh" +stage = 4 + +[dependencies.sgx_tseal] +path = "../../../sgx_tseal" +stage = 4 + +[dependencies.sgx_tprotected_fs] +path = "../../../sgx_tprotected_fs" +stage = 4 + +[dependencies.std] +path = "../../../xargo/sgx_tstd" +stage = 5 +features = ["backtrace"] + +[dependencies.sgx_no_tstd] +path = "../../../sgx_no_tstd" +stage = 5 + +[dependencies.sgx_rand] +path = "../../../sgx_rand" +stage = 6 + +[dependencies.sgx_serialize] +path = "../../../sgx_serialize" +stage = 6 + +[dependencies.sgx_tunittest] +path = "../../../sgx_tunittest" +stage = 6 + +[dependencies.sgx_backtrace] +path = "../../../sgx_backtrace" +stage = 7 + +[dependencies.sgx_cov] +path = "../../../sgx_cov" +stage = 7 + +[dependencies.sgx_signal] +path = "../../../sgx_signal" +stage = 7 diff --git a/samplecode/dcap-pckretrieval/enclave/src/lib.rs b/samplecode/dcap-pckretrieval/enclave/src/lib.rs new file mode 100644 index 0000000..3e99903 --- /dev/null +++ b/samplecode/dcap-pckretrieval/enclave/src/lib.rs @@ -0,0 +1,48 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License.. + +#![crate_name = "pckidretrievaltool"] +#![crate_type = "staticlib"] + +#![cfg_attr(not(target_env = "sgx"), no_std)] +#![cfg_attr(target_env = "sgx", feature(rustc_private))] + +extern crate sgx_types; +extern crate sgx_tse; +#[cfg(not(target_env = "sgx"))] +#[macro_use] +extern crate sgx_tstd as std; + +use sgx_types::*; +use sgx_tse::rsgx_create_report; + +#[no_mangle] +pub extern "C" fn enclave_create_report( + p_qe3_target : &sgx_target_info_t, + p_report: &mut sgx_report_t) -> u32 { + let empty_data: sgx_report_data_t = sgx_report_data_t::default(); + match rsgx_create_report(p_qe3_target, &empty_data) { + Ok(report) => { + *p_report = report; + 0 + }, + Err(x) => { + println!("rsgx_create_report failed! {:?}", x); + x as u32 + } + } +} diff --git a/samplecode/dcap-pckretrieval/enclave/x86_64-unknown-linux-sgx.json b/samplecode/dcap-pckretrieval/enclave/x86_64-unknown-linux-sgx.json new file mode 100644 index 0000000..10d37a7 --- /dev/null +++ b/samplecode/dcap-pckretrieval/enclave/x86_64-unknown-linux-sgx.json @@ -0,0 +1,31 @@ +{ + "arch": "x86_64", + "cpu": "x86-64", + "data-layout": "e-m:e-i64:64-f80:128-n8:16:32:64-S128", + "dynamic-linking": true, + "env": "sgx", + "exe-allocation-crate": "alloc_system", + "executables": true, + "has-elf-tls": true, + "has-rpath": true, + "linker-flavor": "gcc", + "linker-is-gnu": true, + "llvm-target": "x86_64-unknown-linux-gnu", + "max-atomic-width": 64, + "os": "linux", + "position-independent-executables": true, + "pre-link-args": { + "gcc": [ + "-Wl,--as-needed", + "-Wl,-z,noexecstack", + "-m64" + ] + }, + "relro-level": "full", + "stack-probes": true, + "target-c-int-width": "32", + "target-endian": "little", + "target-family": "unix", + "target-pointer-width": "64", + "vendor": "mesalock" +} diff --git a/samplecode/dcap-pckretrieval/lib/readme.txt b/samplecode/dcap-pckretrieval/lib/readme.txt new file mode 100644 index 0000000..7951405 --- /dev/null +++ b/samplecode/dcap-pckretrieval/lib/readme.txt @@ -0,0 +1 @@ +lib \ No newline at end of file --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
