RubNoobs/Systemsicherheit
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Assignment 7 sgximpl: initialize project structure

Browse source
This commit is contained in:
chronal 2024-06-30 15:46:00 +02:00 committed by saschato
parent 133fb803f7
commit 01182627e0
174 changed files with 209 additions and 24519 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

81
Assignment 7 - SGX Hands-on/Makefile Normal file
View file

@ -0,0 +1,81 @@
# Makefile for building the application
# Use:
# make - compiles both release and test binaries
# make release - compiles and runs the release binary
# make test - compiles and runs the test binary
# make clean - deletes all binaries in build/bin
# make cleaner - deltes the whole build directory
# Compiler
CC = clang
CFLAGS = -Wall -Wextra -Werror
LDFLAGS =
# Directories
SRC_DIR = src
LIB_DIR = lib
TEST_DIR = test
APP_DIR = $(SRC_DIR)/app
ENCLAVE_DIR = $(SRC_DIR)/enclave
BUILD_DIR = build
OBJ_DIR = $(BUILD_DIR)/obj
BIN_DIR = $(BUILD_DIR)/bin
# Source files
LIB_SRCS = $(wildcard $(LIB_DIR)/*.c)
APP_SRCS = $(wildcard $(APP_DIR)/*.c) $(wildcard $(ENCLAVE_DIR)/*.c)
TEST_SRCS = $(wildcard $(TEST_DIR)/*.c)
# Object files
LIB_OBJS = $(LIB_SRCS:$(LIB_DIR)/%.c=$(OBJ_DIR)/lib/%.o)
APP_OBJS = $(APP_SRCS:$(SRC_DIR)/%.c=$(OBJ_DIR)/src/%.o)
TEST_OBJS = $(TEST_SRCS:$(TEST_DIR)/%.c=$(OBJ_DIR)/test/%.o)
# Binaries
RELEASE_BIN = $(BIN_DIR)/release
TEST_BIN = $(BIN_DIR)/test
$(RELEASE_BIN): $(LIB_OBJS) $(APP_OBJS)
@mkdir -p $(BIN_DIR)
@$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^
$(TEST_BIN): $(LIB_OBJS) $(TEST_OBJS)
@mkdir -p $(BIN_DIR)
@$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^
$(OBJ_DIR)/lib/%.o: $(LIB_DIR)/%.c
@mkdir -p $(dir $@)
@$(CC) $(CFLAGS) -c -o $@ $<
$(OBJ_DIR)/src/%.o: $(SRC_DIR)/%.c
@mkdir -p $(dir $@)
@$(CC) $(CFLAGS) -c -o $@ $<
$(OBJ_DIR)/test/%.o: $(TEST_DIR)/%.c
@mkdir -p $(dir $@)
@$(CC) $(CFLAGS) -c -o $@ $<
# Targets
.PHONY: all clean release test
all: release test
release: $(RELEASE_BIN) run_release
run_release:
@echo "RUNNING RELEASE"
@./$(RELEASE_BIN)
test: $(TEST_BIN) run_test
run_test:
@echo "RUNNING TESTS"
@./$(TEST_BIN)
clean:
@echo "Deleting binaries"
@rm -rf $(BIN_DIR)
cleaner:
@echo "Deleting builds"
@rm -rf $(BUILD_DIR)

252
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/HelloEnclave/App/App.cpp
View file

@ -1,252 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include <stdio.h>
#include <string.h>
#include <assert.h>
# include <unistd.h>
# include <pwd.h>
# define MAX_PATH FILENAME_MAX
#include "sgx_urts.h"
#include "App.h"
#include "Enclave_u.h"
/* Global EID shared by multiple threads */
sgx_enclave_id_t global_eid = 0;
typedef struct _sgx_errlist_t {
sgx_status_t err;
const char *msg;
const char *sug; /* Suggestion */
} sgx_errlist_t;
/* Error code returned by sgx_create_enclave */
static sgx_errlist_t sgx_errlist[] = {
{
SGX_ERROR_UNEXPECTED,
"Unexpected error occurred.",
NULL
},
{
SGX_ERROR_INVALID_PARAMETER,
"Invalid parameter.",
NULL
},
{
SGX_ERROR_OUT_OF_MEMORY,
"Out of memory.",
NULL
},
{
SGX_ERROR_ENCLAVE_LOST,
"Power transition occurred.",
"Please refer to the sample \"PowerTransition\" for details."
},
{
SGX_ERROR_INVALID_ENCLAVE,
"Invalid enclave image.",
NULL
},
{
SGX_ERROR_INVALID_ENCLAVE_ID,
"Invalid enclave identification.",
NULL
},
{
SGX_ERROR_INVALID_SIGNATURE,
"Invalid enclave signature.",
NULL
},
{
SGX_ERROR_OUT_OF_EPC,
"Out of EPC memory.",
NULL
},
{
SGX_ERROR_NO_DEVICE,
"Invalid SGX device.",
"Please make sure SGX module is enabled in the BIOS, and install SGX driver afterwards."
},
{
SGX_ERROR_MEMORY_MAP_CONFLICT,
"Memory map conflicted.",
NULL
},
{
SGX_ERROR_INVALID_METADATA,
"Invalid enclave metadata.",
NULL
},
{
SGX_ERROR_DEVICE_BUSY,
"SGX device was busy.",
NULL
},
{
SGX_ERROR_INVALID_VERSION,
"Enclave version was invalid.",
NULL
},
{
SGX_ERROR_INVALID_ATTRIBUTE,
"Enclave was not authorized.",
NULL
},
{
SGX_ERROR_ENCLAVE_FILE_ACCESS,
"Can't open enclave file.",
NULL
},
};
/* Check error conditions for loading enclave */
void print_error_message(sgx_status_t ret)
{
size_t idx = 0;
size_t ttl = sizeof sgx_errlist/sizeof sgx_errlist[0];
for (idx = 0; idx < ttl; idx++) {
if(ret == sgx_errlist[idx].err) {
if(NULL != sgx_errlist[idx].sug)
printf("Info: %s\n", sgx_errlist[idx].sug);
printf("Error: %s\n", sgx_errlist[idx].msg);
break;
}
}
if (idx == ttl)
printf("Error code is 0x%X. Please refer to the \"Intel SGX SDK Developer Reference\" for more details.\n", ret);
}
/* Initialize the enclave:
* Step 1: try to retrieve the launch token saved by last transaction
* Step 2: call sgx_create_enclave to initialize an enclave instance
* Step 3: save the launch token if it is updated
*/
int initialize_enclave(void)
{
char token_path[MAX_PATH] = {'\0'};
sgx_launch_token_t token = {0};
sgx_status_t ret = SGX_ERROR_UNEXPECTED;
int updated = 0;
/* Step 1: try to retrieve the launch token saved by last transaction
* if there is no token, then create a new one.
*/
/* try to get the token saved in $HOME */
const char *home_dir = getpwuid(getuid())->pw_dir;
if (home_dir != NULL &&
(strlen(home_dir)+strlen("/")+sizeof(TOKEN_FILENAME)+1) <= MAX_PATH) {
/* compose the token path */
strncpy(token_path, home_dir, strlen(home_dir));
strncat(token_path, "/", strlen("/"));
strncat(token_path, TOKEN_FILENAME, sizeof(TOKEN_FILENAME)+1);
} else {
/* if token path is too long or $HOME is NULL */
strncpy(token_path, TOKEN_FILENAME, sizeof(TOKEN_FILENAME));
}
FILE *fp = fopen(token_path, "rb");
if (fp == NULL && (fp = fopen(token_path, "wb")) == NULL) {
printf("Warning: Failed to create/open the launch token file \"%s\".\n", token_path);
}
if (fp != NULL) {
/* read the token from saved file */
size_t read_num = fread(token, 1, sizeof(sgx_launch_token_t), fp);
if (read_num != 0 && read_num != sizeof(sgx_launch_token_t)) {
/* if token is invalid, clear the buffer */
memset(&token, 0x0, sizeof(sgx_launch_token_t));
printf("Warning: Invalid launch token read from \"%s\".\n", token_path);
}
}
/* Step 2: call sgx_create_enclave to initialize an enclave instance */
/* Debug Support: set 2nd parameter to 1 */
ret = sgx_create_enclave(ENCLAVE_FILENAME, SGX_DEBUG_FLAG, &token, &updated, &global_eid, NULL);
if (ret != SGX_SUCCESS) {
print_error_message(ret);
if (fp != NULL) fclose(fp);
return -1;
}
/* Step 3: save the launch token if it is updated */
if (updated == FALSE || fp == NULL) {
/* if the token is not updated, or file handler is invalid, do not perform saving */
if (fp != NULL) fclose(fp);
return 0;
}
/* reopen the file with write capablity */
fp = freopen(token_path, "wb", fp);
if (fp == NULL) return 0;
size_t write_num = fwrite(token, 1, sizeof(sgx_launch_token_t), fp);
if (write_num != sizeof(sgx_launch_token_t))
printf("Warning: Failed to save launch token to \"%s\".\n", token_path);
fclose(fp);
return 0;
}
/* OCall functions */
void ocall_print_string(const char *str)
{
/* Proxy/Bridge will check the length and null-terminate
* the input string to prevent buffer overflow.
*/
printf("%s", str);
}
/* Application entry */
int SGX_CDECL main(int argc, char *argv[])
{
(void)(argc);
(void)(argv);
/* Initialize the enclave */
if(initialize_enclave() < 0){
printf("Enter a character before exit ...\n");
getchar();
return -1;
}
printf_helloworld(global_eid);
/* Destroy the enclave */
sgx_destroy_enclave(global_eid);
return 0;
}

65
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/HelloEnclave/App/App.h
View file

@ -1,65 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef _APP_H_
#define _APP_H_
#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include "sgx_error.h" /* sgx_status_t */
#include "sgx_eid.h" /* sgx_enclave_id_t */
#ifndef TRUE
# define TRUE 1
#endif
#ifndef FALSE
# define FALSE 0
#endif
# define TOKEN_FILENAME "enclave.token"
# define ENCLAVE_FILENAME "enclave.signed.so"
extern sgx_enclave_id_t global_eid; /* global enclave id */
#if defined(__cplusplus)
extern "C" {
#endif
#if defined(__cplusplus)
}
#endif
#endif /* !_APP_H_ */

12
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/HelloEnclave/Enclave/Enclave.config.xml
View file

@ -1,12 +0,0 @@
<EnclaveConfiguration>
<ProdID>0</ProdID>
<ISVSVN>0</ISVSVN>
<StackMaxSize>0x40000</StackMaxSize>
<HeapMaxSize>0x100000</HeapMaxSize>
<TCSNum>10</TCSNum>
<TCSPolicy>1</TCSPolicy>
<!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
<DisableDebug>0</DisableDebug>
<MiscSelect>0</MiscSelect>
<MiscMask>0xFFFFFFFF</MiscMask>
</EnclaveConfiguration>

57
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/HelloEnclave/Enclave/Enclave.cpp
View file

@ -1,57 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include <stdarg.h>
#include <stdio.h> /* vsnprintf */
#include "Enclave.h"
#include "Enclave_t.h" /* print_string */
/*
* printf:
* Invokes OCALL to display the enclave buffer to the terminal.
*/
void printf(const char *fmt, ...)
{
char buf[BUFSIZ] = {'\0'};
va_list ap;
va_start(ap, fmt);
vsnprintf(buf, BUFSIZ, fmt, ap);
va_end(ap);
ocall_print_string(buf);
}
void printf_helloworld()
{
printf("Hello World\n");
}

55
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/HelloEnclave/Enclave/Enclave.edl
View file

@ -1,55 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/* Enclave.edl - Top EDL file. */
enclave {
/* Import ECALL/OCALL from sub-directory EDLs.
* [from]: specifies the location of EDL file.
* [import]: specifies the functions to import,
* [*]: implies to import all functions.
*/
trusted {
public void printf_helloworld();
};
/*
* ocall_print_string - invokes OCALL to display string buffer inside the enclave.
* [in]: copy the string buffer to App outside.
* [string]: specifies 'str' is a NULL terminated buffer.
*/
untrusted {
void ocall_print_string([in, string] const char *str);
};
};

50
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/HelloEnclave/Enclave/Enclave.h
View file

@ -1,50 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef _ENCLAVE_H_
#define _ENCLAVE_H_
#include <stdlib.h>
#include <assert.h>
#if defined(__cplusplus)
extern "C" {
#endif
void printf(const char *fmt, ...);
void printf_helloworld();
#if defined(__cplusplus)
}
#endif
#endif /* !_ENCLAVE_H_ */

10
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/HelloEnclave/Enclave/Enclave.lds
View file

@ -1,10 +0,0 @@
enclave.so
{
global:
g_global_data_sim;
g_global_data;
enclave_entry;
g_peak_heap_used;
local:
*;
};

39
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/HelloEnclave/Enclave/Enclave_private.pem
View file

@ -1,39 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIG4gIBAAKCAYEAroOogvsj/fZDZY8XFdkl6dJmky0lRvnWMmpeH41Bla6U1qLZ
AmZuyIF+mQC/cgojIsrBMzBxb1kKqzATF4+XwPwgKz7fmiddmHyYz2WDJfAjIveJ
ZjdMjM4+EytGlkkJ52T8V8ds0/L2qKexJ+NBLxkeQLfV8n1mIk7zX7jguwbCG1Pr
nEMdJ3Sew20vnje+RsngAzdPChoJpVsWi/K7cettX/tbnre1DL02GXc5qJoQYk7b
3zkmhz31TgFrd9VVtmUGyFXAysuSAb3EN+5VnHGr0xKkeg8utErea2FNtNIgua8H
ONfm9Eiyaav1SVKzPHlyqLtcdxH3I8Wg7yqMsaprZ1n5A1v/levxnL8+It02KseD
5HqV4rf/cImSlCt3lpRg8U5E1pyFQ2IVEC/XTDMiI3c+AR+w2jSRB3Bwn9zJtFlW
KHG3m1xGI4ck+Lci1JvWWLXQagQSPtZTsubxTQNx1gsgZhgv1JHVZMdbVlAbbRMC
1nSuJNl7KPAS/VfzAgEDAoIBgHRXxaynbVP5gkO0ug6Qw/E27wzIw4SmjsxG6Wpe
K7kfDeRskKxESdsA/xCrKkwGwhcx1iIgS5+Qscd1Yg+1D9X9asd/P7waPmWoZd+Z
AhlKwhdPsO7PiF3e1AzHhGQwsUTt/Y/aSI1MpHBvy2/s1h9mFCslOUxTmWw0oj/Q
ldIEgWeNR72CE2+jFIJIyml6ftnb6qzPiga8Bm48ubKh0kvySOqnkmnPzgh+JBD6
JnBmtZbfPT97bwTT+N6rnPqOOApvfHPf15kWI8yDbprG1l4OCUaIUH1AszxLd826
5IPM+8gINLRDP1MA6azECPjTyHXhtnSIBZCyWSVkc05vYmNXYUNiXWMajcxW9M02
wKzFELO8NCEAkaTPxwo4SCyIjUxiK1LbQ9h8PSy4c1+gGP4LAMR8xqP4QKg6zdu9
osUGG/xRe/uufgTBFkcjqBHtK5L5VI0jeNIUAgW/6iNbYXjBMJ0GfauLs+g1VsOm
WfdgXzsb9DYdMa0OXXHypmV4GwKBwQDUwQj8RKJ6c8cT4vcWCoJvJF00+RFL+P3i
Gx2DLERxRrDa8AVGfqaCjsR+3vLgG8V/py+z+dxZYSqeB80Qeo6PDITcRKoeAYh9
xlT3LJOS+k1cJcEmlbbO2IjLkTmzSwa80fWexKu8/Xv6vv15gpqYl1ngYoqJM3pd
vzmTIOi7MKSZ0WmEQavrZj8zK4endE3v0eAEeQ55j1GImbypSf7Idh7wOXtjZ7WD
Dg6yWDrri+AP/L3gClMj8wsAxMV4ZR8CgcEA0fzDHkFa6raVOxWnObmRoDhAtE0a
cjUj976NM5yyfdf2MrKy4/RhdTiPZ6b08/lBC/+xRfV3xKVGzacm6QjqjZrUpgHC
0LKiZaMtccCJjLtPwQd0jGQEnKfMFaPsnhOc5y8qVkCzVOSthY5qhz0XNotHHFmJ
gffVgB0iqrMTvSL7IA2yqqpOqNRlhaYhNl8TiFP3gIeMtVa9rZy31JPgT2uJ+kfo
gV7sdTPEjPWZd7OshGxWpT6QfVDj/T9T7L6tAoHBAI3WBf2DFvxNL2KXT2QHAZ9t
k3imC4f7U+wSE6zILaDZyzygA4RUbwG0gv8/TJVn2P/Eynf76DuWHGlaiLWnCbSz
Az2DHBQBBaku409zDQym3j1ugMRjzzSQWzJg0SIyBH3hTmnYcn3+Uqcp/lEBvGW6
O+rsXFt3pukqJmIV8HzLGGaLm62BHUeZf3dyWm+i3p/hQAL7Xvu04QW70xuGqdr5
afV7p5eaeQIJXyGQJ0eylV/90+qxjMKiB1XYg6WYvwKBwQCL/ddpgOdHJGN8uRom
e7Zq0Csi3hGheMKlKbN3vcxT5U7MdyHtTZZOJbTvxKNNUNYH/8uD+PqDGNneb29G
BfGzvI3EASyLIcGZF3OhKwZd0jUrWk2y7Vhob91jwp2+t73vdMbkKyI4mHOuXvGv
fg95si9oO7EBT+Oqvhccd2J+F1IVXncccYnF4u5ZGWt5lLewN/pVr7MjjykeaHqN
t+rfnQam2psA6fL4zS2zTmZPzR2tnY8Y1GBTi0Ko1OKd1HMCgcAb5cB/7/AQlhP9
yQa04PLH9ygQkKKptZp7dy5WcWRx0K/hAHRoi2aw1wZqfm7VBNu2SLcs90kCCCxp
6C5sfJi6b8NpNbIPC+sc9wsFr7pGo9SFzQ78UlcWYK2Gu2FxlMjonhka5hvo4zvg
WxlpXKEkaFt3gLd92m/dMqBrHfafH7VwOJY2zT3WIpjwuk0ZzmRg5p0pG/svVQEH
NZmwRwlopysbR69B/n1nefJ84UO50fLh5s5Zr3gBRwbWNZyzhXk=
-----END RSA PRIVATE KEY-----

249
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/HelloEnclave/Makefile
View file

@ -1,249 +0,0 @@
#
# Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
#
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
# * Neither the name of Intel Corporation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
#
######## SGX SDK Settings ########
SGX_SDK ?= /opt/intel/sgxsdk
SGX_MODE ?= HW
SGX_ARCH ?= x64
SGX_DEBUG ?= 1
ifeq ($(shell getconf LONG_BIT), 32)
SGX_ARCH := x86
else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32)
SGX_ARCH := x86
endif
ifeq ($(SGX_ARCH), x86)
SGX_COMMON_CFLAGS := -m32
SGX_LIBRARY_PATH := $(SGX_SDK)/lib
SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign
SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r
else
SGX_COMMON_CFLAGS := -m64
SGX_LIBRARY_PATH := $(SGX_SDK)/lib64
SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign
SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r
endif
ifeq ($(SGX_DEBUG), 1)
ifeq ($(SGX_PRERELEASE), 1)
$(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!)
endif
endif
ifeq ($(SGX_DEBUG), 1)
SGX_COMMON_CFLAGS += -O0 -g
else
SGX_COMMON_CFLAGS += -O2
endif
######## App Settings ########
ifneq ($(SGX_MODE), HW)
Urts_Library_Name := sgx_urts_sim
else
Urts_Library_Name := sgx_urts
endif
App_Cpp_Files := App/App.cpp
App_Include_Paths := -IInclude -IApp -I$(SGX_SDK)/include
App_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths)
# Three configuration modes - Debug, prerelease, release
# Debug - Macro DEBUG enabled.
# Prerelease - Macro NDEBUG and EDEBUG enabled.
# Release - Macro NDEBUG enabled.
ifeq ($(SGX_DEBUG), 1)
App_C_Flags += -DDEBUG -UNDEBUG -UEDEBUG
else ifeq ($(SGX_PRERELEASE), 1)
App_C_Flags += -DNDEBUG -DEDEBUG -UDEBUG
else
App_C_Flags += -DNDEBUG -UEDEBUG -UDEBUG
endif
App_Cpp_Flags := $(App_C_Flags) -std=c++11
App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -lpthread
ifneq ($(SGX_MODE), HW)
App_Link_Flags += -lsgx_uae_service_sim
else
App_Link_Flags += -lsgx_uae_service
endif
App_Cpp_Objects := $(App_Cpp_Files:.cpp=.o)
App_Name := app
######## Enclave Settings ########
ifneq ($(SGX_MODE), HW)
Trts_Library_Name := sgx_trts_sim
Service_Library_Name := sgx_tservice_sim
else
Trts_Library_Name := sgx_trts
Service_Library_Name := sgx_tservice
endif
Crypto_Library_Name := sgx_tcrypto
Enclave_Cpp_Files := Enclave/Enclave.cpp
Enclave_Include_Paths := -IInclude -IEnclave -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx
CC_BELOW_4_9 := $(shell expr "`$(CC) -dumpversion`" \< "4.9")
ifeq ($(CC_BELOW_4_9), 1)
Enclave_C_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -ffunction-sections -fdata-sections -fstack-protector
else
Enclave_C_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -ffunction-sections -fdata-sections -fstack-protector-strong
endif
Enclave_C_Flags += $(Enclave_Include_Paths)
Enclave_Cpp_Flags := $(Enclave_C_Flags) -std=c++11 -nostdinc++
# To generate a proper enclave, it is recommended to follow below guideline to link the trusted libraries:
# 1. Link sgx_trts with the `--whole-archive' and `--no-whole-archive' options,
# so that the whole content of trts is included in the enclave.
# 2. For other libraries, you just need to pull the required symbols.
# Use `--start-group' and `--end-group' to link these libraries.
# Do NOT move the libraries linked with `--start-group' and `--end-group' within `--whole-archive' and `--no-whole-archive' options.
# Otherwise, you may get some undesirable errors.
Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \
-Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
-Wl,--start-group -lsgx_tstdc -lsgx_tcxx -l$(Crypto_Library_Name) -l$(Service_Library_Name) -Wl,--end-group \
-Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
-Wl,-pie,-eenclave_entry -Wl,--export-dynamic \
-Wl,--defsym,__ImageBase=0 -Wl,--gc-sections \
-Wl,--version-script=Enclave/Enclave.lds
Enclave_Cpp_Objects := $(Enclave_Cpp_Files:.cpp=.o)
Enclave_Name := enclave.so
Signed_Enclave_Name := enclave.signed.so
Enclave_Config_File := Enclave/Enclave.config.xml
ifeq ($(SGX_MODE), HW)
ifeq ($(SGX_DEBUG), 1)
Build_Mode = HW_DEBUG
else ifeq ($(SGX_PRERELEASE), 1)
Build_Mode = HW_PRERELEASE
else
Build_Mode = HW_RELEASE
endif
else
ifeq ($(SGX_DEBUG), 1)
Build_Mode = SIM_DEBUG
else ifeq ($(SGX_PRERELEASE), 1)
Build_Mode = SIM_PRERELEASE
else
Build_Mode = SIM_RELEASE
endif
endif
.PHONY: all run
ifeq ($(Build_Mode), HW_RELEASE)
all: .config_$(Build_Mode)_$(SGX_ARCH) $(App_Name) $(Enclave_Name)
@echo "The project has been built in release hardware mode."
@echo "Please sign the $(Enclave_Name) first with your signing key before you run the $(App_Name) to launch and access the enclave."
@echo "To sign the enclave use the command:"
@echo " $(SGX_ENCLAVE_SIGNER) sign -key <your key> -enclave $(Enclave_Name) -out <$(Signed_Enclave_Name)> -config $(Enclave_Config_File)"
@echo "You can also sign the enclave using an external signing tool."
@echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW."
else
all: .config_$(Build_Mode)_$(SGX_ARCH) $(App_Name) $(Signed_Enclave_Name)
ifeq ($(Build_Mode), HW_DEBUG)
@echo "The project has been built in debug hardware mode."
else ifeq ($(Build_Mode), SIM_DEBUG)
@echo "The project has been built in debug simulation mode."
else ifeq ($(Build_Mode), HW_PRERELEASE)
@echo "The project has been built in pre-release hardware mode."
else ifeq ($(Build_Mode), SIM_PRERELEASE)
@echo "The project has been built in pre-release simulation mode."
else
@echo "The project has been built in release simulation mode."
endif
endif
run: all
ifneq ($(Build_Mode), HW_RELEASE)
@$(CURDIR)/$(App_Name)
@echo "RUN => $(App_Name) [$(SGX_MODE)|$(SGX_ARCH), OK]"
endif
######## App Objects ########
App/Enclave_u.c: $(SGX_EDGER8R) Enclave/Enclave.edl
@cd App && $(SGX_EDGER8R) --untrusted ../Enclave/Enclave.edl --search-path ../Enclave --search-path $(SGX_SDK)/include
@echo "GEN => $@"
App/Enclave_u.o: App/Enclave_u.c
@$(CC) $(App_C_Flags) -c $< -o $@
@echo "CC <= $<"
App/%.o: App/%.cpp
@$(CXX) $(App_Cpp_Flags) -c $< -o $@
@echo "CXX <= $<"
$(App_Name): App/Enclave_u.o $(App_Cpp_Objects)
@$(CXX) $^ -o $@ $(App_Link_Flags)
@echo "LINK => $@"
.config_$(Build_Mode)_$(SGX_ARCH):
@rm -f .config_* $(App_Name) $(Enclave_Name) $(Signed_Enclave_Name) $(App_Cpp_Objects) App/Enclave_u.* $(Enclave_Cpp_Objects) Enclave/Enclave_t.*
@touch .config_$(Build_Mode)_$(SGX_ARCH)
######## Enclave Objects ########
Enclave/Enclave_t.c: $(SGX_EDGER8R) Enclave/Enclave.edl
@cd Enclave && $(SGX_EDGER8R) --trusted ../Enclave/Enclave.edl --search-path ../Enclave --search-path $(SGX_SDK)/include
@echo "GEN => $@"
Enclave/Enclave_t.o: Enclave/Enclave_t.c
@$(CC) $(Enclave_C_Flags) -c $< -o $@
@echo "CC <= $<"
Enclave/%.o: Enclave/%.cpp
@$(CXX) $(Enclave_Cpp_Flags) -c $< -o $@
@echo "CXX <= $<"
$(Enclave_Name): Enclave/Enclave_t.o $(Enclave_Cpp_Objects)
@$(CXX) $^ -o $@ $(Enclave_Link_Flags)
@echo "LINK => $@"
$(Signed_Enclave_Name): $(Enclave_Name)
@$(SGX_ENCLAVE_SIGNER) sign -key Enclave/Enclave_private.pem -enclave $(Enclave_Name) -out $@ -config $(Enclave_Config_File)
@echo "SIGN => $@"
.PHONY: clean
clean:
@rm -f .config_* $(App_Name) $(Enclave_Name) $(Signed_Enclave_Name) $(App_Cpp_Objects) App/Enclave_u.* $(Enclave_Cpp_Objects) Enclave/Enclave_t.*

55
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/.gitignore vendored
View file

@ -1,55 +0,0 @@
# Prerequisites
*.d
# Object files
*.o
*.ko
*.obj
*.elf
# Linker output
*.ilk
*.map
*.exp
# Precompiled Headers
*.gch
*.pch
# Libraries
*.lib
*.a
*.la
*.lo
# Shared objects (inc. Windows DLLs)
*.dll
*.so
*.so.*
*.dylib
# Executables
*.exe
*.out
*.app
*.i*86
*.x86_64
*.hex
# Debug files
*.dSYM/
*.su
*.idb
*.pdb
# Kernel Module Compile Results
*.mod*
*.cmd
.tmp_versions/
modules.order
Module.symvers
Mkfile.old
dkms.conf
# Apple .DS_Store files
.DS_Store

209
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/Makefile
View file

@ -1,209 +0,0 @@
#
# Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
#
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
# * Neither the name of Intel Corporation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
#
######## SGX SDK Settings ########
SGX_SDK ?= /opt/intel/sgxsdk
SGX_MODE ?= SIM
SGX_ARCH ?= x64
ifeq ($(shell getconf LONG_BIT), 32)
SGX_ARCH := x86
else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32)
SGX_ARCH := x86
endif
ifeq ($(SGX_ARCH), x86)
SGX_COMMON_CFLAGS := -m32
SGX_LIBRARY_PATH := $(SGX_SDK)/lib
SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign
SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r
else
SGX_COMMON_CFLAGS := -m64
SGX_LIBRARY_PATH := $(SGX_SDK)/lib64
SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign
SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r
endif
ifeq ($(SGX_DEBUG), 1)
ifeq ($(SGX_PRERELEASE), 1)
$(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!)
endif
endif
ifeq ($(SGX_DEBUG), 1)
SGX_COMMON_CFLAGS += -O0 -g
else
SGX_COMMON_CFLAGS += -O2
endif
######## App Settings ########
ifneq ($(SGX_MODE), HW)
Urts_Library_Name := sgx_urts_sim
else
Urts_Library_Name := sgx_urts
endif
App_Cpp_Files := app/app.cpp app/utils.cpp
App_Include_Paths := -Iapp -I$(SGX_SDK)/include -Iinclude -Itest
App_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths)
# Three configuration modes - Debug, prerelease, release
# Debug - Macro DEBUG enabled.
# Prerelease - Macro NDEBUG and EDEBUG enabled.
# Release - Macro NDEBUG enabled.
ifeq ($(SGX_DEBUG), 1)
App_C_Flags += -DDEBUG -UNDEBUG -UEDEBUG
else ifeq ($(SGX_PRERELEASE), 1)
App_C_Flags += -DNDEBUG -DEDEBUG -UDEBUG
else
App_C_Flags += -DNDEBUG -UEDEBUG -UDEBUG
endif
App_Cpp_Flags := $(App_C_Flags) -std=c++11
App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -lpthread
ifneq ($(SGX_MODE), HW)
App_Link_Flags += -lsgx_uae_service_sim
else
App_Link_Flags += -lsgx_uae_service
endif
App_Cpp_Objects := $(App_Cpp_Files:.cpp=.o)
App_Name := sgx-wallet
######## Enclave Settings ########
ifneq ($(SGX_MODE), HW)
Trts_Library_Name := sgx_trts_sim
Service_Library_Name := sgx_tservice_sim
else
Trts_Library_Name := sgx_trts
Service_Library_Name := sgx_tservice
endif
Crypto_Library_Name := sgx_tcrypto
Enclave_Cpp_Files := enclave/enclave.cpp enclave/sealing/sealing.cpp
Enclave_Include_Paths := -Ienclave -Iinclude -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/stlport
Enclave_C_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector $(Enclave_Include_Paths)
Enclave_Cpp_Flags := $(Enclave_C_Flags) -std=c++03 -nostdinc++
Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \
-Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
-Wl,--start-group -lsgx_tstdc -lsgx_tstdcxx -l$(Crypto_Library_Name) -l$(Service_Library_Name) -Wl,--end-group \
-Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
-Wl,-pie,-eenclave_entry -Wl,--export-dynamic \
-Wl,--defsym,__ImageBase=0
# -Wl,--version-script=Enclave/Enclave.lds
Enclave_Cpp_Objects := $(Enclave_Cpp_Files:.cpp=.o)
Enclave_Name := enclave.so
Signed_Enclave_Name := enclave.signed.so
Enclave_Config_File := enclave/enclave.config.xml
ifeq ($(SGX_MODE), HW)
ifneq ($(SGX_DEBUG), 1)
ifneq ($(SGX_PRERELEASE), 1)
Build_Mode = HW_RELEASE
endif
endif
endif
.PHONY: all run
ifeq ($(Build_Mode), HW_RELEASE)
all: $(App_Name) $(Enclave_Name)
@echo "The project has been built in release hardware mode."
@echo "Please sign the $(Enclave_Name) first with your signing key before you run the $(App_Name) to launch and access the enclave."
@echo "To sign the enclave use the command:"
@echo " $(SGX_ENCLAVE_SIGNER) sign -key <your key> -enclave $(Enclave_Name) -out <$(Signed_Enclave_Name)> -config $(Enclave_Config_File)"
@echo "You can also sign the enclave using an external signing tool. See User's Guide for more details."
@echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW."
else
all: $(App_Name) $(Signed_Enclave_Name)
endif
run: all
ifneq ($(Build_Mode), HW_RELEASE)
@$(CURDIR)/$(App_Name)
@echo "RUN => $(App_Name) [$(SGX_MODE)|$(SGX_ARCH), OK]"
endif
######## App Objects ########
app/enclave_u.c: $(SGX_EDGER8R) enclave/enclave.edl
@cd app && $(SGX_EDGER8R) --untrusted ../enclave/enclave.edl --search-path ../enclave --search-path $(SGX_SDK)/include
@echo "GEN => $@"
app/enclave_u.o: app/enclave_u.c
@$(CC) $(App_C_Flags) -c $< -o $@
@echo "CC <= $<"
app/%.o: app/%.cpp
@$(CXX) $(App_Cpp_Flags) -c $< -o $@
@echo "CXX <= $<"
$(App_Name): app/enclave_u.o $(App_Cpp_Objects)
@$(CXX) $^ -o $@ $(App_Link_Flags)
@echo "LINK => $@"
######## Enclave Objects ########
enclave/enclave_t.c: $(SGX_EDGER8R) enclave/enclave.edl
@cd enclave && $(SGX_EDGER8R) --trusted ../enclave/enclave.edl --search-path ../enclave --search-path $(SGX_SDK)/include
@echo "GEN => $@"
enclave/enclave_t.o: enclave/enclave_t.c
@$(CC) $(Enclave_C_Flags) -c $< -o $@
@echo "CC <= $<"
enclave/%.o: enclave/%.cpp
@$(CXX) $(Enclave_Cpp_Flags) -c $< -o $@
@echo "CXX <= $<"
$(Enclave_Name): enclave/enclave_t.o $(Enclave_Cpp_Objects)
@$(CXX) $^ -o $@ $(Enclave_Link_Flags)
@echo "LINK => $@"
$(Signed_Enclave_Name): $(Enclave_Name)
@$(SGX_ENCLAVE_SIGNER) sign -key enclave/enclave_private.pem -enclave $(Enclave_Name) -out $@ -config $(Enclave_Config_File)
@echo "SIGN => $@"
.PHONY: clean
clean:
@rm -f $(App_Name) $(Enclave_Name) $(Signed_Enclave_Name) $(App_Cpp_Objects) app/enclave_u.* $(Enclave_Cpp_Objects) enclave/enclave_t.*

225
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/app/app.cpp
View file

@ -1,225 +0,0 @@
#include "enclave_u.h"
#include "sgx_urts.h"
#include <cstring>
#include <fstream>
#include <getopt.h>
#include "app.h"
#include "utils.h"
#include "wallet.h"
#include "enclave.h"
using namespace std;
// OCALLs implementation
int ocall_save_wallet(const uint8_t* sealed_data, const size_t sealed_size) {
ofstream file(WALLET_FILE, ios::out | ios::binary);
if (file.fail()) {return 1;}
file.write((const char*) sealed_data, sealed_size);
file.close();
return 0;
}
int ocall_load_wallet(uint8_t* sealed_data, const size_t sealed_size) {
ifstream file(WALLET_FILE, ios::in | ios::binary);
if (file.fail()) {return 1;}
file.read((char*) sealed_data, sealed_size);
file.close();
return 0;
}
int ocall_is_wallet(void) {
ifstream file(WALLET_FILE, ios::in | ios::binary);
if (file.fail()) {return 0;} // failure means no wallet found
file.close();
return 1;
}
int main(int argc, char** argv) {
sgx_enclave_id_t eid = 0;
sgx_launch_token_t token = {0};
int updated, ret;
sgx_status_t ecall_status, enclave_status;
enclave_status = sgx_create_enclave(ENCLAVE_FILE, SGX_DEBUG_FLAG, &token, &updated, &eid, NULL);
if(enclave_status != SGX_SUCCESS) {
error_print("Fail to initialize enclave.");
return -1;
}
info_print("Enclave successfully initilised.");
const char* options = "hvn:p:c:sax:y:z:r:";
opterr=0; // prevent 'getopt' from printing err messages
char err_message[100];
int opt, stop=0;
int h_flag=0, v_flag=0, s_flag=0, a_flag=0;
char * n_value=NULL, *p_value=NULL, *c_value=NULL, *x_value=NULL, *y_value=NULL, *z_value=NULL, *r_value=NULL;
// read user input
while ((opt = getopt(argc, argv, options)) != -1) {
switch (opt) {
// help
case 'h':
h_flag = 1;
break;
// create new wallet
case 'n':
n_value = optarg;
break;
// master-password
case 'p':
p_value = optarg;
break;
// change master-password
case 'c':
c_value = optarg;
break;
// show wallet
case 's':
s_flag = 1;
break;
// add item
case 'a': // add item flag
a_flag = 1;
break;
case 'x': // item's title
x_value = optarg;
break;
case 'y': // item's username
y_value = optarg;
break;
case 'z': // item's password
z_value = optarg;
break;
// remove item
case 'r':
r_value = optarg;
break;
// exceptions
case '?':
if (optopt == 'n' || optopt == 'p' || optopt == 'c' || optopt == 'r' ||
optopt == 'x' || optopt == 'y' || optopt == 'z'
) {
sprintf(err_message, "Option -%c requires an argument.", optopt);
}
else if (isprint(optopt)) {
sprintf(err_message, "Unknown option `-%c'.", optopt);
}
else {
sprintf(err_message, "Unknown option character `\\x%x'.",optopt);
}
stop = 1;
error_print(err_message);
error_print("Program exiting.");
break;
default:
error_print("Unknown option.");
}
}
// perform actions
if (stop != 1) {
// show help
if (h_flag) {
show_help();
}
// create new wallet
else if(n_value!=NULL) {
ecall_status = ecall_create_wallet(eid, &ret, n_value);
if (ecall_status != SGX_SUCCESS || is_error(ret)) {
error_print("Fail to create new wallet.");
}
else {
info_print("Wallet successfully created.");
}
}
// change master-password
else if (p_value!=NULL && c_value!=NULL) {
ecall_status = ecall_change_master_password(eid, &ret, p_value, c_value);
if (ecall_status != SGX_SUCCESS || is_error(ret)) {
error_print("Fail change master-password.");
}
else {
info_print("Master-password successfully changed.");
}
}
// show wallet
else if(p_value!=NULL && s_flag) {
wallet_t* wallet = (wallet_t*)malloc(sizeof(wallet_t));
ecall_status = ecall_show_wallet(eid, &ret, p_value, wallet, sizeof(wallet_t));
if (ecall_status != SGX_SUCCESS || is_error(ret)) {
error_print("Fail to retrieve wallet.");
}
else {
info_print("Wallet successfully retrieved.");
print_wallet(wallet);
}
free(wallet);
}
// add item
else if (p_value!=NULL && a_flag && x_value!=NULL && y_value!=NULL && z_value!=NULL) {
item_t* new_item = (item_t*)malloc(sizeof(item_t));
strcpy(new_item->title, x_value);
strcpy(new_item->username, y_value);
strcpy(new_item->password, z_value);
ecall_status = ecall_add_item(eid, &ret, p_value, new_item, sizeof(item_t));
if (ecall_status != SGX_SUCCESS || is_error(ret)) {
error_print("Fail to add new item to wallet.");
}
else {
info_print("Item successfully added to the wallet.");
}
free(new_item);
}
// remove item
else if (p_value!=NULL && r_value!=NULL) {
char* p_end;
int index = (int)strtol(r_value, &p_end, 10);
if (r_value == p_end) {
error_print("Option -r requires an integer argument.");
}
else {
ecall_status = ecall_remove_item(eid, &ret, p_value, index);
if (ecall_status != SGX_SUCCESS || is_error(ret)) {
error_print("Fail to remove item.");
}
else {
info_print("Item successfully removed from the wallet.");
}
}
}
// display help
else {
error_print("Wrong inputs.");
show_help();
}
}
// destroy enclave
enclave_status = sgx_destroy_enclave(eid);
if(enclave_status != SGX_SUCCESS) {
error_print("Fail to destroy enclave.");
return -1;
}
info_print("Enclave successfully destroyed.");
info_print("Program exit success.");
return 0;
}

13
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/app/app.h
View file

@ -1,13 +0,0 @@
#ifndef APP_H_
#define APP_H_
/***************************************************
* config.
***************************************************/
#define APP_NAME "sgx-wallet"
#define ENCLAVE_FILE "enclave.signed.so"
#define WALLET_FILE "wallet.seal"
#endif // APP_H_

101
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/app/utils.cpp
View file

@ -1,101 +0,0 @@
#include <stdio.h>
#include <cstring>
#include "utils.h"
#include "app.h"
#include "wallet.h"
#include "enclave.h"
void info_print(const char* str) {
printf("[INFO] %s\n", str);
}
void warning_print(const char* str) {
printf("[WARNING] %s\n", str);
}
void error_print(const char* str) {
printf("[ERROR] %s\n", str);
}
void print_wallet(const wallet_t* wallet) {
printf("\n-----------------------------------------\n\n");
printf("Simple password wallet based on Intel SGX.\n\n");
printf("Number of items: %lu\n\n", wallet->size);
for (int i = 0; i < wallet->size; ++i) {
printf("#%d -- %s\n", i, wallet->items[i].title);
printf("[username:] %s\n", wallet->items[i].username);
printf("[password:] %s\n", wallet->items[i].password);
printf("\n");
}
printf("\n------------------------------------------\n\n");
}
int is_error(int error_code) {
char err_message[100];
// check error case
switch(error_code) {
case RET_SUCCESS:
return 0;
case ERR_PASSWORD_OUT_OF_RANGE:
sprintf(err_message, "Password should be at least 8 characters long and at most %d.", MAX_ITEM_SIZE);
break;
case ERR_WALLET_ALREADY_EXISTS:
sprintf(err_message, "Wallet already exists: delete file '%s' first.", WALLET_FILE);
break;
case ERR_CANNOT_SAVE_WALLET:
strcpy(err_message, "Coud not save wallet.");
break;
case ERR_CANNOT_LOAD_WALLET:
strcpy(err_message, "Coud not load wallet.");
break;
case ERR_WRONG_MASTER_PASSWORD:
strcpy(err_message, "Wrong master password.");
break;
case ERR_WALLET_FULL:
sprintf(err_message, "Wallet full (maximum number of item: %d).", MAX_ITEMS);
break;
case ERR_ITEM_DOES_NOT_EXIST:
strcpy(err_message, "Item does not exist.");
break;
case ERR_ITEM_TOO_LONG:
sprintf(err_message, "Item too longth (maximum size: %d).", MAX_ITEM_SIZE);
break;
case ERR_FAIL_SEAL:
sprintf(err_message, "Fail to seal wallet.");
break;
case ERR_FAIL_UNSEAL:
sprintf(err_message, "Fail to unseal wallet.");
break;
default:
sprintf(err_message, "Unknown error.");
}
// print error message
error_print(err_message);
return 1;
}
void show_help() {
const char* command = "[-h Show this screen] [-v Show version] [-s Show wallet] " \
"[-n master-password] [-p master-password -c new-master-password]" \
"[-p master-password -a -x items_title -y items_username -z toitems_password]" \
"[-p master-password -r items_index]";
printf("\nusage: %s %s\n\n", APP_NAME, command);
}

21
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/app/utils.h
View file

@ -1,21 +0,0 @@
#ifndef UTIL_H_
#define UTIL_H_
#include "wallet.h"
void info_print(const char* str);
void warning_print(const char* str);
void error_print(const char* str);
void print_wallet(const wallet_t* wallet);
int is_error(int error_code);
void show_help();
void show_version();
#endif // UTIL_H_

12
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/enclave/enclave.config.xml
View file

@ -1,12 +0,0 @@
<!-- Please refer to User's Guide for the explanation of each field -->
<EnclaveConfiguration>
<ProdID>0</ProdID>
<ISVSVN>0</ISVSVN>
<StackMaxSize>0x40000</StackMaxSize>
<HeapMaxSize>0x100000</HeapMaxSize>
<TCSNum>10</TCSNum>
<TCSPolicy>1</TCSPolicy>
<DisableDebug>0</DisableDebug>
<MiscSelect>0</MiscSelect>
<MiscMask>0xFFFFFFFF</MiscMask>
</EnclaveConfiguration>

403
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/enclave/enclave.cpp
View file

@ -1,403 +0,0 @@
#include "enclave_t.h"
#include "string.h"
#include "enclave.h"
#include "wallet.h"
#include "sgx_tseal.h"
#include "sealing/sealing.h"
int ecall_create_wallet(const char* master_password) {
//
// OVERVIEW:
// 1. check password policy
// 2. [ocall] abort if wallet already exist
// 3. create wallet
// 4. seal wallet
// 5. [ocall] save wallet
// 6. exit enclave
//
//
sgx_status_t ocall_status, sealing_status;
int ocall_ret;
// 1. check passaword policy
if (strlen(master_password) < 8 || strlen(master_password)+1 > MAX_ITEM_SIZE) {
return ERR_PASSWORD_OUT_OF_RANGE;
}
// 2. abort if wallet already exist
ocall_status = ocall_is_wallet(&ocall_ret);
if (ocall_ret != 0) {
return ERR_WALLET_ALREADY_EXISTS;
}
// 3. create new wallet
wallet_t* wallet = (wallet_t*)malloc(sizeof(wallet_t));
wallet->size = 0;
strncpy(wallet->master_password, master_password, strlen(master_password)+1);
// 4. seal wallet
size_t sealed_size = sizeof(sgx_sealed_data_t) + sizeof(wallet_t);
uint8_t* sealed_data = (uint8_t*)malloc(sealed_size);
sealing_status = seal_wallet(wallet, (sgx_sealed_data_t*)sealed_data, sealed_size);
free(wallet);
if (sealing_status != SGX_SUCCESS) {
free(sealed_data);
return ERR_FAIL_SEAL;
}
// 5. save wallet
ocall_status = ocall_save_wallet(&ocall_ret, sealed_data, sealed_size);
free(sealed_data);
if (ocall_ret != 0 || ocall_status != SGX_SUCCESS) {
return ERR_CANNOT_SAVE_WALLET;
}
// 6. exit enclave
return RET_SUCCESS;
}
/**
* @brief Provides the wallet content. The sizes/length of
* pointers need to be specified, otherwise SGX will
* assume a count of 1 for all pointers.
*
*/
int ecall_show_wallet(const char* master_password, wallet_t* wallet, size_t wallet_size) {
//
// OVERVIEW:
// 1. [ocall] load wallet
// 2. unseal wallet
// 3. verify master-password
// 4. return wallet to app
// 5. exit enclave
//
//
sgx_status_t ocall_status, sealing_status;
int ocall_ret;
// 1. load wallet
size_t sealed_size = sizeof(sgx_sealed_data_t) + sizeof(wallet_t);
uint8_t* sealed_data = (uint8_t*)malloc(sealed_size);
ocall_status = ocall_load_wallet(&ocall_ret, sealed_data, sealed_size);
if (ocall_ret != 0 || ocall_status != SGX_SUCCESS) {
free(sealed_data);
return ERR_CANNOT_LOAD_WALLET;
}
// 2. unseal loaded wallet
uint32_t plaintext_size = sizeof(wallet_t);
wallet_t* unsealed_wallet = (wallet_t*)malloc(plaintext_size);
sealing_status = unseal_wallet((sgx_sealed_data_t*)sealed_data, unsealed_wallet, plaintext_size);
free(sealed_data);
if (sealing_status != SGX_SUCCESS) {
free(unsealed_wallet);
return ERR_FAIL_UNSEAL;
}
// 3. verify master-password
if (strcmp(unsealed_wallet->master_password, master_password) != 0) {
free(unsealed_wallet);
return ERR_WRONG_MASTER_PASSWORD;
}
// 4. return wallet to app
(* wallet) = *unsealed_wallet;
free(unsealed_wallet);
// 5. exit enclave
return RET_SUCCESS;
}
/**
* @brief Changes the wallet's master-password.
*
*/
int ecall_change_master_password(const char* old_password, const char* new_password) {
//
// OVERVIEW:
// 1. check password policy
// 2. [ocall] load wallet
// 3. unseal wallet
// 4. verify old password
// 5. update password
// 6. seal wallet
// 7. [ocall] save sealed wallet
// 8. exit enclave
//
//
sgx_status_t ocall_status, sealing_status;
int ocall_ret;
// 1. check passaword policy
if (strlen(new_password) < 8 || strlen(new_password)+1 > MAX_ITEM_SIZE) {
return ERR_PASSWORD_OUT_OF_RANGE;
}
// 2. load wallet
size_t sealed_size = sizeof(sgx_sealed_data_t) + sizeof(wallet_t);
uint8_t* sealed_data = (uint8_t*)malloc(sealed_size);
ocall_status = ocall_load_wallet(&ocall_ret, sealed_data, sealed_size);
if (ocall_ret != 0 || ocall_status != SGX_SUCCESS) {
free(sealed_data);
return ERR_CANNOT_LOAD_WALLET;
}
// 3. unseal wallet
uint32_t plaintext_size = sizeof(wallet_t);
wallet_t* wallet = (wallet_t*)malloc(plaintext_size);
sealing_status = unseal_wallet((sgx_sealed_data_t*)sealed_data, wallet, plaintext_size);
free(sealed_data);
if (sealing_status != SGX_SUCCESS) {
free(wallet);
return ERR_FAIL_UNSEAL;
}
// 4. verify master-password
if (strcmp(wallet->master_password, old_password) != 0) {
free(wallet);
return ERR_WRONG_MASTER_PASSWORD;
}
// 5. update password
strncpy(wallet->master_password, new_password, strlen(new_password)+1);
// 6. seal wallet
sealed_data = (uint8_t*)malloc(sealed_size);
sealing_status = seal_wallet(wallet, (sgx_sealed_data_t*)sealed_data, sealed_size);
free(wallet);
if (sealing_status != SGX_SUCCESS) {
free(wallet);
free(sealed_data);
return ERR_FAIL_SEAL;
}
// 7. save wallet
ocall_status = ocall_save_wallet(&ocall_ret, sealed_data, sealed_size);
free(sealed_data);
if (ocall_ret != 0 || ocall_status != SGX_SUCCESS) {
return ERR_CANNOT_SAVE_WALLET;
}
// 6. exit enclave
return RET_SUCCESS;
}
/**
* @brief Adds an item to the wallet. The sizes/length of
* pointers need to be specified, otherwise SGX will
* assume a count of 1 for all pointers.
*
*/
int ecall_add_item(const char* master_password, const item_t* item, const size_t item_size) {
//
// OVERVIEW:
// 1. [ocall] load wallet
// 2. unseal wallet
// 3. verify master-password
// 4. check input length
// 5. add item to the wallet
// 6. seal wallet
// 7. [ocall] save sealed wallet
// 8. exit enclave
//
//
sgx_status_t ocall_status, sealing_status;
int ocall_ret;
// 2. load wallet
size_t sealed_size = sizeof(sgx_sealed_data_t) + sizeof(wallet_t);
uint8_t* sealed_data = (uint8_t*)malloc(sealed_size);
ocall_status = ocall_load_wallet(&ocall_ret, sealed_data, sealed_size);
if (ocall_ret != 0 || ocall_status != SGX_SUCCESS) {
free(sealed_data);
return ERR_CANNOT_LOAD_WALLET;
}
// 3. unseal wallet
uint32_t plaintext_size = sizeof(wallet_t);
wallet_t* wallet = (wallet_t*)malloc(plaintext_size);
sealing_status = unseal_wallet((sgx_sealed_data_t*)sealed_data, wallet, plaintext_size);
free(sealed_data);
if (sealing_status != SGX_SUCCESS) {
free(wallet);
return ERR_FAIL_UNSEAL;
}
// 3. verify master-password
if (strcmp(wallet->master_password, master_password) != 0) {
free(wallet);
return ERR_WRONG_MASTER_PASSWORD;
}
// 4. check input length
if (strlen(item->title)+1 > MAX_ITEM_SIZE ||
strlen(item->username)+1 > MAX_ITEM_SIZE ||
strlen(item->password)+1 > MAX_ITEM_SIZE
) {
free(wallet);
return ERR_ITEM_TOO_LONG;
}
// 5. add item to the wallet
size_t wallet_size = wallet->size;
if (wallet_size >= MAX_ITEMS) {
free(wallet);
return ERR_WALLET_FULL;
}
wallet->items[wallet_size] = *item;
++wallet->size;
// 6. seal wallet
sealed_data = (uint8_t*)malloc(sealed_size);
sealing_status = seal_wallet(wallet, (sgx_sealed_data_t*)sealed_data, sealed_size);
free(wallet);
if (sealing_status != SGX_SUCCESS) {
free(wallet);
free(sealed_data);
return ERR_FAIL_SEAL;
}
// 7. save wallet
ocall_status = ocall_save_wallet(&ocall_ret, sealed_data, sealed_size);
free(sealed_data);
if (ocall_ret != 0 || ocall_status != SGX_SUCCESS) {
return ERR_CANNOT_SAVE_WALLET;
}
// 8. exit enclave
return RET_SUCCESS;
}
/**
* @brief Removes an item from the wallet. The sizes/length of
* pointers need to be specified, otherwise SGX will
* assume a count of 1 for all pointers.
*
*/
int ecall_remove_item(const char* master_password, const int index) {
//
// OVERVIEW:
// 1. check index bounds
// 2. [ocall] load wallet
// 3. unseal wallet
// 4. verify master-password
// 5. remove item from the wallet
// 6. seal wallet
// 7. [ocall] save sealed wallet
// 8. exit enclave
//
//
sgx_status_t ocall_status, sealing_status;
int ocall_ret;
// 1. check index bounds
if (index < 0 || index >= MAX_ITEMS) {
return ERR_ITEM_DOES_NOT_EXIST;
}
// 2. load wallet
size_t sealed_size = sizeof(sgx_sealed_data_t) + sizeof(wallet_t);
uint8_t* sealed_data = (uint8_t*)malloc(sealed_size);
ocall_status = ocall_load_wallet(&ocall_ret, sealed_data, sealed_size);
if (ocall_ret != 0 || ocall_status != SGX_SUCCESS) {
free(sealed_data);
return ERR_CANNOT_LOAD_WALLET;
}
// 3. unseal wallet
uint32_t plaintext_size = sizeof(wallet_t);
wallet_t* wallet = (wallet_t*)malloc(plaintext_size);
sealing_status = unseal_wallet((sgx_sealed_data_t*)sealed_data, wallet, plaintext_size);
free(sealed_data);
if (sealing_status != SGX_SUCCESS) {
free(wallet);
return ERR_FAIL_UNSEAL;
}
// 4. verify master-password
if (strcmp(wallet->master_password, master_password) != 0) {
free(wallet);
return ERR_WRONG_MASTER_PASSWORD;
}
// 5. remove item from the wallet
size_t wallet_size = wallet->size;
if (index >= wallet_size) {
free(wallet);
return ERR_ITEM_DOES_NOT_EXIST;
}
for (int i = index; i < wallet_size-1; ++i) {
wallet->items[i] = wallet->items[i+1];
}
--wallet->size;
// 6. seal wallet
sealed_data = (uint8_t*)malloc(sealed_size);
sealing_status = seal_wallet(wallet, (sgx_sealed_data_t*)sealed_data, sealed_size);
free(wallet);
if (sealing_status != SGX_SUCCESS) {
free(sealed_data);
return ERR_FAIL_SEAL;
}
// 7. save wallet
ocall_status = ocall_save_wallet(&ocall_ret, sealed_data, sealed_size);
free(sealed_data);
if (ocall_ret != 0 || ocall_status != SGX_SUCCESS) {
return ERR_CANNOT_SAVE_WALLET;
}
// 8. exit enclave
return RET_SUCCESS;
}

53
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/enclave/enclave.edl
View file

@ -1,53 +0,0 @@
enclave {
// includes
include "wallet.h"
// define ECALLs
trusted {
public int ecall_create_wallet(
[in, string]const char* master_password
);
public int ecall_show_wallet(
[in, string]const char* master_password,
[out, size=wallet_size] wallet_t* wallet,
size_t wallet_size
);
public int ecall_change_master_password(
[in, string]const char* old_password,
[in, string]const char* new_password
);
public int ecall_add_item(
[in, string]const char* master_password,
[in, size=item_size]const item_t* item,
size_t item_size
);
public int ecall_remove_item(
[in, string]const char* master_password,
int index
);
};
// define OCALLs
untrusted {
int ocall_save_wallet(
[in, size=sealed_size]const uint8_t* sealed_data,
size_t sealed_size
);
int ocall_load_wallet(
[out, size=sealed_size]uint8_t* sealed_data,
size_t sealed_size
);
int ocall_is_wallet(void);
};
};

39
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/enclave/enclave_private.pem
View file

@ -1,39 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIG4gIBAAKCAYEAroOogvsj/fZDZY8XFdkl6dJmky0lRvnWMmpeH41Bla6U1qLZ
AmZuyIF+mQC/cgojIsrBMzBxb1kKqzATF4+XwPwgKz7fmiddmHyYz2WDJfAjIveJ
ZjdMjM4+EytGlkkJ52T8V8ds0/L2qKexJ+NBLxkeQLfV8n1mIk7zX7jguwbCG1Pr
nEMdJ3Sew20vnje+RsngAzdPChoJpVsWi/K7cettX/tbnre1DL02GXc5qJoQYk7b
3zkmhz31TgFrd9VVtmUGyFXAysuSAb3EN+5VnHGr0xKkeg8utErea2FNtNIgua8H
ONfm9Eiyaav1SVKzPHlyqLtcdxH3I8Wg7yqMsaprZ1n5A1v/levxnL8+It02KseD
5HqV4rf/cImSlCt3lpRg8U5E1pyFQ2IVEC/XTDMiI3c+AR+w2jSRB3Bwn9zJtFlW
KHG3m1xGI4ck+Lci1JvWWLXQagQSPtZTsubxTQNx1gsgZhgv1JHVZMdbVlAbbRMC
1nSuJNl7KPAS/VfzAgEDAoIBgHRXxaynbVP5gkO0ug6Qw/E27wzIw4SmjsxG6Wpe
K7kfDeRskKxESdsA/xCrKkwGwhcx1iIgS5+Qscd1Yg+1D9X9asd/P7waPmWoZd+Z
AhlKwhdPsO7PiF3e1AzHhGQwsUTt/Y/aSI1MpHBvy2/s1h9mFCslOUxTmWw0oj/Q
ldIEgWeNR72CE2+jFIJIyml6ftnb6qzPiga8Bm48ubKh0kvySOqnkmnPzgh+JBD6
JnBmtZbfPT97bwTT+N6rnPqOOApvfHPf15kWI8yDbprG1l4OCUaIUH1AszxLd826
5IPM+8gINLRDP1MA6azECPjTyHXhtnSIBZCyWSVkc05vYmNXYUNiXWMajcxW9M02
wKzFELO8NCEAkaTPxwo4SCyIjUxiK1LbQ9h8PSy4c1+gGP4LAMR8xqP4QKg6zdu9
osUGG/xRe/uufgTBFkcjqBHtK5L5VI0jeNIUAgW/6iNbYXjBMJ0GfauLs+g1VsOm
WfdgXzsb9DYdMa0OXXHypmV4GwKBwQDUwQj8RKJ6c8cT4vcWCoJvJF00+RFL+P3i
Gx2DLERxRrDa8AVGfqaCjsR+3vLgG8V/py+z+dxZYSqeB80Qeo6PDITcRKoeAYh9
xlT3LJOS+k1cJcEmlbbO2IjLkTmzSwa80fWexKu8/Xv6vv15gpqYl1ngYoqJM3pd
vzmTIOi7MKSZ0WmEQavrZj8zK4endE3v0eAEeQ55j1GImbypSf7Idh7wOXtjZ7WD
Dg6yWDrri+AP/L3gClMj8wsAxMV4ZR8CgcEA0fzDHkFa6raVOxWnObmRoDhAtE0a
cjUj976NM5yyfdf2MrKy4/RhdTiPZ6b08/lBC/+xRfV3xKVGzacm6QjqjZrUpgHC
0LKiZaMtccCJjLtPwQd0jGQEnKfMFaPsnhOc5y8qVkCzVOSthY5qhz0XNotHHFmJ
gffVgB0iqrMTvSL7IA2yqqpOqNRlhaYhNl8TiFP3gIeMtVa9rZy31JPgT2uJ+kfo
gV7sdTPEjPWZd7OshGxWpT6QfVDj/T9T7L6tAoHBAI3WBf2DFvxNL2KXT2QHAZ9t
k3imC4f7U+wSE6zILaDZyzygA4RUbwG0gv8/TJVn2P/Eynf76DuWHGlaiLWnCbSz
Az2DHBQBBaku409zDQym3j1ugMRjzzSQWzJg0SIyBH3hTmnYcn3+Uqcp/lEBvGW6
O+rsXFt3pukqJmIV8HzLGGaLm62BHUeZf3dyWm+i3p/hQAL7Xvu04QW70xuGqdr5
afV7p5eaeQIJXyGQJ0eylV/90+qxjMKiB1XYg6WYvwKBwQCL/ddpgOdHJGN8uRom
e7Zq0Csi3hGheMKlKbN3vcxT5U7MdyHtTZZOJbTvxKNNUNYH/8uD+PqDGNneb29G
BfGzvI3EASyLIcGZF3OhKwZd0jUrWk2y7Vhob91jwp2+t73vdMbkKyI4mHOuXvGv
fg95si9oO7EBT+Oqvhccd2J+F1IVXncccYnF4u5ZGWt5lLewN/pVr7MjjykeaHqN
t+rfnQam2psA6fL4zS2zTmZPzR2tnY8Y1GBTi0Ko1OKd1HMCgcAb5cB/7/AQlhP9
yQa04PLH9ygQkKKptZp7dy5WcWRx0K/hAHRoi2aw1wZqfm7VBNu2SLcs90kCCCxp
6C5sfJi6b8NpNbIPC+sc9wsFr7pGo9SFzQ78UlcWYK2Gu2FxlMjonhka5hvo4zvg
WxlpXKEkaFt3gLd92m/dMqBrHfafH7VwOJY2zT3WIpjwuk0ZzmRg5p0pG/svVQEH
NZmwRwlopysbR69B/n1nefJ84UO50fLh5s5Zr3gBRwbWNZyzhXk=
-----END RSA PRIVATE KEY-----

15
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/enclave/sealing/sealing.cpp
View file

@ -1,15 +0,0 @@
#include "enclave_t.h"
#include "sgx_trts.h"
#include "sgx_tseal.h"
#include "wallet.h"
#include "sealing.h"
sgx_status_t seal_wallet(const wallet_t* wallet, sgx_sealed_data_t* sealed_data, size_t sealed_size) {
return sgx_seal_data(0, NULL, sizeof(wallet_t), (uint8_t*)wallet, sealed_size, sealed_data);
}
sgx_status_t unseal_wallet(const sgx_sealed_data_t* sealed_data, wallet_t* plaintext, uint32_t plaintext_size) {
return sgx_unseal_data(sealed_data, NULL, NULL, (uint8_t*)plaintext, &plaintext_size);
}

16
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/enclave/sealing/sealing.h
View file

@ -1,16 +0,0 @@
#ifndef SEALING_H_
#define SEALING_H_
#include "sgx_trts.h"
#include "sgx_tseal.h"
#include "wallet.h"
sgx_status_t seal_wallet(const wallet_t* plaintext, sgx_sealed_data_t* sealed_data, size_t sealed_size);
sgx_status_t unseal_wallet(const sgx_sealed_data_t* sealed_data, wallet_t* plaintext, uint32_t plaintext_size);
#endif // SEALING_H_

21
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/include/enclave.h
View file

@ -1,21 +0,0 @@
#ifndef ENCLAVE_H_
#define ENCLAVE_H_
/***************************************************
* Enclave return codes
***************************************************/
#define RET_SUCCESS 0
#define ERR_PASSWORD_OUT_OF_RANGE 1
#define ERR_WALLET_ALREADY_EXISTS 2
#define ERR_CANNOT_SAVE_WALLET 3
#define ERR_CANNOT_LOAD_WALLET 4
#define ERR_WRONG_MASTER_PASSWORD 5
#define ERR_WALLET_FULL 6
#define ERR_ITEM_DOES_NOT_EXIST 7
#define ERR_ITEM_TOO_LONG 8
#define ERR_FAIL_SEAL 9
#define ERR_FAIL_UNSEAL 10
#endif // ENCLAVE_H_

25
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/include/wallet.h
View file

@ -1,25 +0,0 @@
#ifndef WALLET_H_
#define WALLET_H_
#define MAX_ITEMS 100
#define MAX_ITEM_SIZE 100
// item
struct Item {
char title[MAX_ITEM_SIZE];
char username[MAX_ITEM_SIZE];
char password[MAX_ITEM_SIZE];
};
typedef struct Item item_t;
// wallet
struct Wallet {
item_t items[MAX_ITEMS];
size_t size;
char master_password[MAX_ITEM_SIZE];
};
typedef struct Wallet wallet_t;
#endif // WALLET_H_

216
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/.cproject
View file

@ -1,216 +0,0 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<?fileVersion 4.0.0?><cproject storage_type_id="org.eclipse.cdt.core.XmlProjectDescriptionStorage">
<storageModule moduleId="org.eclipse.cdt.core.settings">
<cconfiguration id="com.intel.sgx.configuration.Sim.Debug">
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.Sim.Debug" moduleId="org.eclipse.cdt.core.settings" name="Intel(R) SGX Simulation Debug">
<externalSettings/>
<extensions>
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
</extensions>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.Sim.Debug" name="Intel(R) SGX Simulation Debug" parent="com.intel.sgx.configuration.Sim.Debug">
<folderInfo id="com.intel.sgx.configuration.Sim.Debug.935873960" name="/" resourcePath="">
<toolChain id="com.intel.sgx.toolChain.Sim.Debug.2132595457" name="Intel(R) SGX" superClass="com.intel.sgx.toolChain.Sim.Debug">
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.1678491512" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
<builder arguments="SGX_DEBUG=1 SGX_MODE=SIM -f Makefile" command="make" id="com.intel.sgx.builder2.229166714" keepEnvironmentInBuildfile="false" name="Intel(R) Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder2"/>
<tool id="com.intel.sgx.compiler.81269967" name="Intel(R) SGX" superClass="com.intel.sgx.compiler">
<option id="com.intel.sgx.option.includePath.1694375039" superClass="com.intel.sgx.option.includePath" valueType="includePath">
<listOptionValue builtIn="false" value="&quot;${SGX_SDK}/include&quot;"/>
</option>
<inputType id="com.intel.sgx.inputType.742388855" superClass="com.intel.sgx.inputType"/>
</tool>
</toolChain>
</folderInfo>
</configuration>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
</cconfiguration>
<cconfiguration id="com.intel.sgx.configuration.Sim.Release">
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.Sim.Release" moduleId="org.eclipse.cdt.core.settings" name="Intel(R) SGX Simulation">
<externalSettings/>
<extensions>
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
</extensions>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.Sim.Release" name="Intel(R) SGX Simulation" parent="com.intel.sgx.configuration.Sim.Release">
<folderInfo id="com.intel.sgx.configuration.Sim.Release.428839196" name="/" resourcePath="">
<toolChain id="com.intel.sgx.toolChain.Sim.Release.709775329" name="Intel(R) SGX" superClass="com.intel.sgx.toolChain.Sim.Release">
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.1866379479" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
<builder arguments="SGX_DEBUG=0 SGX_MODE=SIM -f Makefile" command="make" id="com.intel.sgx.builder3.1000705250" keepEnvironmentInBuildfile="false" name="Intel(R) Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder3"/>
<tool id="com.intel.sgx.compiler.301453474" name="Intel(R) SGX" superClass="com.intel.sgx.compiler">
<option id="com.intel.sgx.option.includePath.1312096753" superClass="com.intel.sgx.option.includePath" valueType="includePath">
<listOptionValue builtIn="false" value="&quot;${SGX_SDK}/include&quot;"/>
</option>
<inputType id="com.intel.sgx.inputType.596141238" superClass="com.intel.sgx.inputType"/>
</tool>
</toolChain>
</folderInfo>
</configuration>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
</cconfiguration>
<cconfiguration id="com.intel.sgx.configuration.HW.Debug">
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.HW.Debug" moduleId="org.eclipse.cdt.core.settings" name="Intel(R) SGX Hardware Debug">
<externalSettings/>
<extensions>
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
</extensions>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.HW.Debug" name="Intel(R) SGX Hardware Debug" parent="com.intel.sgx.configuration.HW.Debug">
<folderInfo id="com.intel.sgx.configuration.HW.Debug.562917509" name="/" resourcePath="">
<toolChain id="com.intel.sgx.toolChain.HW.Debug.2046051538" name="Intel(R) SGX" superClass="com.intel.sgx.toolChain.HW.Debug">
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.999277922" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
<builder arguments="SGX_DEBUG=1 SGX_MODE=HW -f Makefile" command="make" id="com.intel.sgx.builder1.577701014" keepEnvironmentInBuildfile="false" name="Intel(R) Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder1"/>
<tool id="com.intel.sgx.compiler.1898704176" name="Intel(R) SGX" superClass="com.intel.sgx.compiler">
<option id="com.intel.sgx.option.includePath.1026657138" superClass="com.intel.sgx.option.includePath" valueType="includePath">
<listOptionValue builtIn="false" value="&quot;${SGX_SDK}/include&quot;"/>
</option>
<inputType id="com.intel.sgx.inputType.393162412" superClass="com.intel.sgx.inputType"/>
</tool>
</toolChain>
</folderInfo>
</configuration>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
</cconfiguration>
<cconfiguration id="com.intel.sgx.configuration.HW.Prerelease">
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.HW.Prerelease" moduleId="org.eclipse.cdt.core.settings" name="Intel(R) SGX Hardware Prerelease">
<externalSettings/>
<extensions>
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
</extensions>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.HW.Prerelease" name="Intel(R) SGX Hardware Prerelease" parent="com.intel.sgx.configuration.HW.Prerelease">
<folderInfo id="com.intel.sgx.configuration.HW.Prerelease.2074448686" name="/" resourcePath="">
<toolChain id="com.intel.sgx.toolChain.HW.Prerelease.2016152654" name="Intel(R) SGX" superClass="com.intel.sgx.toolChain.HW.Prerelease">
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.1520324017" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
<builder arguments="SGX_PRERELEASE=1 SGX_MODE=HW -f Makefile" command="make" id="com.intel.sgx.builder5.293910513" keepEnvironmentInBuildfile="false" name="Intel(R) Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder5"/>
<tool id="com.intel.sgx.compiler.845441552" name="Intel(R) SGX" superClass="com.intel.sgx.compiler">
<option id="com.intel.sgx.option.includePath.199398937" superClass="com.intel.sgx.option.includePath" valueType="includePath">
<listOptionValue builtIn="false" value="&quot;${SGX_SDK}/include&quot;"/>
</option>
<inputType id="com.intel.sgx.inputType.1555926498" superClass="com.intel.sgx.inputType"/>
</tool>
</toolChain>
</folderInfo>
</configuration>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
</cconfiguration>
<cconfiguration id="com.intel.sgx.configuration.HW.Release">
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.HW.Release" moduleId="org.eclipse.cdt.core.settings" name="Intel(R) SGX Hardware Release">
<externalSettings/>
<extensions>
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
</extensions>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.HW.Release" name="Intel(R) SGX Hardware Release" parent="com.intel.sgx.configuration.HW.Release">
<folderInfo id="com.intel.sgx.configuration.HW.Release.1347223665" name="/" resourcePath="">
<toolChain id="com.intel.sgx.toolChain.HW.Release.1050674831" name="Intel(R) SGX" superClass="com.intel.sgx.toolChain.HW.Release">
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.987781695" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
<builder arguments="SGX_DEBUG=0 SGX_MODE=HW -f Makefile" command="make" id="com.intel.sgx.builder6.484951388" keepEnvironmentInBuildfile="false" name="Intel(R) Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder6"/>
<tool id="com.intel.sgx.compiler.945246695" name="Intel(R) SGX" superClass="com.intel.sgx.compiler">
<option id="com.intel.sgx.option.includePath.119487102" superClass="com.intel.sgx.option.includePath" valueType="includePath">
<listOptionValue builtIn="false" value="&quot;${SGX_SDK}/include&quot;"/>
</option>
<inputType id="com.intel.sgx.inputType.593431891" superClass="com.intel.sgx.inputType"/>
</tool>
</toolChain>
</folderInfo>
</configuration>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
</cconfiguration>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<project id="LocalAttestation.cdt.managedbuild.target.gnu.exe.872917958" name="Executable" projectType="cdt.managedbuild.target.gnu.exe"/>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.LanguageSettingsProviders"/>
<storageModule moduleId="refreshScope" versionNumber="2">
<configuration configurationName="Intel(R) SGX Hardware Debug">
<resource resourceType="PROJECT" workspacePath="/LocalAttestation"/>
</configuration>
<configuration configurationName="Intel(R) SGX Simulation Debug">
<resource resourceType="PROJECT" workspacePath="/LocalAttestation"/>
</configuration>
<configuration configurationName="Intel(R) SGX Hardware Prerelease">
<resource resourceType="PROJECT" workspacePath="/LocalAttestation"/>
</configuration>
<configuration configurationName="Intel(R) SGX Simulation">
<resource resourceType="PROJECT" workspacePath="/LocalAttestation"/>
</configuration>
<configuration configurationName="Intel(R) SGX Hardware Release">
<resource resourceType="PROJECT" workspacePath="/LocalAttestation"/>
</configuration>
</storageModule>
<storageModule moduleId="scannerConfiguration">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.HW.Release;com.intel.sgx.configuration.HW.Release.1347223665;com.intel.sgx.compiler.945246695;com.intel.sgx.inputType.593431891">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.Sim.Debug;com.intel.sgx.configuration.Sim.Debug.935873960;com.intel.sgx.compiler.81269967;com.intel.sgx.inputType.742388855">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.Sim.Release;com.intel.sgx.configuration.Sim.Release.428839196;com.intel.sgx.compiler.301453474;com.intel.sgx.inputType.596141238">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="cdt.managedbuild.config.gnu.exe.debug.1609650460;cdt.managedbuild.config.gnu.exe.debug.1609650460.;cdt.managedbuild.tool.gnu.c.compiler.exe.debug.1644119147;cdt.managedbuild.tool.gnu.c.compiler.input.938348551">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="cdt.managedbuild.config.gnu.exe.release.1394873887;cdt.managedbuild.config.gnu.exe.release.1394873887.;cdt.managedbuild.tool.gnu.c.compiler.exe.release.2035356548;cdt.managedbuild.tool.gnu.c.compiler.input.793813290">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.HW.Debug;com.intel.sgx.configuration.HW.Debug.562917509;com.intel.sgx.compiler.1898704176;com.intel.sgx.inputType.393162412">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.HW.Prerelease;com.intel.sgx.configuration.HW.Prerelease.2074448686;com.intel.sgx.compiler.845441552;com.intel.sgx.inputType.1555926498">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
</scannerConfigBuildInfo>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.internal.ui.text.commentOwnerProjectMappings"/>
</cproject>

28
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/.project
View file

@ -1,28 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<projectDescription>
<name>LocalAttestation</name>
<comment></comment>
<projects>
</projects>
<buildSpec>
<buildCommand>
<name>org.eclipse.cdt.managedbuilder.core.genmakebuilder</name>
<triggers>clean,full,incremental,</triggers>
<arguments>
</arguments>
</buildCommand>
<buildCommand>
<name>org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder</name>
<triggers>full,incremental,</triggers>
<arguments>
</arguments>
</buildCommand>
</buildSpec>
<natures>
<nature>org.eclipse.cdt.core.cnature</nature>
<nature>org.eclipse.cdt.managedbuilder.core.managedBuildNature</nature>
<nature>org.eclipse.cdt.managedbuilder.core.ScannerConfigNature</nature>
<nature>org.eclipse.cdt.core.ccnature</nature>
<nature>com.intel.sgx.sgxnature</nature>
</natures>
</projectDescription>

73
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/.settings/language.settings.xml
View file

@ -1,73 +0,0 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<project>
<configuration id="com.intel.sgx.configuration.Sim.Debug" name="Intel(R) SGX Simulation Debug">
<extension point="org.eclipse.cdt.core.LanguageSettingsProvider">
<provider class="org.eclipse.cdt.core.language.settings.providers.LanguageSettingsGenericProvider" id="org.eclipse.cdt.ui.UserLanguageSettingsProvider" name="CDT User Setting Entries" prefer-non-shared="true" store-entries-with-project="true">
<resource project-relative-path="">
<entry kind="includePath" name="${SGX_SDK}/include">
<flag value="LOCAL"/>
</entry>
</resource>
</provider>
<provider-reference id="org.eclipse.cdt.core.ReferencedProjectsLanguageSettingsProvider" ref="shared-provider"/>
<provider-reference id="org.eclipse.cdt.managedbuilder.core.MBSLanguageSettingsProvider" ref="shared-provider"/>
<provider-reference id="org.eclipse.cdt.managedbuilder.core.GCCBuiltinSpecsDetector" ref="shared-provider"/>
</extension>
</configuration>
<configuration id="com.intel.sgx.configuration.Sim.Release" name="Intel(R) SGX Simulation">
<extension point="org.eclipse.cdt.core.LanguageSettingsProvider">
<provider class="org.eclipse.cdt.core.language.settings.providers.LanguageSettingsGenericProvider" id="org.eclipse.cdt.ui.UserLanguageSettingsProvider" name="CDT User Setting Entries" prefer-non-shared="true" store-entries-with-project="true">
<resource project-relative-path="">
<entry kind="includePath" name="${SGX_SDK}/include">
<flag value="LOCAL"/>
</entry>
</resource>
</provider>
<provider-reference id="org.eclipse.cdt.core.ReferencedProjectsLanguageSettingsProvider" ref="shared-provider"/>
<provider-reference id="org.eclipse.cdt.managedbuilder.core.MBSLanguageSettingsProvider" ref="shared-provider"/>
<provider-reference id="org.eclipse.cdt.managedbuilder.core.GCCBuiltinSpecsDetector" ref="shared-provider"/>
</extension>
</configuration>
<configuration id="com.intel.sgx.configuration.HW.Debug" name="Intel(R) SGX Hardware Debug">
<extension point="org.eclipse.cdt.core.LanguageSettingsProvider">
<provider class="org.eclipse.cdt.core.language.settings.providers.LanguageSettingsGenericProvider" id="org.eclipse.cdt.ui.UserLanguageSettingsProvider" name="CDT User Setting Entries" prefer-non-shared="true" store-entries-with-project="true">
<resource project-relative-path="">
<entry kind="includePath" name="${SGX_SDK}/include">
<flag value="LOCAL"/>
</entry>
</resource>
</provider>
<provider-reference id="org.eclipse.cdt.core.ReferencedProjectsLanguageSettingsProvider" ref="shared-provider"/>
<provider-reference id="org.eclipse.cdt.managedbuilder.core.MBSLanguageSettingsProvider" ref="shared-provider"/>
<provider-reference id="org.eclipse.cdt.managedbuilder.core.GCCBuiltinSpecsDetector" ref="shared-provider"/>
</extension>
</configuration>
<configuration id="com.intel.sgx.configuration.HW.Prerelease" name="Intel(R) SGX Hardware Prerelease">
<extension point="org.eclipse.cdt.core.LanguageSettingsProvider">
<provider class="org.eclipse.cdt.core.language.settings.providers.LanguageSettingsGenericProvider" id="org.eclipse.cdt.ui.UserLanguageSettingsProvider" name="CDT User Setting Entries" prefer-non-shared="true" store-entries-with-project="true">
<resource project-relative-path="">
<entry kind="includePath" name="${SGX_SDK}/include">
<flag value="LOCAL"/>
</entry>
</resource>
</provider>
<provider-reference id="org.eclipse.cdt.core.ReferencedProjectsLanguageSettingsProvider" ref="shared-provider"/>
<provider-reference id="org.eclipse.cdt.managedbuilder.core.MBSLanguageSettingsProvider" ref="shared-provider"/>
<provider-reference id="org.eclipse.cdt.managedbuilder.core.GCCBuiltinSpecsDetector" ref="shared-provider"/>
</extension>
</configuration>
<configuration id="com.intel.sgx.configuration.HW.Release" name="Intel(R) SGX Hardware Release">
<extension point="org.eclipse.cdt.core.LanguageSettingsProvider">
<provider class="org.eclipse.cdt.core.language.settings.providers.LanguageSettingsGenericProvider" id="org.eclipse.cdt.ui.UserLanguageSettingsProvider" name="CDT User Setting Entries" prefer-non-shared="true" store-entries-with-project="true">
<resource project-relative-path="">
<entry kind="includePath" name="${SGX_SDK}/include">
<flag value="LOCAL"/>
</entry>
</resource>
</provider>
<provider-reference id="org.eclipse.cdt.core.ReferencedProjectsLanguageSettingsProvider" ref="shared-provider"/>
<provider-reference id="org.eclipse.cdt.managedbuilder.core.MBSLanguageSettingsProvider" ref="shared-provider"/>
<provider-reference id="org.eclipse.cdt.managedbuilder.core.GCCBuiltinSpecsDetector" ref="shared-provider"/>
</extension>
</configuration>
</project>

150
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/App/App.cpp
View file

@ -1,150 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
// App.cpp : Defines the entry point for the console application.
#include <stdio.h>
#include <map>
#include "../Enclave1/Enclave1_u.h"
#include "../Enclave2/Enclave2_u.h"
#include "../Enclave3/Enclave3_u.h"
#include "sgx_eid.h"
#include "sgx_urts.h"
#define __STDC_FORMAT_MACROS
#include <inttypes.h>
#include <sys/ipc.h>
#include <sys/shm.h>
#include <unistd.h>
#define UNUSED(val) (void)(val)
#define TCHAR char
#define _TCHAR char
#define _T(str) str
#define scanf_s scanf
#define _tmain main
extern std::map<sgx_enclave_id_t, uint32_t>g_enclave_id_map;
sgx_enclave_id_t e1_enclave_id = 0;
sgx_enclave_id_t e2_enclave_id = 0;
sgx_enclave_id_t e3_enclave_id = 0;
#define ENCLAVE1_PATH "libenclave1.so"
#define ENCLAVE2_PATH "libenclave2.so"
#define ENCLAVE3_PATH "libenclave3.so"
void waitForKeyPress()
{
char ch;
int temp;
printf("\n\nHit a key....\n");
temp = scanf_s("%c", &ch);
}
uint32_t load_enclaves()
{
uint32_t enclave_temp_no;
int ret, launch_token_updated;
sgx_launch_token_t launch_token;
enclave_temp_no = 0;
ret = sgx_create_enclave(ENCLAVE1_PATH, SGX_DEBUG_FLAG, &launch_token, &launch_token_updated, &e1_enclave_id, NULL);
if (ret != SGX_SUCCESS) {
return ret;
}
enclave_temp_no++;
g_enclave_id_map.insert(std::pair<sgx_enclave_id_t, uint32_t>(e1_enclave_id, enclave_temp_no));
return SGX_SUCCESS;
}
int _tmain(int argc, _TCHAR* argv[])
{
uint32_t ret_status;
sgx_status_t status;
UNUSED(argc);
UNUSED(argv);
if(load_enclaves() != SGX_SUCCESS)
{
printf("\nLoad Enclave Failure");
}
//printf("\nAvailable Enclaves");
//printf("\nEnclave1 - EnclaveID %" PRIx64 "\n", e1_enclave_id);
// shared memory
key_t key = ftok("../..", 1);
int shmid = shmget(key, 1024, 0666|IPC_CREAT);
char *str = (char*)shmat(shmid, (void*)0, 0);
printf("[TEST IPC] Sending to Enclave2: Hello from Enclave1\n");
strncpy(str, "Hello from Enclave1\n", 20);
shmdt(str);
do
{
printf("[START] Testing create session between Enclave1 (Initiator) and Enclave2 (Responder)\n");
status = Enclave1_test_create_session(e1_enclave_id, &ret_status, e1_enclave_id, 0);
status = SGX_SUCCESS;
if (status!=SGX_SUCCESS)
{
printf("[END] test_create_session Ecall failed: Error code is %x\n", status);
break;
}
else
{
if(ret_status==0)
{
printf("[END] Secure Channel Establishment between Initiator (E1) and Responder (E2) Enclaves successful !!!\n");
}
else
{
printf("[END] Session establishment and key exchange failure between Initiator (E1) and Responder (E2): Error code is %x\n", ret_status);
break;
}
}
#pragma warning (push)
#pragma warning (disable : 4127)
}while(0);
#pragma warning (pop)
sgx_destroy_enclave(e1_enclave_id);
waitForKeyPress();
return 0;
}

12
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave1/Enclave1.config.xml
View file

@ -1,12 +0,0 @@
<EnclaveConfiguration>
<ProdID>0</ProdID>
<ISVSVN>0</ISVSVN>
<StackMaxSize>0x40000</StackMaxSize>
<HeapMaxSize>0x100000</HeapMaxSize>
<TCSNum>1</TCSNum>
<TCSPolicy>1</TCSPolicy>
<!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
<DisableDebug>0</DisableDebug>
<MiscSelect>0</MiscSelect>
<MiscMask>0xFFFFFFFF</MiscMask>
</EnclaveConfiguration>

367
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave1/Enclave1.cpp
View file

@ -1,367 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
// Enclave1.cpp : Defines the exported functions for the .so application
#include "sgx_eid.h"
#include "Enclave1_t.h"
#include "EnclaveMessageExchange.h"
#include "error_codes.h"
#include "Utility_E1.h"
#include "sgx_thread.h"
#include "sgx_dh.h"
#include <map>
#define UNUSED(val) (void)(val)
std::map<sgx_enclave_id_t, dh_session_t>g_src_session_info_map;
static uint32_t e1_foo1_wrapper(ms_in_msg_exchange_t *ms, size_t param_lenth, char** resp_buffer, size_t* resp_length);
//Function pointer table containing the list of functions that the enclave exposes
const struct {
size_t num_funcs;
const void* table[1];
} func_table = {
1,
{
(const void*)e1_foo1_wrapper,
}
};
//Makes use of the sample code function to establish a secure channel with the destination enclave (Test Vector)
uint32_t test_create_session(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id)
{
ATTESTATION_STATUS ke_status = SUCCESS;
dh_session_t dest_session_info;
//Core reference code function for creating a session
ke_status = create_session(src_enclave_id, dest_enclave_id, &dest_session_info);
return ke_status;
}
//Makes use of the sample code function to do an enclave to enclave call (Test Vector)
uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id)
{
ATTESTATION_STATUS ke_status = SUCCESS;
uint32_t var1,var2;
uint32_t target_fn_id, msg_type;
char* marshalled_inp_buff;
size_t marshalled_inp_buff_len;
char* out_buff;
size_t out_buff_len;
dh_session_t *dest_session_info;
size_t max_out_buff_size;
char* retval;
var1 = 0x4;
var2 = 0x5;
target_fn_id = 0;
msg_type = ENCLAVE_TO_ENCLAVE_CALL;
max_out_buff_size = 50;
//Marshals the input parameters for calling function foo1 in Enclave2 into a input buffer
ke_status = marshal_input_parameters_e2_foo1(target_fn_id, msg_type, var1, var2, &marshalled_inp_buff, &marshalled_inp_buff_len);
if(ke_status != SUCCESS)
{
return ke_status;
}
//Search the map for the session information associated with the destination enclave id of Enclave2 passed in
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
if(it != g_src_session_info_map.end())
{
dest_session_info = &it->second;
}
else
{
SAFE_FREE(marshalled_inp_buff);
return INVALID_SESSION;
}
//Core Reference Code function
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
if(ke_status != SUCCESS)
{
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
return ke_status;
}
//Un-marshal the return value and output parameters from foo1 of Enclave 2
ke_status = unmarshal_retval_and_output_parameters_e2_foo1(out_buff, &retval);
if(ke_status != SUCCESS)
{
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
return ke_status;
}
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
SAFE_FREE(retval);
return SUCCESS;
}
//Makes use of the sample code function to do a generic secret message exchange (Test Vector)
uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id)
{
ATTESTATION_STATUS ke_status = SUCCESS;
uint32_t target_fn_id, msg_type;
char* marshalled_inp_buff;
size_t marshalled_inp_buff_len;
char* out_buff;
size_t out_buff_len;
dh_session_t *dest_session_info;
size_t max_out_buff_size;
char* secret_response;
uint32_t secret_data;
target_fn_id = 0;
msg_type = MESSAGE_EXCHANGE;
max_out_buff_size = 50;
secret_data = 0x12345678; //Secret Data here is shown only for purpose of demonstration.
//Marshals the secret data into a buffer
ke_status = marshal_message_exchange_request(target_fn_id, msg_type, secret_data, &marshalled_inp_buff, &marshalled_inp_buff_len);
if(ke_status != SUCCESS)
{
return ke_status;
}
//Search the map for the session information associated with the destination enclave id passed in
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
if(it != g_src_session_info_map.end())
{
dest_session_info = &it->second;
}
else
{
SAFE_FREE(marshalled_inp_buff);
return INVALID_SESSION;
}
//Core Reference Code function
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
if(ke_status != SUCCESS)
{
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
return ke_status;
}
//Un-marshal the secret response data
ke_status = umarshal_message_exchange_response(out_buff, &secret_response);
if(ke_status != SUCCESS)
{
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
return ke_status;
}
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
SAFE_FREE(secret_response);
return SUCCESS;
}
//Makes use of the sample code function to close a current session
uint32_t test_close_session(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id)
{
dh_session_t dest_session_info;
ATTESTATION_STATUS ke_status = SUCCESS;
//Search the map for the session information associated with the destination enclave id passed in
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
if(it != g_src_session_info_map.end())
{
dest_session_info = it->second;
}
else
{
return NULL;
}
//Core reference code function for closing a session
ke_status = close_session(src_enclave_id, dest_enclave_id);
//Erase the session information associated with the destination enclave id
g_src_session_info_map.erase(dest_enclave_id);
return ke_status;
}
//Function that is used to verify the trust of the other enclave
//Each enclave can have its own way verifying the peer enclave identity
extern "C" uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity)
{
if(!peer_enclave_identity)
{
return INVALID_PARAMETER_ERROR;
}
if(peer_enclave_identity->isv_prod_id != 0 || !(peer_enclave_identity->attributes.flags & SGX_FLAGS_INITTED))
// || peer_enclave_identity->attributes.xfrm !=3)// || peer_enclave_identity->mr_signer != xx //TODO: To be hardcoded with values to check
{
return ENCLAVE_TRUST_ERROR;
}
else
{
return SUCCESS;
}
}
//Dispatcher function that calls the approriate enclave function based on the function id
//Each enclave can have its own way of dispatching the calls from other enclave
extern "C" uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data,
size_t decrypted_data_length,
char** resp_buffer,
size_t* resp_length)
{
ms_in_msg_exchange_t *ms;
uint32_t (*fn1)(ms_in_msg_exchange_t *ms, size_t, char**, size_t*);
if(!decrypted_data || !resp_length)
{
return INVALID_PARAMETER_ERROR;
}
ms = (ms_in_msg_exchange_t *)decrypted_data;
if(ms->target_fn_id >= func_table.num_funcs)
{
return INVALID_PARAMETER_ERROR;
}
fn1 = (uint32_t (*)(ms_in_msg_exchange_t*, size_t, char**, size_t*))func_table.table[ms->target_fn_id];
return fn1(ms, decrypted_data_length, resp_buffer, resp_length);
}
//Operates on the input secret and generates the output secret
uint32_t get_message_exchange_response(uint32_t inp_secret_data)
{
uint32_t secret_response;
//User should use more complex encryption method to protect their secret, below is just a simple example
secret_response = inp_secret_data & 0x11111111;
return secret_response;
}
//Generates the response from the request message
extern "C" uint32_t message_exchange_response_generator(char* decrypted_data,
char** resp_buffer,
size_t* resp_length)
{
ms_in_msg_exchange_t *ms;
uint32_t inp_secret_data;
uint32_t out_secret_data;
if(!decrypted_data || !resp_length)
{
return INVALID_PARAMETER_ERROR;
}
ms = (ms_in_msg_exchange_t *)decrypted_data;
if(umarshal_message_exchange_request(&inp_secret_data,ms) != SUCCESS)
return ATTESTATION_ERROR;
out_secret_data = get_message_exchange_response(inp_secret_data);
if(marshal_message_exchange_response(resp_buffer, resp_length, out_secret_data) != SUCCESS)
return MALLOC_ERROR;
return SUCCESS;
}
static uint32_t e1_foo1(external_param_struct_t *p_struct_var)
{
if(!p_struct_var)
{
return INVALID_PARAMETER_ERROR;
}
(p_struct_var->var1)++;
(p_struct_var->var2)++;
(p_struct_var->p_internal_struct->ivar1)++;
(p_struct_var->p_internal_struct->ivar2)++;
return (p_struct_var->var1 + p_struct_var->var2 + p_struct_var->p_internal_struct->ivar1 + p_struct_var->p_internal_struct->ivar2);
}
//Function which is executed on request from the source enclave
static uint32_t e1_foo1_wrapper(ms_in_msg_exchange_t *ms,
size_t param_lenth,
char** resp_buffer,
size_t* resp_length)
{
UNUSED(param_lenth);
uint32_t ret;
size_t len_data, len_ptr_data;
external_param_struct_t *p_struct_var;
internal_param_struct_t internal_struct_var;
if(!ms || !resp_length)
{
return INVALID_PARAMETER_ERROR;
}
p_struct_var = (external_param_struct_t*)malloc(sizeof(external_param_struct_t));
if(!p_struct_var)
return MALLOC_ERROR;
p_struct_var->p_internal_struct = &internal_struct_var;
if(unmarshal_input_parameters_e1_foo1(p_struct_var, ms) != SUCCESS)//can use the stack
{
SAFE_FREE(p_struct_var);
return ATTESTATION_ERROR;
}
ret = e1_foo1(p_struct_var);
len_data = sizeof(external_param_struct_t) - sizeof(p_struct_var->p_internal_struct);
len_ptr_data = sizeof(internal_struct_var);
if(marshal_retval_and_output_parameters_e1_foo1(resp_buffer, resp_length, ret, p_struct_var, len_data, len_ptr_data) != SUCCESS)
{
SAFE_FREE(p_struct_var);
return MALLOC_ERROR;
}
SAFE_FREE(p_struct_var);
return SUCCESS;
}

43
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave1/Enclave1.edl
View file

@ -1,43 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
enclave {
include "sgx_eid.h"
from "../LocalAttestationCode/LocalAttestationCode.edl" import *;
from "sgx_tstdc.edl" import *;
trusted{
public uint32_t test_create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
public uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
public uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
public uint32_t test_close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
};
};

10
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave1/Enclave1.lds
View file

@ -1,10 +0,0 @@
Enclave1.so
{
global:
g_global_data_sim;
g_global_data;
enclave_entry;
g_peak_heap_used;
local:
*;
};

39
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave1/Enclave1_private.pem
View file

@ -1,39 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIG4wIBAAKCAYEAuJh4w/KzndQhzEqwH6Ut/3BmOom5CN117KT1/cemEbDLPhn0
c5yjAfe4NL1qtGqz0RTK9X9BBSi89b6BrsM9S6c2cUJaeYAPrAtJ+IuzN/5BAmmf
RXbPccETd7rHvDdQ9KBRjCipTx+H0D5nOB76S5PZPVrduwrCmSqVFmLNVWWfPYQx
YewbJ2QfEfioICZFYR0Jou38mJqDTl+CH0gLAuQ4n1kdpQ3VGymzt3oUiPzf5ImJ
oZh5HjarRRiWV+cyNyXYJTnx0dOtFQDgd8HhniagbRB0ZOIt6599JjMkWGkVP0Ni
U/NIlXG5musU35GfLB8MbTcxblMNm9sMYz1R8y/eAreoPTXUhtK8NG2TEywRh3UP
RF9/jM9WczjQXxJ3RznKOwNVwg4cRY2AOqD2vb1iGSqyc/WMzVULgfclkcScp75/
Auz9Y6473CQvaxyrseSWHGwCG7KG1GxYE8Bg8T6OlYD4mzKggoMdwVLAzUepRaPZ
5hqRDZzbTGUxJ+GLAgEDAoIBgHsQUIKhzRPiwTLcdWpuHqpK7tGxJgXo+Uht+VPa
brZ13NQRTaJobKv6es3TnHhHIotjMfj/gK4bKKPUVnSCKN0aJEuBkaZVX8gHhqWy
d3qpgKxGai5PNPaAt6UnL9LPi03ANl1wcN9qWorURNAUpt0NO348k9IHLGYcY2RB
3jjuaikCy5adZ2+YFLalxWrELkC+BmyeqGW8V4mVAWowB1dC0Go7aRiz42dxInpR
YwX96phbsRZlphQkci4QZDqaIFg3ndzTO5bo704zaMcbWtEjmFrYRyb519tRoDkN
Y0rGwOxFANeRV5dSfGGLm7K5JztiuHN0nMu3PhY4LOV0SeZ4+5sYn0LzB2nyKqgy
/c3AA2OG34DEdGxxh94kD66iKFVPyJG38/gnu9CsGmrLl3n4fgutPEVIbPdSSjex
4Y9EQfcnqImPxTrpP9CqD208VPcQHD/uy8s9q3961Ew3RPdHMZ8amIJdXkOmPEme
KZ7SG+VENBaj8r038iq1mPzcWwKBwQDcvJg75LfVuKX+cWMrTO2+MFVcEFiZ/NB/
gh7mgL6lCleROVa9P6iR2Wn6vHq8nP5BkChehm/rXEG78fgXEMoArimF7FrrICfI
4yB0opDJz/tWrE/62impN7OR8Ce+RQThFj4RTnibQEEVt++JMUXFiMKLdWDSpC2i
tNWnlTOb7d89bk0yk62IoLElCZK/MIMxkCHBKW6YgrmvlPJKQwpA6Z3wQbUpE6Rb
9f8xJfxZGEJPH0s3Ds9A0CVuEt8OOXcCgcEA1hXTHhhgmb2gIUJgIcvrpkDmiLux
EG6ZoyLt6h5QwzScS6KKU1mcoJyVDd0wlt7mEXrPYYHWUWPuvpTQ8/4ZGMw7FCZe
bakhnwRbw36FlLwRG35wCF6nQO1XFBKRGto15ivfTyDvMpJBdtNpET5NwT/ifDF3
OWS7t6TGhtcfnvBad5S1AgGoAq+q/huFiBGpDbxJ+1xh0lNL5Z8nVypvPWomNpde
rpLuwRPEIb+GBfQ9Hp5AjRXVsPjKnkHsnl2NAoHBAJMoZX1DJTklw/72Qhzd89Qg
OOgK5bv94FUBae8Afxixj7YmOdN/xbaQ8VHS/H29/tZgGumu9UeS1n1L+roLMVXJ
cQPy50dqxTCXavhsYIaKp48diqc8G8YlImFKxSmDWJYO1AuJpbzVgLklSlt2LoOw
gbJOQIxtc8HN48UOImfz6ij0M3cNHlsVy24GYdTLAiEKwStw9GWse8pjTDGCBtXx
E/WBI3C3wuf5VMtuqDtlgYoU3M9fNNXgGPQMlLQmTwKBwQCOuTdpZZW708AWLEAW
h/Ju1e8F0nYK9GZswfPxaYsszb2HwbGM5mhrEw4JPiBklJlg/IpBATmLl/R/DeCi
qWYQiCdixD7zxhZqAufXqa5jKAtnqaAFlG+AnjoNYbYR5s6ZcpTfa0ohttZPN5tg
1DPWKpb9dk97mH0lGIRZ5L+/Sub6YyNWq8VXH8dUElkFYRtefYankuvhjN1Dv2+P
cZ9+RsQkZOnJt0nWDS1r1QQD+Ci/FCsIuTkgpdxpgUhpk7MCgcEAkfkmaBDb7DG2
Kc39R6ZZuPnV10w+WOpph7ugwcguG/E0wGq+jFWv6HFckCPeHT4BNtOk8Dem/kPp
teF51eAuFWEefj2tScvlSBBPcnla+WzMWXrlxVnajTt73w+oT2Ql//WhgREpsNfx
SvU80YPVu4GJfl+hhxBifLx+0FM20OESW93qFRc3p040bNrDY9JIZuly/y5zaiBa
mRZF9H8P+x3Lu5AJpdXQEOMZ/XJ/xkoWWjbTojkmgOmmZSMLd5Te
-----END RSA PRIVATE KEY-----

222
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave1/Utility_E1.cpp
View file

@ -1,222 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include "sgx_eid.h"
#include "EnclaveMessageExchange.h"
#include "error_codes.h"
#include "Utility_E1.h"
#include "stdlib.h"
#include "string.h"
uint32_t marshal_input_parameters_e2_foo1(uint32_t target_fn_id, uint32_t msg_type, uint32_t var1, uint32_t var2, char** marshalled_buff, size_t* marshalled_buff_len)
{
ms_in_msg_exchange_t *ms;
size_t param_len, ms_len;
char *temp_buff;
param_len = sizeof(var1)+sizeof(var2);
temp_buff = (char*)malloc(param_len);
if(!temp_buff)
return MALLOC_ERROR;
memcpy(temp_buff,&var1,sizeof(var1));
memcpy(temp_buff+sizeof(var1),&var2,sizeof(var2));
ms_len = sizeof(ms_in_msg_exchange_t) + param_len;
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
if(!ms)
{
SAFE_FREE(temp_buff);
return MALLOC_ERROR;
}
ms->msg_type = msg_type;
ms->target_fn_id = target_fn_id;
ms->inparam_buff_len = (uint32_t)param_len;
memcpy(&ms->inparam_buff, temp_buff, param_len);
*marshalled_buff = (char*)ms;
*marshalled_buff_len = ms_len;
SAFE_FREE(temp_buff);
return SUCCESS;
}
uint32_t unmarshal_retval_and_output_parameters_e2_foo1(char* out_buff, char** retval)
{
size_t retval_len;
ms_out_msg_exchange_t *ms;
if(!out_buff)
return INVALID_PARAMETER_ERROR;
ms = (ms_out_msg_exchange_t *)out_buff;
retval_len = ms->retval_len;
*retval = (char*)malloc(retval_len);
if(!*retval)
return MALLOC_ERROR;
memcpy(*retval, ms->ret_outparam_buff, retval_len);
return SUCCESS;
}
uint32_t unmarshal_input_parameters_e1_foo1(external_param_struct_t *pstruct, ms_in_msg_exchange_t* ms)
{
char* buff;
size_t len;
if(!pstruct || !ms)
return INVALID_PARAMETER_ERROR;
buff = ms->inparam_buff;
len = ms->inparam_buff_len;
if(len != (sizeof(pstruct->var1)+sizeof(pstruct->var2)+sizeof(pstruct->p_internal_struct->ivar1)+sizeof(pstruct->p_internal_struct->ivar2)))
return ATTESTATION_ERROR;
memcpy(&pstruct->var1, buff, sizeof(pstruct->var1));
memcpy(&pstruct->var2, buff + sizeof(pstruct->var1), sizeof(pstruct->var2));
memcpy(&pstruct->p_internal_struct->ivar1, buff+(sizeof(pstruct->var1)+sizeof(pstruct->var2)), sizeof(pstruct->p_internal_struct->ivar1));
memcpy(&pstruct->p_internal_struct->ivar2, buff+(sizeof(pstruct->var1)+sizeof(pstruct->var2)+sizeof(pstruct->p_internal_struct->ivar1)), sizeof(pstruct->p_internal_struct->ivar2));
return SUCCESS;
}
uint32_t marshal_retval_and_output_parameters_e1_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval, external_param_struct_t *p_struct_var, size_t len_data, size_t len_ptr_data)
{
ms_out_msg_exchange_t *ms;
size_t param_len, ms_len, ret_param_len;;
char *temp_buff;
int* addr;
char* struct_data;
size_t retval_len;
if(!resp_length || !p_struct_var)
return INVALID_PARAMETER_ERROR;
retval_len = sizeof(retval);
struct_data = (char*)p_struct_var;
param_len = len_data + len_ptr_data;
ret_param_len = param_len + retval_len;
addr = *(int **)(struct_data + len_data);
temp_buff = (char*)malloc(ret_param_len);
if(!temp_buff)
return MALLOC_ERROR;
memcpy(temp_buff, &retval, sizeof(retval));
memcpy(temp_buff + sizeof(retval), struct_data, len_data);
memcpy(temp_buff + sizeof(retval) + len_data, addr, len_ptr_data);
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
if(!ms)
{
SAFE_FREE(temp_buff);
return MALLOC_ERROR;
}
ms->retval_len = (uint32_t)retval_len;
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
memcpy(&ms->ret_outparam_buff, temp_buff, ret_param_len);
*resp_buffer = (char*)ms;
*resp_length = ms_len;
SAFE_FREE(temp_buff);
return SUCCESS;
}
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len)
{
ms_in_msg_exchange_t *ms;
size_t secret_data_len, ms_len;
if(!marshalled_buff_len)
return INVALID_PARAMETER_ERROR;
secret_data_len = sizeof(secret_data);
ms_len = sizeof(ms_in_msg_exchange_t) + secret_data_len;
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
if(!ms)
return MALLOC_ERROR;
ms->msg_type = msg_type;
ms->target_fn_id = target_fn_id;
ms->inparam_buff_len = (uint32_t)secret_data_len;
memcpy(&ms->inparam_buff, &secret_data, secret_data_len);
*marshalled_buff = (char*)ms;
*marshalled_buff_len = ms_len;
return SUCCESS;
}
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms)
{
char* buff;
size_t len;
if(!inp_secret_data || !ms)
return INVALID_PARAMETER_ERROR;
buff = ms->inparam_buff;
len = ms->inparam_buff_len;
if(len != sizeof(uint32_t))
return ATTESTATION_ERROR;
memcpy(inp_secret_data, buff, sizeof(uint32_t));
return SUCCESS;
}
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response)
{
ms_out_msg_exchange_t *ms;
size_t secret_response_len, ms_len;
size_t retval_len, ret_param_len;
if(!resp_length)
return INVALID_PARAMETER_ERROR;
secret_response_len = sizeof(secret_response);
retval_len = secret_response_len;
ret_param_len = secret_response_len;
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
if(!ms)
return MALLOC_ERROR;
ms->retval_len = (uint32_t)retval_len;
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
memcpy(&ms->ret_outparam_buff, &secret_response, secret_response_len);
*resp_buffer = (char*)ms;
*resp_length = ms_len;
return SUCCESS;
}
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response)
{
size_t retval_len;
ms_out_msg_exchange_t *ms;
if(!out_buff)
return INVALID_PARAMETER_ERROR;
ms = (ms_out_msg_exchange_t *)out_buff;
retval_len = ms->retval_len;
*secret_response = (char*)malloc(retval_len);
if(!*secret_response)
{
return MALLOC_ERROR;
}
memcpy(*secret_response, ms->ret_outparam_buff, retval_len);
return SUCCESS;
}

65
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave1/Utility_E1.h
View file

@ -1,65 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef UTILITY_E1_H__
#define UTILITY_E1_H__
#include "stdint.h"
typedef struct _internal_param_struct_t
{
uint32_t ivar1;
uint32_t ivar2;
}internal_param_struct_t;
typedef struct _external_param_struct_t
{
uint32_t var1;
uint32_t var2;
internal_param_struct_t *p_internal_struct;
}external_param_struct_t;
#ifdef __cplusplus
extern "C" {
#endif
uint32_t marshal_input_parameters_e2_foo1(uint32_t target_fn_id, uint32_t msg_type, uint32_t var1, uint32_t var2, char** marshalled_buff, size_t* marshalled_buff_len);
uint32_t unmarshal_retval_and_output_parameters_e2_foo1(char* out_buff, char** retval);
uint32_t unmarshal_input_parameters_e1_foo1(external_param_struct_t *pstruct, ms_in_msg_exchange_t* ms);
uint32_t marshal_retval_and_output_parameters_e1_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval, external_param_struct_t *p_struct_var, size_t len_data, size_t len_ptr_data);
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len);
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms);
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response);
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response);
#ifdef __cplusplus
}
#endif
#endif

12
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave2/Enclave2.config.xml
View file

@ -1,12 +0,0 @@
<EnclaveConfiguration>
<ProdID>0</ProdID>
<ISVSVN>0</ISVSVN>
<StackMaxSize>0x40000</StackMaxSize>
<HeapMaxSize>0x100000</HeapMaxSize>
<TCSNum>1</TCSNum>
<TCSPolicy>1</TCSPolicy>
<!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
<DisableDebug>0</DisableDebug>
<MiscSelect>0</MiscSelect>
<MiscMask>0xFFFFFFFF</MiscMask>
</EnclaveConfiguration>

339
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave2/Enclave2.cpp
View file

@ -1,339 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
// Enclave2.cpp : Defines the exported functions for the DLL application
#include "sgx_eid.h"
#include "Enclave2_t.h"
#include "EnclaveMessageExchange.h"
#include "error_codes.h"
#include "Utility_E2.h"
#include "sgx_thread.h"
#include "sgx_dh.h"
#include <map>
#define UNUSED(val) (void)(val)
std::map<sgx_enclave_id_t, dh_session_t>g_src_session_info_map;
static uint32_t e2_foo1_wrapper(ms_in_msg_exchange_t *ms, size_t param_lenth, char** resp_buffer, size_t* resp_length);
//Function pointer table containing the list of functions that the enclave exposes
const struct {
size_t num_funcs;
const void* table[1];
} func_table = {
1,
{
(const void*)e2_foo1_wrapper,
}
};
//Makes use of the sample code function to establish a secure channel with the destination enclave
uint32_t test_create_session(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id)
{
ATTESTATION_STATUS ke_status = SUCCESS;
dh_session_t dest_session_info;
//Core reference code function for creating a session
ke_status = create_session(src_enclave_id, dest_enclave_id,&dest_session_info);
if(ke_status == SUCCESS)
{
//Insert the session information into the map under the corresponding destination enclave id
g_src_session_info_map.insert(std::pair<sgx_enclave_id_t, dh_session_t>(dest_enclave_id, dest_session_info));
}
memset(&dest_session_info, 0, sizeof(dh_session_t));
return ke_status;
}
//Makes use of the sample code function to do an enclave to enclave call (Test Vector)
uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id)
{
ATTESTATION_STATUS ke_status = SUCCESS;
param_struct_t *p_struct_var, struct_var;
uint32_t target_fn_id, msg_type;
char* marshalled_inp_buff;
size_t marshalled_inp_buff_len;
char* out_buff;
size_t out_buff_len;
dh_session_t *dest_session_info;
size_t max_out_buff_size;
char* retval;
max_out_buff_size = 50;
target_fn_id = 0;
msg_type = ENCLAVE_TO_ENCLAVE_CALL;
struct_var.var1 = 0x3;
struct_var.var2 = 0x4;
p_struct_var = &struct_var;
//Marshals the input parameters for calling function foo1 in Enclave3 into a input buffer
ke_status = marshal_input_parameters_e3_foo1(target_fn_id, msg_type, p_struct_var, &marshalled_inp_buff, &marshalled_inp_buff_len);
if(ke_status != SUCCESS)
{
return ke_status;
}
//Search the map for the session information associated with the destination enclave id passed in
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
if(it != g_src_session_info_map.end())
{
dest_session_info = &it->second;
}
else
{
SAFE_FREE(marshalled_inp_buff);
return INVALID_SESSION;
}
//Core Reference Code function
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
if(ke_status != SUCCESS)
{
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
return ke_status;
}
//Un-marshal the return value and output parameters from foo1 of Enclave3
ke_status = unmarshal_retval_and_output_parameters_e3_foo1(out_buff, p_struct_var, &retval);
if(ke_status != SUCCESS)
{
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
return ke_status;
}
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
SAFE_FREE(retval);
return SUCCESS;
}
//Makes use of the sample code function to do a generic secret message exchange (Test Vector)
uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id)
{
ATTESTATION_STATUS ke_status = SUCCESS;
uint32_t target_fn_id, msg_type;
char* marshalled_inp_buff;
size_t marshalled_inp_buff_len;
char* out_buff;
size_t out_buff_len;
dh_session_t *dest_session_info;
size_t max_out_buff_size;
char* secret_response;
uint32_t secret_data;
target_fn_id = 0;
msg_type = MESSAGE_EXCHANGE;
max_out_buff_size = 50;
secret_data = 0x12345678; //Secret Data here is shown only for purpose of demonstration.
//Marshals the secret data into a buffer
ke_status = marshal_message_exchange_request(target_fn_id, msg_type, secret_data, &marshalled_inp_buff, &marshalled_inp_buff_len);
if(ke_status != SUCCESS)
{
return ke_status;
}
//Search the map for the session information associated with the destination enclave id passed in
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
if(it != g_src_session_info_map.end())
{
dest_session_info = &it->second;
}
else
{
SAFE_FREE(marshalled_inp_buff);
return INVALID_SESSION;
}
//Core Reference Code function
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
if(ke_status != SUCCESS)
{
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
return ke_status;
}
//Un-marshal the secret response data
ke_status = umarshal_message_exchange_response(out_buff, &secret_response);
if(ke_status != SUCCESS)
{
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
return ke_status;
}
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
SAFE_FREE(secret_response);
return SUCCESS;
}
//Makes use of the sample code function to close a current session
uint32_t test_close_session(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id)
{
dh_session_t dest_session_info;
ATTESTATION_STATUS ke_status = SUCCESS;
//Search the map for the session information associated with the destination enclave id passed in
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
if(it != g_src_session_info_map.end())
{
dest_session_info = it->second;
}
else
{
return NULL;
}
//Core reference code function for closing a session
ke_status = close_session(src_enclave_id, dest_enclave_id);
//Erase the session information associated with the destination enclave id
g_src_session_info_map.erase(dest_enclave_id);
return ke_status;
}
//Function that is used to verify the trust of the other enclave
//Each enclave can have its own way verifying the peer enclave identity
extern "C" uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity)
{
if(!peer_enclave_identity)
{
return INVALID_PARAMETER_ERROR;
}
if(peer_enclave_identity->isv_prod_id != 0 || !(peer_enclave_identity->attributes.flags & SGX_FLAGS_INITTED))
// || peer_enclave_identity->attributes.xfrm !=3)// || peer_enclave_identity->mr_signer != xx //TODO: To be hardcoded with values to check
{
return ENCLAVE_TRUST_ERROR;
}
else
{
return SUCCESS;
}
}
//Dispatch function that calls the approriate enclave function based on the function id
//Each enclave can have its own way of dispatching the calls from other enclave
extern "C" uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data,
size_t decrypted_data_length,
char** resp_buffer,
size_t* resp_length)
{
ms_in_msg_exchange_t *ms;
uint32_t (*fn1)(ms_in_msg_exchange_t *ms, size_t, char**, size_t*);
if(!decrypted_data || !resp_length)
{
return INVALID_PARAMETER_ERROR;
}
ms = (ms_in_msg_exchange_t *)decrypted_data;
if(ms->target_fn_id >= func_table.num_funcs)
{
return INVALID_PARAMETER_ERROR;
}
fn1 = (uint32_t (*)(ms_in_msg_exchange_t*, size_t, char**, size_t*))func_table.table[ms->target_fn_id];
return fn1(ms, decrypted_data_length, resp_buffer, resp_length);
}
//Operates on the input secret and generates the output secret
uint32_t get_message_exchange_response(uint32_t inp_secret_data)
{
uint32_t secret_response;
//User should use more complex encryption method to protect their secret, below is just a simple example
secret_response = inp_secret_data & 0x11111111;
return secret_response;
}
//Generates the response from the request message
extern "C" uint32_t message_exchange_response_generator(char* decrypted_data,
char** resp_buffer,
size_t* resp_length)
{
ms_in_msg_exchange_t *ms;
uint32_t inp_secret_data;
uint32_t out_secret_data;
if(!decrypted_data || !resp_length)
{
return INVALID_PARAMETER_ERROR;
}
ms = (ms_in_msg_exchange_t *)decrypted_data;
if(umarshal_message_exchange_request(&inp_secret_data,ms) != SUCCESS)
return ATTESTATION_ERROR;
out_secret_data = get_message_exchange_response(inp_secret_data);
if(marshal_message_exchange_response(resp_buffer, resp_length, out_secret_data) != SUCCESS)
return MALLOC_ERROR;
return SUCCESS;
}
static uint32_t e2_foo1(uint32_t var1, uint32_t var2)
{
return(var1 + var2);
}
//Function which is executed on request from the source enclave
static uint32_t e2_foo1_wrapper(ms_in_msg_exchange_t *ms,
size_t param_lenth,
char** resp_buffer,
size_t* resp_length)
{
UNUSED(param_lenth);
uint32_t var1,var2,ret;
if(!ms || !resp_length)
{
return INVALID_PARAMETER_ERROR;
}
if(unmarshal_input_parameters_e2_foo1(&var1, &var2, ms) != SUCCESS)
return ATTESTATION_ERROR;
ret = e2_foo1(var1, var2);
if(marshal_retval_and_output_parameters_e2_foo1(resp_buffer, resp_length, ret) != SUCCESS )
return MALLOC_ERROR; //can set resp buffer to null here
return SUCCESS;
}

43
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave2/Enclave2.edl
View file

@ -1,43 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
enclave {
include "sgx_eid.h"
from "../LocalAttestationCode/LocalAttestationCode.edl" import *;
from "sgx_tstdc.edl" import *;
trusted{
public uint32_t test_create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
public uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
public uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
public uint32_t test_close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
};
};

10
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave2/Enclave2.lds
View file

@ -1,10 +0,0 @@
Enclave2.so
{
global:
g_global_data_sim;
g_global_data;
enclave_entry;
g_peak_heap_used;
local:
*;
};

39
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave2/Enclave2_private.pem
View file

@ -1,39 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIG4gIBAAKCAYEAroOogvsj/fZDZY8XFdkl6dJmky0lRvnWMmpeH41Bla6U1qLZ
AmZuyIF+mQC/cgojIsrBMzBxb1kKqzATF4+XwPwgKz7fmiddmHyYz2WDJfAjIveJ
ZjdMjM4+EytGlkkJ52T8V8ds0/L2qKexJ+NBLxkeQLfV8n1mIk7zX7jguwbCG1Pr
nEMdJ3Sew20vnje+RsngAzdPChoJpVsWi/K7cettX/tbnre1DL02GXc5qJoQYk7b
3zkmhz31TgFrd9VVtmUGyFXAysuSAb3EN+5VnHGr0xKkeg8utErea2FNtNIgua8H
ONfm9Eiyaav1SVKzPHlyqLtcdxH3I8Wg7yqMsaprZ1n5A1v/levxnL8+It02KseD
5HqV4rf/cImSlCt3lpRg8U5E1pyFQ2IVEC/XTDMiI3c+AR+w2jSRB3Bwn9zJtFlW
KHG3m1xGI4ck+Lci1JvWWLXQagQSPtZTsubxTQNx1gsgZhgv1JHVZMdbVlAbbRMC
1nSuJNl7KPAS/VfzAgEDAoIBgHRXxaynbVP5gkO0ug6Qw/E27wzIw4SmjsxG6Wpe
K7kfDeRskKxESdsA/xCrKkwGwhcx1iIgS5+Qscd1Yg+1D9X9asd/P7waPmWoZd+Z
AhlKwhdPsO7PiF3e1AzHhGQwsUTt/Y/aSI1MpHBvy2/s1h9mFCslOUxTmWw0oj/Q
ldIEgWeNR72CE2+jFIJIyml6ftnb6qzPiga8Bm48ubKh0kvySOqnkmnPzgh+JBD6
JnBmtZbfPT97bwTT+N6rnPqOOApvfHPf15kWI8yDbprG1l4OCUaIUH1AszxLd826
5IPM+8gINLRDP1MA6azECPjTyHXhtnSIBZCyWSVkc05vYmNXYUNiXWMajcxW9M02
wKzFELO8NCEAkaTPxwo4SCyIjUxiK1LbQ9h8PSy4c1+gGP4LAMR8xqP4QKg6zdu9
osUGG/xRe/uufgTBFkcjqBHtK5L5VI0jeNIUAgW/6iNbYXjBMJ0GfauLs+g1VsOm
WfdgXzsb9DYdMa0OXXHypmV4GwKBwQDUwQj8RKJ6c8cT4vcWCoJvJF00+RFL+P3i
Gx2DLERxRrDa8AVGfqaCjsR+3vLgG8V/py+z+dxZYSqeB80Qeo6PDITcRKoeAYh9
xlT3LJOS+k1cJcEmlbbO2IjLkTmzSwa80fWexKu8/Xv6vv15gpqYl1ngYoqJM3pd
vzmTIOi7MKSZ0WmEQavrZj8zK4endE3v0eAEeQ55j1GImbypSf7Idh7wOXtjZ7WD
Dg6yWDrri+AP/L3gClMj8wsAxMV4ZR8CgcEA0fzDHkFa6raVOxWnObmRoDhAtE0a
cjUj976NM5yyfdf2MrKy4/RhdTiPZ6b08/lBC/+xRfV3xKVGzacm6QjqjZrUpgHC
0LKiZaMtccCJjLtPwQd0jGQEnKfMFaPsnhOc5y8qVkCzVOSthY5qhz0XNotHHFmJ
gffVgB0iqrMTvSL7IA2yqqpOqNRlhaYhNl8TiFP3gIeMtVa9rZy31JPgT2uJ+kfo
gV7sdTPEjPWZd7OshGxWpT6QfVDj/T9T7L6tAoHBAI3WBf2DFvxNL2KXT2QHAZ9t
k3imC4f7U+wSE6zILaDZyzygA4RUbwG0gv8/TJVn2P/Eynf76DuWHGlaiLWnCbSz
Az2DHBQBBaku409zDQym3j1ugMRjzzSQWzJg0SIyBH3hTmnYcn3+Uqcp/lEBvGW6
O+rsXFt3pukqJmIV8HzLGGaLm62BHUeZf3dyWm+i3p/hQAL7Xvu04QW70xuGqdr5
afV7p5eaeQIJXyGQJ0eylV/90+qxjMKiB1XYg6WYvwKBwQCL/ddpgOdHJGN8uRom
e7Zq0Csi3hGheMKlKbN3vcxT5U7MdyHtTZZOJbTvxKNNUNYH/8uD+PqDGNneb29G
BfGzvI3EASyLIcGZF3OhKwZd0jUrWk2y7Vhob91jwp2+t73vdMbkKyI4mHOuXvGv
fg95si9oO7EBT+Oqvhccd2J+F1IVXncccYnF4u5ZGWt5lLewN/pVr7MjjykeaHqN
t+rfnQam2psA6fL4zS2zTmZPzR2tnY8Y1GBTi0Ko1OKd1HMCgcAb5cB/7/AQlhP9
yQa04PLH9ygQkKKptZp7dy5WcWRx0K/hAHRoi2aw1wZqfm7VBNu2SLcs90kCCCxp
6C5sfJi6b8NpNbIPC+sc9wsFr7pGo9SFzQ78UlcWYK2Gu2FxlMjonhka5hvo4zvg
WxlpXKEkaFt3gLd92m/dMqBrHfafH7VwOJY2zT3WIpjwuk0ZzmRg5p0pG/svVQEH
NZmwRwlopysbR69B/n1nefJ84UO50fLh5s5Zr3gBRwbWNZyzhXk=
-----END RSA PRIVATE KEY-----

213
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave2/Utility_E2.cpp
View file

@ -1,213 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include "sgx_eid.h"
#include "EnclaveMessageExchange.h"
#include "error_codes.h"
#include "Utility_E2.h"
#include "stdlib.h"
#include "string.h"
uint32_t marshal_input_parameters_e3_foo1(uint32_t target_fn_id, uint32_t msg_type, param_struct_t *p_struct_var, char** marshalled_buff, size_t* marshalled_buff_len)
{
ms_in_msg_exchange_t *ms;
size_t param_len, ms_len;
char *temp_buff;
if(!p_struct_var || !marshalled_buff_len)
return INVALID_PARAMETER_ERROR;
param_len = sizeof(param_struct_t);
temp_buff = (char*)malloc(param_len);
if(!temp_buff)
return MALLOC_ERROR;
memcpy(temp_buff, p_struct_var, sizeof(param_struct_t)); //can be optimized
ms_len = sizeof(ms_in_msg_exchange_t) + param_len;
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
if(!ms)
{
SAFE_FREE(temp_buff);
return MALLOC_ERROR;
}
ms->msg_type = msg_type;
ms->target_fn_id = target_fn_id;
ms->inparam_buff_len = (uint32_t)param_len;
memcpy(&ms->inparam_buff, temp_buff, param_len);
*marshalled_buff = (char*)ms;
*marshalled_buff_len = ms_len;
SAFE_FREE(temp_buff);
return SUCCESS;
}
uint32_t unmarshal_retval_and_output_parameters_e3_foo1(char* out_buff, param_struct_t *p_struct_var, char** retval)
{
size_t retval_len;
ms_out_msg_exchange_t *ms;
if(!out_buff)
return INVALID_PARAMETER_ERROR;
ms = (ms_out_msg_exchange_t *)out_buff;
retval_len = ms->retval_len;
*retval = (char*)malloc(retval_len);
if(!*retval)
{
return MALLOC_ERROR;
}
memcpy(*retval, ms->ret_outparam_buff, retval_len);
memcpy(&p_struct_var->var1, (ms->ret_outparam_buff) + retval_len, sizeof(p_struct_var->var1));
memcpy(&p_struct_var->var2, (ms->ret_outparam_buff) + retval_len + sizeof(p_struct_var->var1), sizeof(p_struct_var->var2));
return SUCCESS;
}
uint32_t unmarshal_input_parameters_e2_foo1(uint32_t* var1, uint32_t* var2, ms_in_msg_exchange_t* ms)
{
char* buff;
size_t len;
if(!var1 || !var2 || !ms)
return INVALID_PARAMETER_ERROR;
buff = ms->inparam_buff;
len = ms->inparam_buff_len;
if(len != (sizeof(*var1) + sizeof(*var2)))
return ATTESTATION_ERROR;
memcpy(var1, buff, sizeof(*var1));
memcpy(var2, buff + sizeof(*var1), sizeof(*var2));
return SUCCESS;
}
uint32_t marshal_retval_and_output_parameters_e2_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval)
{
ms_out_msg_exchange_t *ms;
size_t ret_param_len, ms_len;
char *temp_buff;
size_t retval_len;
if(!resp_length)
return INVALID_PARAMETER_ERROR;
retval_len = sizeof(retval);
ret_param_len = retval_len; //no out parameters
temp_buff = (char*)malloc(ret_param_len);
if(!temp_buff)
return MALLOC_ERROR;
memcpy(temp_buff, &retval, sizeof(retval));
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
if(!ms)
{
SAFE_FREE(temp_buff);
return MALLOC_ERROR;
}
ms->retval_len = (uint32_t)retval_len;
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
memcpy(&ms->ret_outparam_buff, temp_buff, ret_param_len);
*resp_buffer = (char*)ms;
*resp_length = ms_len;
SAFE_FREE(temp_buff);
return SUCCESS;
}
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len)
{
ms_in_msg_exchange_t *ms;
size_t secret_data_len, ms_len;
if(!marshalled_buff_len)
return INVALID_PARAMETER_ERROR;
secret_data_len = sizeof(secret_data);
ms_len = sizeof(ms_in_msg_exchange_t) + secret_data_len;
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
if(!ms)
return MALLOC_ERROR;
ms->msg_type = msg_type;
ms->target_fn_id = target_fn_id;
ms->inparam_buff_len = (uint32_t)secret_data_len;
memcpy(&ms->inparam_buff, &secret_data, secret_data_len);
*marshalled_buff = (char*)ms;
*marshalled_buff_len = ms_len;
return SUCCESS;
}
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms)
{
char* buff;
size_t len;
if(!inp_secret_data || !ms)
return INVALID_PARAMETER_ERROR;
buff = ms->inparam_buff;
len = ms->inparam_buff_len;
if(len != sizeof(uint32_t))
return ATTESTATION_ERROR;
memcpy(inp_secret_data, buff, sizeof(uint32_t));
return SUCCESS;
}
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response)
{
ms_out_msg_exchange_t *ms;
size_t secret_response_len, ms_len;
size_t retval_len, ret_param_len;
if(!resp_length)
return INVALID_PARAMETER_ERROR;
secret_response_len = sizeof(secret_response);
retval_len = secret_response_len;
ret_param_len = secret_response_len;
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
if(!ms)
return MALLOC_ERROR;
ms->retval_len = (uint32_t)retval_len;
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
memcpy(&ms->ret_outparam_buff, &secret_response, secret_response_len);
*resp_buffer = (char*)ms;
*resp_length = ms_len;
return SUCCESS;
}
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response)
{
size_t retval_len;
ms_out_msg_exchange_t *ms;
if(!out_buff)
return INVALID_PARAMETER_ERROR;
ms = (ms_out_msg_exchange_t *)out_buff;
retval_len = ms->retval_len;
*secret_response = (char*)malloc(retval_len);
if(!*secret_response)
{
return MALLOC_ERROR;
}
memcpy(*secret_response, ms->ret_outparam_buff, retval_len);
return SUCCESS;
}

59
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave2/Utility_E2.h
View file

@ -1,59 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef UTILITY_E2_H__
#define UTILITY_E2_H__
#include "stdint.h"
typedef struct _param_struct_t
{
uint32_t var1;
uint32_t var2;
}param_struct_t;
#ifdef __cplusplus
extern "C" {
#endif
uint32_t marshal_input_parameters_e3_foo1(uint32_t target_fn_id, uint32_t msg_type, param_struct_t *p_struct_var, char** marshalled_buff, size_t* marshalled_buff_len);
uint32_t unmarshal_retval_and_output_parameters_e3_foo1(char* out_buff, param_struct_t *p_struct_var, char** retval);
uint32_t unmarshal_input_parameters_e2_foo1(uint32_t* var1, uint32_t* var2, ms_in_msg_exchange_t* ms);
uint32_t marshal_retval_and_output_parameters_e2_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval);
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len);
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms);
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response);
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response);
#ifdef __cplusplus
}
#endif
#endif

12
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave3/Enclave3.config.xml
View file

@ -1,12 +0,0 @@
<EnclaveConfiguration>
<ProdID>0</ProdID>
<ISVSVN>0</ISVSVN>
<StackMaxSize>0x40000</StackMaxSize>
<HeapMaxSize>0x100000</HeapMaxSize>
<TCSNum>1</TCSNum>
<TCSPolicy>1</TCSPolicy>
<!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
<DisableDebug>0</DisableDebug>
<MiscSelect>0</MiscSelect>
<MiscMask>0xFFFFFFFF</MiscMask>
</EnclaveConfiguration>

366
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave3/Enclave3.cpp
View file

@ -1,366 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
// Enclave3.cpp : Defines the exported functions for the DLL application
#include "sgx_eid.h"
#include "Enclave3_t.h"
#include "EnclaveMessageExchange.h"
#include "error_codes.h"
#include "Utility_E3.h"
#include "sgx_thread.h"
#include "sgx_dh.h"
#include <map>
#define UNUSED(val) (void)(val)
std::map<sgx_enclave_id_t, dh_session_t>g_src_session_info_map;
static uint32_t e3_foo1_wrapper(ms_in_msg_exchange_t *ms, size_t param_lenth, char** resp_buffer, size_t* resp_length);
//Function pointer table containing the list of functions that the enclave exposes
const struct {
size_t num_funcs;
const void* table[1];
} func_table = {
1,
{
(const void*)e3_foo1_wrapper,
}
};
//Makes use of the sample code function to establish a secure channel with the destination enclave
uint32_t test_create_session(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id)
{
ATTESTATION_STATUS ke_status = SUCCESS;
dh_session_t dest_session_info;
//Core reference code function for creating a session
ke_status = create_session(src_enclave_id, dest_enclave_id,&dest_session_info);
if(ke_status == SUCCESS)
{
//Insert the session information into the map under the corresponding destination enclave id
g_src_session_info_map.insert(std::pair<sgx_enclave_id_t, dh_session_t>(dest_enclave_id, dest_session_info));
}
memset(&dest_session_info, 0, sizeof(dh_session_t));
return ke_status;
}
//Makes use of the sample code function to do an enclave to enclave call (Test Vector)
uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id)
{
ATTESTATION_STATUS ke_status = SUCCESS;
external_param_struct_t *p_struct_var, struct_var;
internal_param_struct_t internal_struct_var;
uint32_t target_fn_id, msg_type;
char* marshalled_inp_buff;
size_t marshalled_inp_buff_len;
char* out_buff;
size_t out_buff_len;
dh_session_t *dest_session_info;
size_t max_out_buff_size;
char* retval;
max_out_buff_size = 50;
msg_type = ENCLAVE_TO_ENCLAVE_CALL;
target_fn_id = 0;
internal_struct_var.ivar1 = 0x5;
internal_struct_var.ivar2 = 0x6;
struct_var.var1 = 0x3;
struct_var.var2 = 0x4;
struct_var.p_internal_struct = &internal_struct_var;
p_struct_var = &struct_var;
size_t len_data = sizeof(struct_var) - sizeof(struct_var.p_internal_struct);
size_t len_ptr_data = sizeof(internal_struct_var);
//Marshals the input parameters for calling function foo1 in Enclave1 into a input buffer
ke_status = marshal_input_parameters_e1_foo1(target_fn_id, msg_type, p_struct_var, len_data,
len_ptr_data, &marshalled_inp_buff, &marshalled_inp_buff_len);
if(ke_status != SUCCESS)
{
return ke_status;
}
//Search the map for the session information associated with the destination enclave id passed in
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
if(it != g_src_session_info_map.end())
{
dest_session_info = &it->second;
}
else
{
SAFE_FREE(marshalled_inp_buff);
return INVALID_SESSION;
}
//Core Reference Code function
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info,
marshalled_inp_buff, marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
if(ke_status != SUCCESS)
{
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
return ke_status;
}
////Un-marshal the return value and output parameters from foo1 of Enclave1
ke_status = unmarshal_retval_and_output_parameters_e1_foo1(out_buff, p_struct_var, &retval);
if(ke_status != SUCCESS)
{
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
return ke_status;
}
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
SAFE_FREE(retval);
return SUCCESS;
}
//Makes use of the sample code function to do a generic secret message exchange (Test Vector)
uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id)
{
ATTESTATION_STATUS ke_status = SUCCESS;
uint32_t target_fn_id, msg_type;
char* marshalled_inp_buff;
size_t marshalled_inp_buff_len;
char* out_buff;
size_t out_buff_len;
dh_session_t *dest_session_info;
size_t max_out_buff_size;
char* secret_response;
uint32_t secret_data;
target_fn_id = 0;
msg_type = MESSAGE_EXCHANGE;
max_out_buff_size = 50;
secret_data = 0x12345678; //Secret Data here is shown only for purpose of demonstration.
//Marshals the parameters into a buffer
ke_status = marshal_message_exchange_request(target_fn_id, msg_type, secret_data, &marshalled_inp_buff, &marshalled_inp_buff_len);
if(ke_status != SUCCESS)
{
return ke_status;
}
//Search the map for the session information associated with the destination enclave id passed in
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
if(it != g_src_session_info_map.end())
{
dest_session_info = &it->second;
}
else
{
SAFE_FREE(marshalled_inp_buff);
return INVALID_SESSION;
}
//Core Reference Code function
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
if(ke_status != SUCCESS)
{
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
return ke_status;
}
//Un-marshal the secret response data
ke_status = umarshal_message_exchange_response(out_buff, &secret_response);
if(ke_status != SUCCESS)
{
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
return ke_status;
}
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
SAFE_FREE(secret_response);
return SUCCESS;
}
//Makes use of the sample code function to close a current session
uint32_t test_close_session(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id)
{
dh_session_t dest_session_info;
ATTESTATION_STATUS ke_status = SUCCESS;
//Search the map for the session information associated with the destination enclave id passed in
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
if(it != g_src_session_info_map.end())
{
dest_session_info = it->second;
}
else
{
return NULL;
}
//Core reference code function for closing a session
ke_status = close_session(src_enclave_id, dest_enclave_id);
//Erase the session information associated with the destination enclave id
g_src_session_info_map.erase(dest_enclave_id);
return ke_status;
}
//Function that is used to verify the trust of the other enclave
//Each enclave can have its own way verifying the peer enclave identity
extern "C" uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity)
{
if(!peer_enclave_identity)
{
return INVALID_PARAMETER_ERROR;
}
if(peer_enclave_identity->isv_prod_id != 0 || !(peer_enclave_identity->attributes.flags & SGX_FLAGS_INITTED))
// || peer_enclave_identity->attributes.xfrm !=3)// || peer_enclave_identity->mr_signer != xx //TODO: To be hardcoded with values to check
{
return ENCLAVE_TRUST_ERROR;
}
else
{
return SUCCESS;
}
}
//Dispatch function that calls the approriate enclave function based on the function id
//Each enclave can have its own way of dispatching the calls from other enclave
extern "C" uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data,
size_t decrypted_data_length,
char** resp_buffer,
size_t* resp_length)
{
ms_in_msg_exchange_t *ms;
uint32_t (*fn1)(ms_in_msg_exchange_t *ms, size_t, char**, size_t*);
if(!decrypted_data || !resp_length)
{
return INVALID_PARAMETER_ERROR;
}
ms = (ms_in_msg_exchange_t *)decrypted_data;
if(ms->target_fn_id >= func_table.num_funcs)
{
return INVALID_PARAMETER_ERROR;
}
fn1 = (uint32_t (*)(ms_in_msg_exchange_t*, size_t, char**, size_t*))func_table.table[ms->target_fn_id];
return fn1(ms, decrypted_data_length, resp_buffer, resp_length);
}
//Operates on the input secret and generates the output secret
uint32_t get_message_exchange_response(uint32_t inp_secret_data)
{
uint32_t secret_response;
//User should use more complex encryption method to protect their secret, below is just a simple example
secret_response = inp_secret_data & 0x11111111;
return secret_response;
}
//Generates the response from the request message
extern "C" uint32_t message_exchange_response_generator(char* decrypted_data,
char** resp_buffer,
size_t* resp_length)
{
ms_in_msg_exchange_t *ms;
uint32_t inp_secret_data;
uint32_t out_secret_data;
if(!decrypted_data || !resp_length)
{
return INVALID_PARAMETER_ERROR;
}
ms = (ms_in_msg_exchange_t *)decrypted_data;
if(umarshal_message_exchange_request(&inp_secret_data,ms) != SUCCESS)
return ATTESTATION_ERROR;
out_secret_data = get_message_exchange_response(inp_secret_data);
if(marshal_message_exchange_response(resp_buffer, resp_length, out_secret_data) != SUCCESS)
return MALLOC_ERROR;
return SUCCESS;
}
static uint32_t e3_foo1(param_struct_t *p_struct_var)
{
if(!p_struct_var)
{
return INVALID_PARAMETER_ERROR;
}
p_struct_var->var1++;
p_struct_var->var2++;
return(p_struct_var->var1 * p_struct_var->var2);
}
//Function which is executed on request from the source enclave
static uint32_t e3_foo1_wrapper(ms_in_msg_exchange_t *ms,
size_t param_lenth,
char** resp_buffer,
size_t* resp_length)
{
UNUSED(param_lenth);
uint32_t ret;
param_struct_t *p_struct_var;
if(!ms || !resp_length)
{
return INVALID_PARAMETER_ERROR;
}
p_struct_var = (param_struct_t*)malloc(sizeof(param_struct_t));
if(!p_struct_var)
return MALLOC_ERROR;
if(unmarshal_input_parameters_e3_foo1(p_struct_var, ms) != SUCCESS)
{
SAFE_FREE(p_struct_var);
return ATTESTATION_ERROR;
}
ret = e3_foo1(p_struct_var);
if(marshal_retval_and_output_parameters_e3_foo1(resp_buffer, resp_length, ret, p_struct_var) != SUCCESS)
{
SAFE_FREE(p_struct_var);
return MALLOC_ERROR;
}
SAFE_FREE(p_struct_var);
return SUCCESS;
}

42
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave3/Enclave3.edl
View file

@ -1,42 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
enclave {
include "sgx_eid.h"
from "../LocalAttestationCode/LocalAttestationCode.edl" import *;
from "sgx_tstdc.edl" import *;
trusted{
public uint32_t test_create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
public uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
public uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
public uint32_t test_close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
};
};

10
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave3/Enclave3.lds
View file

@ -1,10 +0,0 @@
Enclave3.so
{
global:
g_global_data_sim;
g_global_data;
enclave_entry;
g_peak_heap_used;
local:
*;
};

39
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave3/Enclave3_private.pem
View file

@ -1,39 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIG4wIBAAKCAYEA0MvI9NpdP4GEqCvtlJQv00OybzTXzxBhPu/257VYt9cYw/ph
BN1WRyxBBcrZs15xmcvlb3xNmFGWs4w5oUgrFBNgi6g+CUOCsj0cM8xw7P/y3K0H
XaZUf+T3CXCp8NvlkZHzfdWAFA5lGGR9g6kmuk7SojE3h87Zm1KjPU/PvAe+BaMU
trlRr4gPNVnu19Vho60xwuswPxfl/pBFUIk7qWEUR3l2hiqWMeLgf3Ays/WSnkXA
uijwPt5g0hxsgIlyDrI3jKbf0zkFB56jvPwSykfU8aw4Gkbo5qSZxUAKnwH2L8Uf
yM6inBaaYtM79icRwsu45Yt6X0GAt7CSb/1TKBrnm5exmK1sug3YSQ/YuK1FYawU
vIaDD0YfzOndTNVBewA+Hr5xNPvqGJoRKHuGbyu2lI9jrKYpVxQWsmx38wnxF6kE
zX6N4m7KZiLeLpDdBVQtLuOzIdIE4wT3t/ckeqElxO/1Ut9bj765GcTTrYwMKHRw
ukWIH7ZtHtAjj0KzAgEDAoIBgQCLMoX4kZN/q63Fcp5jDXU3gnb0zeU0tZYp9U9F
I5B6j2XX/ECt6OQvctYD3JEiPvZmh+5KUt5li7nNCCZrhXINYkBdGtQGLQHMKL13
3aCd//c9yK+TxDhVQ09boHFLPUO2YUz+jlVitENlmFOtG28m3zcWy3paieZnjGzT
iop9Wn6ubLh50OEfsAojkUnlOOvCc3aB8iAqD+6ptYOLBifGQLgvpk8EHGQhQer/
oCHNTmG+2SsmxfV/Pus2vZ2rBkrUbZU0hwrnvKOIPhnt3Qwtmx9xsC67jF+MpWko
UisJXC27FAGz2gpIGMhBp35HEppwG9hhCuMQdK2g62bvweyr1tC4qOVdQrKvhksN
r6CMjS9eSXvmWdF7lU4oxStN0V56/LICSIsLbggUaxTPKhAVEgfTSqwEJoQuFA3Q
4GmgTydPhcRH1L/lhbWJqZQm7V1Gt+5i5J6iATD32uNQQ2iZi5GsUhr+jZC+WlE5
6lS813cRNiaK52HIk62bG7IXOksCgcEA+6RxZhQ5GaCPYZNsk7TqxqsKopXKoYAr
2R4KWuexJTd+1kcNMk0ETX8OSgpY2cYL2uPFWmdutxPpLfpr8S2u92Da/Wxs70Ti
QSb0426ybTmnS5L7nOnGOHiddXILhW175liAszTeoR7nQ6vpr9YjfcnrXiB8bKIm
akft2DQoxrBPzEe9tA8gfkyDTsSG2j7kncSbvYRtkKcJOmmypotVU6uhRPSrSXCc
J59uBQkg6Bk4CKA1mz8ctG07MluFY0/ZAoHBANRpZlfIFl39gFmuEER7lb80GySO
J190LbqOca3dGOvAMsDgEAi6juJyX7ZNpbHFHj++LvmTtw9+kxhVDBcswS7304kt
7J2EfnGdctEZtXif1wiq30YWAp1tjRpQENKtt9wssmgcwgK39rZNiEHmStHGv3l+
5TnKPKeuFCDnsLvi5lQYoK2wTYvZtsjf+Rnt7H17q90IV54pMjTS8BkGskCkKf2A
IYuaZkqX0T3cM6ovoYYDAU6rWL5rrYPLEwkbawKBwQCnwvZEDXtmawpBDPMNI0cv
HLHBuTHBAB07aVw8mnYYz6nkL14hiK2I/17cBuXmhAfnQoORmknPYptz/Ef2HnSk
6zyo8vNKLewrb03s9Hbze8TdDKe98S7QUGj49rJY86fu5asiIz8WFJotHUZ1OWz+
hpzpav2dwW7xhUk6zXCEdYqIL9PNX2r+3azfLa88Ke2+gxJ+WEkLGgYm8SHEXOON
HRYt+HIw9b1vv56uBhXwENAFwCO81L3Nnid2565CNTsCgcEAjZuZj9q5k/5VkR61
gv0Of3gSGF7E6k1z0bRLyT4QnSrMgJVgBdG0lvbqeYkZIS4UKn7J+7fPX6m3ZY4I
D3MrdKU3sMlIaQL+9mj3NhEjpb/ksHHqLrlXE55eEYq14cklPXMhmr3WrHqkeYkF
gUQx4S8qUP9De9wob8liwJp10pdEOBBrHnWJB+Z52z/7Zp6dqP0dPgWPvsYheIyg
EK8hgG1xU6rBB7xEMbqLfpLNHB/BBAIA3xzl1EfJAodiBhJHAoHAeTS2znDHYayI
TvK86tBAPVORiBVTSdRUONdGF3dipo24hyeyrI5MtiOoMc3sKWXnSTkDQWa3WiPx
qStBmmO/SbGTuz7T6+oOwGeMiYzYBe87Ayn8Y0KYYshFikieJbGusHjUlIGmCVPy
UHrDMYGwFGUGBwW47gBsnZa+YPHtxWCPDe/U80et2Trx0RXJJQPmupAVMSiJWObI
9k5gRU+xDqkHanyD1gkGGwhFTUNX94EJEOdQEWw3hxLnVtePoke/
-----END RSA PRIVATE KEY-----

223
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave3/Utility_E3.cpp
View file

@ -1,223 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include "sgx_eid.h"
#include "EnclaveMessageExchange.h"
#include "error_codes.h"
#include "Utility_E3.h"
#include "stdlib.h"
#include "string.h"
uint32_t marshal_input_parameters_e1_foo1(uint32_t target_fn_id, uint32_t msg_type, external_param_struct_t *p_struct_var, size_t len_data, size_t len_ptr_data, char** marshalled_buff, size_t* marshalled_buff_len)
{
ms_in_msg_exchange_t *ms;
size_t param_len, ms_len;
char *temp_buff;
int* addr;
char* struct_data;
if(!p_struct_var || !marshalled_buff_len)
return INVALID_PARAMETER_ERROR;
struct_data = (char*)p_struct_var;
temp_buff = (char*)malloc(len_data + len_ptr_data);
if(!temp_buff)
return MALLOC_ERROR;
memcpy(temp_buff, struct_data, len_data);
addr = *(int **)(struct_data + len_data);
memcpy(temp_buff + len_data, addr, len_ptr_data); //can be optimized
param_len = len_data + len_ptr_data;
ms_len = sizeof(ms_in_msg_exchange_t) + param_len;
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
if(!ms)
{
SAFE_FREE(temp_buff);
return MALLOC_ERROR;
}
ms->msg_type = msg_type;
ms->target_fn_id = target_fn_id;
ms->inparam_buff_len = (uint32_t)param_len;
memcpy(&ms->inparam_buff, temp_buff, param_len);
*marshalled_buff = (char*)ms;
*marshalled_buff_len = ms_len;
SAFE_FREE(temp_buff);
return SUCCESS;
}
uint32_t marshal_retval_and_output_parameters_e3_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval, param_struct_t *p_struct_var)
{
ms_out_msg_exchange_t *ms;
size_t ret_param_len, ms_len;
char *temp_buff;
size_t retval_len;
if(!resp_length || !p_struct_var)
return INVALID_PARAMETER_ERROR;
retval_len = sizeof(retval);
ret_param_len = sizeof(retval) + sizeof(param_struct_t);
temp_buff = (char*)malloc(ret_param_len);
if(!temp_buff)
return MALLOC_ERROR;
memcpy(temp_buff, &retval, sizeof(retval));
memcpy(temp_buff + sizeof(retval), p_struct_var, sizeof(param_struct_t));
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
if(!ms)
{
SAFE_FREE(temp_buff);
return MALLOC_ERROR;
}
ms->retval_len = (uint32_t)retval_len;
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
memcpy(&ms->ret_outparam_buff, temp_buff, ret_param_len);
*resp_buffer = (char*)ms;
*resp_length = ms_len;
SAFE_FREE(temp_buff);
return SUCCESS;
}
uint32_t unmarshal_input_parameters_e3_foo1(param_struct_t *pstruct, ms_in_msg_exchange_t* ms)
{
char* buff;
size_t len;
if(!pstruct || !ms)
return INVALID_PARAMETER_ERROR;
buff = ms->inparam_buff;
len = ms->inparam_buff_len;
if(len != (sizeof(pstruct->var1) + sizeof(pstruct->var2)))
return ATTESTATION_ERROR;
memcpy(&pstruct->var1, buff, sizeof(pstruct->var1));
memcpy(&pstruct->var2, buff + sizeof(pstruct->var1), sizeof(pstruct->var2));
return SUCCESS;
}
uint32_t unmarshal_retval_and_output_parameters_e1_foo1(char* out_buff, external_param_struct_t *p_struct_var, char** retval)
{
size_t retval_len;
ms_out_msg_exchange_t *ms;
if(!out_buff || !p_struct_var)
return INVALID_PARAMETER_ERROR;
ms = (ms_out_msg_exchange_t *)out_buff;
retval_len = ms->retval_len;
*retval = (char*)malloc(retval_len);
if(!*retval)
{
return MALLOC_ERROR;
}
memcpy(*retval, ms->ret_outparam_buff, retval_len);
memcpy(&p_struct_var->var1, (ms->ret_outparam_buff) + retval_len, sizeof(p_struct_var->var1));
memcpy(&p_struct_var->var2, (ms->ret_outparam_buff) + retval_len + sizeof(p_struct_var->var1), sizeof(p_struct_var->var2));
memcpy(&p_struct_var->p_internal_struct->ivar1, (ms->ret_outparam_buff) + retval_len + sizeof(p_struct_var->var1)+ sizeof(p_struct_var->var2), sizeof(p_struct_var->p_internal_struct->ivar1));
memcpy(&p_struct_var->p_internal_struct->ivar2, (ms->ret_outparam_buff) + retval_len + sizeof(p_struct_var->var1)+ sizeof(p_struct_var->var2) + sizeof(p_struct_var->p_internal_struct->ivar1), sizeof(p_struct_var->p_internal_struct->ivar2));
return SUCCESS;
}
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len)
{
ms_in_msg_exchange_t *ms;
size_t secret_data_len, ms_len;
if(!marshalled_buff_len)
return INVALID_PARAMETER_ERROR;
secret_data_len = sizeof(secret_data);
ms_len = sizeof(ms_in_msg_exchange_t) + secret_data_len;
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
if(!ms)
return MALLOC_ERROR;
ms->msg_type = msg_type;
ms->target_fn_id = target_fn_id;
ms->inparam_buff_len = (uint32_t)secret_data_len;
memcpy(&ms->inparam_buff, &secret_data, secret_data_len);
*marshalled_buff = (char*)ms;
*marshalled_buff_len = ms_len;
return SUCCESS;
}
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms)
{
char* buff;
size_t len;
if(!inp_secret_data || !ms)
return INVALID_PARAMETER_ERROR;
buff = ms->inparam_buff;
len = ms->inparam_buff_len;
if(len != sizeof(uint32_t))
return ATTESTATION_ERROR;
memcpy(inp_secret_data, buff, sizeof(uint32_t));
return SUCCESS;
}
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response)
{
ms_out_msg_exchange_t *ms;
size_t secret_response_len, ms_len;
size_t retval_len, ret_param_len;
if(!resp_length)
return INVALID_PARAMETER_ERROR;
secret_response_len = sizeof(secret_response);
retval_len = secret_response_len;
ret_param_len = secret_response_len;
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
if(!ms)
return MALLOC_ERROR;
ms->retval_len = (uint32_t)retval_len;
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
memcpy(&ms->ret_outparam_buff, &secret_response, secret_response_len);
*resp_buffer = (char*)ms;
*resp_length = ms_len;
return SUCCESS;
}
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response)
{
size_t retval_len;
ms_out_msg_exchange_t *ms;
if(!out_buff)
return INVALID_PARAMETER_ERROR;
ms = (ms_out_msg_exchange_t *)out_buff;
retval_len = ms->retval_len;
*secret_response = (char*)malloc(retval_len);
if(!*secret_response)
{
return MALLOC_ERROR;
}
memcpy(*secret_response, ms->ret_outparam_buff, retval_len);
return SUCCESS;
}

73
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave3/Utility_E3.h
View file

@ -1,73 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef UTILITY_E3_H__
#define UTILITY_E3_H__
#include "stdint.h"
typedef struct _internal_param_struct_t
{
uint32_t ivar1;
uint32_t ivar2;
}internal_param_struct_t;
typedef struct _external_param_struct_t
{
uint32_t var1;
uint32_t var2;
internal_param_struct_t *p_internal_struct;
}external_param_struct_t;
typedef struct _param_struct_t
{
uint32_t var1;
uint32_t var2;
}param_struct_t;
#ifdef __cplusplus
extern "C" {
#endif
uint32_t marshal_input_parameters_e1_foo1(uint32_t target_fn_id, uint32_t msg_type, external_param_struct_t *p_struct_var, size_t len_data, size_t len_ptr_data, char** marshalled_buff, size_t* marshalled_buff_len);
uint32_t unmarshal_retval_and_output_parameters_e1_foo1(char* out_buff, external_param_struct_t *p_struct_var, char** retval);
uint32_t unmarshal_input_parameters_e3_foo1(param_struct_t *pstruct, ms_in_msg_exchange_t* ms);
uint32_t marshal_retval_and_output_parameters_e3_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval, param_struct_t *p_struct_var);
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len);
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms);
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response);
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response);
#ifdef __cplusplus
}
#endif
#endif

68
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Include/dh_session_protocol.h
View file

@ -1,68 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef _DH_SESSION_PROROCOL_H
#define _DH_SESSION_PROROCOL_H
#include "sgx_ecp_types.h"
#include "sgx_key.h"
#include "sgx_report.h"
#include "sgx_attributes.h"
#define NONCE_SIZE 16
#define MAC_SIZE 16
#define MSG_BUF_LEN sizeof(ec_pub_t)*2
#define MSG_HASH_SZ 32
//Session information structure
typedef struct _la_dh_session_t
{
uint32_t session_id; //Identifies the current session
uint32_t status; //Indicates session is in progress, active or closed
union
{
struct
{
sgx_dh_session_t dh_session;
}in_progress;
struct
{
sgx_key_128bit_t AEK; //Session Key
uint32_t counter; //Used to store Message Sequence Number
}active;
};
} dh_session_t;
#endif

726
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/LocalAttestationCode/EnclaveMessageExchange.cpp
View file

@ -1,726 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include "sgx_trts.h"
#include "sgx_utils.h"
#include "EnclaveMessageExchange.h"
#include "sgx_eid.h"
#include "error_codes.h"
#include "sgx_ecp_types.h"
#include "sgx_thread.h"
#include <map>
#include "dh_session_protocol.h"
#include "sgx_dh.h"
#include "sgx_tcrypto.h"
#include "LocalAttestationCode_t.h"
#ifdef __cplusplus
extern "C" {
#endif
uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data, size_t decrypted_data_length, char** resp_buffer, size_t* resp_length);
uint32_t message_exchange_response_generator(char* decrypted_data, char** resp_buffer, size_t* resp_length);
uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity);
#ifdef __cplusplus
}
#endif
#define MAX_SESSION_COUNT 16
//number of open sessions
uint32_t g_session_count = 0;
ATTESTATION_STATUS generate_session_id(uint32_t *session_id);
ATTESTATION_STATUS end_session(sgx_enclave_id_t src_enclave_id);
//Array of open session ids
session_id_tracker_t *g_session_id_tracker[MAX_SESSION_COUNT];
//Map between the source enclave id and the session information associated with that particular session
std::map<sgx_enclave_id_t, dh_session_t>g_dest_session_info_map;
//Create a session with the destination enclave
ATTESTATION_STATUS create_session(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id,
dh_session_t *session_info)
{
ocall_print_string("[ECALL] create_session()\n");
sgx_dh_msg1_t dh_msg1; //Diffie-Hellman Message 1
sgx_key_128bit_t dh_aek; // Session Key
sgx_dh_msg2_t dh_msg2; //Diffie-Hellman Message 2
sgx_dh_msg3_t dh_msg3; //Diffie-Hellman Message 3
uint32_t session_id;
uint32_t retstatus;
sgx_status_t status = SGX_SUCCESS;
sgx_dh_session_t sgx_dh_session;
sgx_dh_session_enclave_identity_t responder_identity;
if(!session_info)
{
return INVALID_PARAMETER_ERROR;
}
memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
memset(&dh_msg1, 0, sizeof(sgx_dh_msg1_t));
memset(&dh_msg2, 0, sizeof(sgx_dh_msg2_t));
memset(&dh_msg3, 0, sizeof(sgx_dh_msg3_t));
memset(session_info, 0, sizeof(dh_session_t));
//Intialize the session as a session initiator
ocall_print_string("[ECALL] Initializing the session as session initiator...\n");
status = sgx_dh_init_session(SGX_DH_SESSION_INITIATOR, &sgx_dh_session);
if(SGX_SUCCESS != status)
{
return status;
}
//Ocall to request for a session with the destination enclave and obtain session id and Message 1 if successful
status = session_request_ocall(&retstatus, src_enclave_id, dest_enclave_id, &dh_msg1, &session_id);
if (status == SGX_SUCCESS)
{
if ((ATTESTATION_STATUS)retstatus != SUCCESS)
return ((ATTESTATION_STATUS)retstatus);
}
else
{
return ATTESTATION_SE_ERROR;
}
ocall_print_string("[ECALL] Processing message1 obtained from Enclave2 and generate message2\n");
status = sgx_dh_initiator_proc_msg1(&dh_msg1, &dh_msg2, &sgx_dh_session);
if(SGX_SUCCESS != status)
{
return status;
}
//Send Message 2 to Destination Enclave and get Message 3 in return
status = exchange_report_ocall(&retstatus, src_enclave_id, dest_enclave_id, &dh_msg2, &dh_msg3, session_id);
if (status == SGX_SUCCESS)
{
if ((ATTESTATION_STATUS)retstatus != SUCCESS)
return ((ATTESTATION_STATUS)retstatus);
}
else
{
return ATTESTATION_SE_ERROR;
}
//Process Message 3 obtained from the destination enclave
ocall_print_string("[ECALL] Processing message3 obtained from Enclave3\n");
status = sgx_dh_initiator_proc_msg3(&dh_msg3, &sgx_dh_session, &dh_aek, &responder_identity);
if(SGX_SUCCESS != status)
{
return status;
}
// Verify the identity of the destination enclave
ocall_print_string("[ECALL] Verifying Encalve2(Responder)'s trust\n");
if(verify_peer_enclave_trust(&responder_identity) != SUCCESS)
{
return INVALID_SESSION;
}
memcpy(session_info->active.AEK, &dh_aek, sizeof(sgx_key_128bit_t));
session_info->session_id = session_id;
session_info->active.counter = 0;
session_info->status = ACTIVE;
memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
return status;
}
//Handle the request from Source Enclave for a session
ATTESTATION_STATUS session_request(sgx_enclave_id_t src_enclave_id,
sgx_dh_msg1_t *dh_msg1,
uint32_t *session_id )
{
dh_session_t session_info;
sgx_dh_session_t sgx_dh_session;
sgx_status_t status = SGX_SUCCESS;
if(!session_id || !dh_msg1)
{
return INVALID_PARAMETER_ERROR;
}
//Intialize the session as a session responder
status = sgx_dh_init_session(SGX_DH_SESSION_RESPONDER, &sgx_dh_session);
if(SGX_SUCCESS != status)
{
return status;
}
//get a new SessionID
if ((status = (sgx_status_t)generate_session_id(session_id)) != SUCCESS)
return status; //no more sessions available
//Allocate memory for the session id tracker
g_session_id_tracker[*session_id] = (session_id_tracker_t *)malloc(sizeof(session_id_tracker_t));
if(!g_session_id_tracker[*session_id])
{
return MALLOC_ERROR;
}
memset(g_session_id_tracker[*session_id], 0, sizeof(session_id_tracker_t));
g_session_id_tracker[*session_id]->session_id = *session_id;
session_info.status = IN_PROGRESS;
//Generate Message1 that will be returned to Source Enclave
status = sgx_dh_responder_gen_msg1((sgx_dh_msg1_t*)dh_msg1, &sgx_dh_session);
if(SGX_SUCCESS != status)
{
SAFE_FREE(g_session_id_tracker[*session_id]);
return status;
}
memcpy(&session_info.in_progress.dh_session, &sgx_dh_session, sizeof(sgx_dh_session_t));
//Store the session information under the correspoding source enlave id key
g_dest_session_info_map.insert(std::pair<sgx_enclave_id_t, dh_session_t>(src_enclave_id, session_info));
return status;
}
//Verify Message 2, generate Message3 and exchange Message 3 with Source Enclave
ATTESTATION_STATUS exchange_report(sgx_enclave_id_t src_enclave_id,
sgx_dh_msg2_t *dh_msg2,
sgx_dh_msg3_t *dh_msg3,
uint32_t session_id)
{
sgx_key_128bit_t dh_aek; // Session key
dh_session_t *session_info;
ATTESTATION_STATUS status = SUCCESS;
sgx_dh_session_t sgx_dh_session;
sgx_dh_session_enclave_identity_t initiator_identity;
if(!dh_msg2 || !dh_msg3)
{
return INVALID_PARAMETER_ERROR;
}
memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
do
{
//Retreive the session information for the corresponding source enclave id
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_dest_session_info_map.find(src_enclave_id);
if(it != g_dest_session_info_map.end())
{
session_info = &it->second;
}
else
{
status = INVALID_SESSION;
break;
}
if(session_info->status != IN_PROGRESS)
{
status = INVALID_SESSION;
break;
}
memcpy(&sgx_dh_session, &session_info->in_progress.dh_session, sizeof(sgx_dh_session_t));
dh_msg3->msg3_body.additional_prop_length = 0;
//Process message 2 from source enclave and obtain message 3
sgx_status_t se_ret = sgx_dh_responder_proc_msg2(dh_msg2,
dh_msg3,
&sgx_dh_session,
&dh_aek,
&initiator_identity);
if(SGX_SUCCESS != se_ret)
{
status = se_ret;
break;
}
//Verify source enclave's trust
if(verify_peer_enclave_trust(&initiator_identity) != SUCCESS)
{
return INVALID_SESSION;
}
//save the session ID, status and initialize the session nonce
session_info->session_id = session_id;
session_info->status = ACTIVE;
session_info->active.counter = 0;
memcpy(session_info->active.AEK, &dh_aek, sizeof(sgx_key_128bit_t));
memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
g_session_count++;
}while(0);
if(status != SUCCESS)
{
end_session(src_enclave_id);
}
return status;
}
//Request for the response size, send the request message to the destination enclave and receive the response message back
ATTESTATION_STATUS send_request_receive_response(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id,
dh_session_t *session_info,
char *inp_buff,
size_t inp_buff_len,
size_t max_out_buff_size,
char **out_buff,
size_t* out_buff_len)
{
const uint8_t* plaintext;
uint32_t plaintext_length;
sgx_status_t status;
uint32_t retstatus;
secure_message_t* req_message;
secure_message_t* resp_message;
uint8_t *decrypted_data;
uint32_t decrypted_data_length;
uint32_t plain_text_offset;
uint8_t l_tag[TAG_SIZE];
size_t max_resp_message_length;
plaintext = (const uint8_t*)(" ");
plaintext_length = 0;
if(!session_info || !inp_buff)
{
return INVALID_PARAMETER_ERROR;
}
//Check if the nonce for the session has not exceeded 2^32-2 if so end session and start a new session
if(session_info->active.counter == ((uint32_t) - 2))
{
close_session(src_enclave_id, dest_enclave_id);
create_session(src_enclave_id, dest_enclave_id, session_info);
}
//Allocate memory for the AES-GCM request message
req_message = (secure_message_t*)malloc(sizeof(secure_message_t)+ inp_buff_len);
if(!req_message)
{
return MALLOC_ERROR;
}
memset(req_message,0,sizeof(secure_message_t)+ inp_buff_len);
const uint32_t data2encrypt_length = (uint32_t)inp_buff_len;
//Set the payload size to data to encrypt length
req_message->message_aes_gcm_data.payload_size = data2encrypt_length;
//Use the session nonce as the payload IV
memcpy(req_message->message_aes_gcm_data.reserved,&session_info->active.counter,sizeof(session_info->active.counter));
//Set the session ID of the message to the current session id
req_message->session_id = session_info->session_id;
//Prepare the request message with the encrypted payload
status = sgx_rijndael128GCM_encrypt(&session_info->active.AEK, (uint8_t*)inp_buff, data2encrypt_length,
reinterpret_cast<uint8_t *>(&(req_message->message_aes_gcm_data.payload)),
reinterpret_cast<uint8_t *>(&(req_message->message_aes_gcm_data.reserved)),
sizeof(req_message->message_aes_gcm_data.reserved), plaintext, plaintext_length,
&(req_message->message_aes_gcm_data.payload_tag));
if(SGX_SUCCESS != status)
{
SAFE_FREE(req_message);
return status;
}
//Allocate memory for the response payload to be copied
*out_buff = (char*)malloc(max_out_buff_size);
if(!*out_buff)
{
SAFE_FREE(req_message);
return MALLOC_ERROR;
}
memset(*out_buff, 0, max_out_buff_size);
//Allocate memory for the response message
resp_message = (secure_message_t*)malloc(sizeof(secure_message_t)+ max_out_buff_size);
if(!resp_message)
{
SAFE_FREE(req_message);
return MALLOC_ERROR;
}
memset(resp_message, 0, sizeof(secure_message_t)+ max_out_buff_size);
//Ocall to send the request to the Destination Enclave and get the response message back
status = send_request_ocall(&retstatus, src_enclave_id, dest_enclave_id, req_message,
(sizeof(secure_message_t)+ inp_buff_len), max_out_buff_size,
resp_message, (sizeof(secure_message_t)+ max_out_buff_size));
if (status == SGX_SUCCESS)
{
if ((ATTESTATION_STATUS)retstatus != SUCCESS)
{
SAFE_FREE(req_message);
SAFE_FREE(resp_message);
return ((ATTESTATION_STATUS)retstatus);
}
}
else
{
SAFE_FREE(req_message);
SAFE_FREE(resp_message);
return ATTESTATION_SE_ERROR;
}
max_resp_message_length = sizeof(secure_message_t)+ max_out_buff_size;
if(sizeof(resp_message) > max_resp_message_length)
{
SAFE_FREE(req_message);
SAFE_FREE(resp_message);
return INVALID_PARAMETER_ERROR;
}
//Code to process the response message from the Destination Enclave
decrypted_data_length = resp_message->message_aes_gcm_data.payload_size;
plain_text_offset = decrypted_data_length;
decrypted_data = (uint8_t*)malloc(decrypted_data_length);
if(!decrypted_data)
{
SAFE_FREE(req_message);
SAFE_FREE(resp_message);
return MALLOC_ERROR;
}
memset(&l_tag, 0, 16);
memset(decrypted_data, 0, decrypted_data_length);
//Decrypt the response message payload
status = sgx_rijndael128GCM_decrypt(&session_info->active.AEK, resp_message->message_aes_gcm_data.payload,
decrypted_data_length, decrypted_data,
reinterpret_cast<uint8_t *>(&(resp_message->message_aes_gcm_data.reserved)),
sizeof(resp_message->message_aes_gcm_data.reserved), &(resp_message->message_aes_gcm_data.payload[plain_text_offset]), plaintext_length,
&resp_message->message_aes_gcm_data.payload_tag);
if(SGX_SUCCESS != status)
{
SAFE_FREE(req_message);
SAFE_FREE(decrypted_data);
SAFE_FREE(resp_message);
return status;
}
// Verify if the nonce obtained in the response is equal to the session nonce + 1 (Prevents replay attacks)
if(*(resp_message->message_aes_gcm_data.reserved) != (session_info->active.counter + 1 ))
{
SAFE_FREE(req_message);
SAFE_FREE(resp_message);
SAFE_FREE(decrypted_data);
return INVALID_PARAMETER_ERROR;
}
//Update the value of the session nonce in the source enclave
session_info->active.counter = session_info->active.counter + 1;
memcpy(out_buff_len, &decrypted_data_length, sizeof(decrypted_data_length));
memcpy(*out_buff, decrypted_data, decrypted_data_length);
SAFE_FREE(decrypted_data);
SAFE_FREE(req_message);
SAFE_FREE(resp_message);
return SUCCESS;
}
//Process the request from the Source enclave and send the response message back to the Source enclave
ATTESTATION_STATUS generate_response(sgx_enclave_id_t src_enclave_id,
secure_message_t* req_message,
size_t req_message_size,
size_t max_payload_size,
secure_message_t* resp_message,
size_t resp_message_size)
{
const uint8_t* plaintext;
uint32_t plaintext_length;
uint8_t *decrypted_data;
uint32_t decrypted_data_length;
uint32_t plain_text_offset;
ms_in_msg_exchange_t * ms;
size_t resp_data_length;
size_t resp_message_calc_size;
char* resp_data;
uint8_t l_tag[TAG_SIZE];
size_t header_size, expected_payload_size;
dh_session_t *session_info;
secure_message_t* temp_resp_message;
uint32_t ret;
sgx_status_t status;
plaintext = (const uint8_t*)(" ");
plaintext_length = 0;
if(!req_message || !resp_message)
{
return INVALID_PARAMETER_ERROR;
}
//Get the session information from the map corresponding to the source enclave id
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_dest_session_info_map.find(src_enclave_id);
if(it != g_dest_session_info_map.end())
{
session_info = &it->second;
}
else
{
return INVALID_SESSION;
}
if(session_info->status != ACTIVE)
{
return INVALID_SESSION;
}
//Set the decrypted data length to the payload size obtained from the message
decrypted_data_length = req_message->message_aes_gcm_data.payload_size;
header_size = sizeof(secure_message_t);
expected_payload_size = req_message_size - header_size;
//Verify the size of the payload
if(expected_payload_size != decrypted_data_length)
return INVALID_PARAMETER_ERROR;
memset(&l_tag, 0, 16);
plain_text_offset = decrypted_data_length;
decrypted_data = (uint8_t*)malloc(decrypted_data_length);
if(!decrypted_data)
{
return MALLOC_ERROR;
}
memset(decrypted_data, 0, decrypted_data_length);
//Decrypt the request message payload from source enclave
status = sgx_rijndael128GCM_decrypt(&session_info->active.AEK, req_message->message_aes_gcm_data.payload,
decrypted_data_length, decrypted_data,
reinterpret_cast<uint8_t *>(&(req_message->message_aes_gcm_data.reserved)),
sizeof(req_message->message_aes_gcm_data.reserved), &(req_message->message_aes_gcm_data.payload[plain_text_offset]), plaintext_length,
&req_message->message_aes_gcm_data.payload_tag);
if(SGX_SUCCESS != status)
{
SAFE_FREE(decrypted_data);
return status;
}
//Casting the decrypted data to the marshaling structure type to obtain type of request (generic message exchange/enclave to enclave call)
ms = (ms_in_msg_exchange_t *)decrypted_data;
// Verify if the nonce obtained in the request is equal to the session nonce
if((uint32_t)*(req_message->message_aes_gcm_data.reserved) != session_info->active.counter || *(req_message->message_aes_gcm_data.reserved) > ((2^32)-2))
{
SAFE_FREE(decrypted_data);
return INVALID_PARAMETER_ERROR;
}
if(ms->msg_type == MESSAGE_EXCHANGE)
{
//Call the generic secret response generator for message exchange
ret = message_exchange_response_generator((char*)decrypted_data, &resp_data, &resp_data_length);
if(ret !=0)
{
SAFE_FREE(decrypted_data);
SAFE_FREE(resp_data);
return INVALID_SESSION;
}
}
else if(ms->msg_type == ENCLAVE_TO_ENCLAVE_CALL)
{
//Call the destination enclave's dispatcher to call the appropriate function in the destination enclave
ret = enclave_to_enclave_call_dispatcher((char*)decrypted_data, decrypted_data_length, &resp_data, &resp_data_length);
if(ret !=0)
{
SAFE_FREE(decrypted_data);
SAFE_FREE(resp_data);
return INVALID_SESSION;
}
}
else
{
SAFE_FREE(decrypted_data);
return INVALID_REQUEST_TYPE_ERROR;
}
if(resp_data_length > max_payload_size)
{
SAFE_FREE(resp_data);
SAFE_FREE(decrypted_data);
return OUT_BUFFER_LENGTH_ERROR;
}
resp_message_calc_size = sizeof(secure_message_t)+ resp_data_length;
if(resp_message_calc_size > resp_message_size)
{
SAFE_FREE(resp_data);
SAFE_FREE(decrypted_data);
return OUT_BUFFER_LENGTH_ERROR;
}
//Code to build the response back to the Source Enclave
temp_resp_message = (secure_message_t*)malloc(resp_message_calc_size);
if(!temp_resp_message)
{
SAFE_FREE(resp_data);
SAFE_FREE(decrypted_data);
return MALLOC_ERROR;
}
memset(temp_resp_message,0,sizeof(secure_message_t)+ resp_data_length);
const uint32_t data2encrypt_length = (uint32_t)resp_data_length;
temp_resp_message->session_id = session_info->session_id;
temp_resp_message->message_aes_gcm_data.payload_size = data2encrypt_length;
//Increment the Session Nonce (Replay Protection)
session_info->active.counter = session_info->active.counter + 1;
//Set the response nonce as the session nonce
memcpy(&temp_resp_message->message_aes_gcm_data.reserved,&session_info->active.counter,sizeof(session_info->active.counter));
//Prepare the response message with the encrypted payload
status = sgx_rijndael128GCM_encrypt(&session_info->active.AEK, (uint8_t*)resp_data, data2encrypt_length,
reinterpret_cast<uint8_t *>(&(temp_resp_message->message_aes_gcm_data.payload)),
reinterpret_cast<uint8_t *>(&(temp_resp_message->message_aes_gcm_data.reserved)),
sizeof(temp_resp_message->message_aes_gcm_data.reserved), plaintext, plaintext_length,
&(temp_resp_message->message_aes_gcm_data.payload_tag));
if(SGX_SUCCESS != status)
{
SAFE_FREE(resp_data);
SAFE_FREE(decrypted_data);
SAFE_FREE(temp_resp_message);
return status;
}
memset(resp_message, 0, sizeof(secure_message_t)+ resp_data_length);
memcpy(resp_message, temp_resp_message, sizeof(secure_message_t)+ resp_data_length);
SAFE_FREE(decrypted_data);
SAFE_FREE(resp_data);
SAFE_FREE(temp_resp_message);
return SUCCESS;
}
//Close a current session
ATTESTATION_STATUS close_session(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id)
{
sgx_status_t status;
uint32_t retstatus;
//Ocall to ask the destination enclave to end the session
status = end_session_ocall(&retstatus, src_enclave_id, dest_enclave_id);
if (status == SGX_SUCCESS)
{
if ((ATTESTATION_STATUS)retstatus != SUCCESS)
return ((ATTESTATION_STATUS)retstatus);
}
else
{
return ATTESTATION_SE_ERROR;
}
return SUCCESS;
}
//Respond to the request from the Source Enclave to close the session
ATTESTATION_STATUS end_session(sgx_enclave_id_t src_enclave_id)
{
ATTESTATION_STATUS status = SUCCESS;
int i;
dh_session_t session_info;
uint32_t session_id;
//Get the session information from the map corresponding to the source enclave id
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_dest_session_info_map.find(src_enclave_id);
if(it != g_dest_session_info_map.end())
{
session_info = it->second;
}
else
{
return INVALID_SESSION;
}
session_id = session_info.session_id;
//Erase the session information for the current session
g_dest_session_info_map.erase(src_enclave_id);
//Update the session id tracker
if (g_session_count > 0)
{
//check if session exists
for (i=1; i <= MAX_SESSION_COUNT; i++)
{
if(g_session_id_tracker[i-1] != NULL && g_session_id_tracker[i-1]->session_id == session_id)
{
memset(g_session_id_tracker[i-1], 0, sizeof(session_id_tracker_t));
SAFE_FREE(g_session_id_tracker[i-1]);
g_session_count--;
break;
}
}
}
return status;
}
//Returns a new sessionID for the source destination session
ATTESTATION_STATUS generate_session_id(uint32_t *session_id)
{
ATTESTATION_STATUS status = SUCCESS;
if(!session_id)
{
return INVALID_PARAMETER_ERROR;
}
//if the session structure is untintialized, set that as the next session ID
for (int i = 0; i < MAX_SESSION_COUNT; i++)
{
if (g_session_id_tracker[i] == NULL)
{
*session_id = i;
return status;
}
}
status = NO_AVAILABLE_SESSION_ERROR;
return status;
}

54
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/LocalAttestationCode/EnclaveMessageExchange.h
View file

@ -1,54 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include "datatypes.h"
#include "sgx_eid.h"
#include "sgx_trts.h"
#include <map>
#include "dh_session_protocol.h"
#ifndef LOCALATTESTATION_H_
#define LOCALATTESTATION_H_
#ifdef __cplusplus
extern "C" {
#endif
uint32_t SGXAPI create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, dh_session_t *p_session_info);
uint32_t SGXAPI send_request_receive_response(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, dh_session_t *p_session_info, char *inp_buff, size_t inp_buff_len, size_t max_out_buff_size, char **out_buff, size_t* out_buff_len);
uint32_t SGXAPI close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
#ifdef __cplusplus
}
#endif
#endif

50
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/LocalAttestationCode/LocalAttestationCode.edl
View file

@ -1,50 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
enclave {
include "sgx_eid.h"
include "datatypes.h"
include "../Include/dh_session_protocol.h"
trusted{
public uint32_t session_request(sgx_enclave_id_t src_enclave_id, [out] sgx_dh_msg1_t *dh_msg1, [out] uint32_t *session_id);
public uint32_t exchange_report(sgx_enclave_id_t src_enclave_id, [in] sgx_dh_msg2_t *dh_msg2, [out] sgx_dh_msg3_t *dh_msg3, uint32_t session_id);
public uint32_t generate_response(sgx_enclave_id_t src_enclave_id, [in, size = req_message_size] secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, [out, size=resp_message_size] secure_message_t* resp_message, size_t resp_message_size );
public uint32_t end_session(sgx_enclave_id_t src_enclave_id);
};
untrusted{
uint32_t session_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [out] sgx_dh_msg1_t *dh_msg1,[out] uint32_t *session_id);
uint32_t exchange_report_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [in] sgx_dh_msg2_t *dh_msg2, [out] sgx_dh_msg3_t *dh_msg3, uint32_t session_id);
uint32_t send_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [in, size = req_message_size] secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, [out, size=resp_message_size] secure_message_t* resp_message, size_t resp_message_size);
uint32_t end_session_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
void ocall_print_string([in, string] const char *str);
};
};

105
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/LocalAttestationCode/datatypes.h
View file

@ -1,105 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include "sgx_report.h"
#include "sgx_eid.h"
#include "sgx_ecp_types.h"
#include "sgx_dh.h"
#include "sgx_tseal.h"
#ifndef DATATYPES_H_
#define DATATYPES_H_
#define DH_KEY_SIZE 20
#define NONCE_SIZE 16
#define MAC_SIZE 16
#define MAC_KEY_SIZE 16
#define PADDING_SIZE 16
#define TAG_SIZE 16
#define IV_SIZE 12
#define DERIVE_MAC_KEY 0x0
#define DERIVE_SESSION_KEY 0x1
#define DERIVE_VK1_KEY 0x3
#define DERIVE_VK2_KEY 0x4
#define CLOSED 0x0
#define IN_PROGRESS 0x1
#define ACTIVE 0x2
#define MESSAGE_EXCHANGE 0x0
#define ENCLAVE_TO_ENCLAVE_CALL 0x1
#define INVALID_ARGUMENT -2 ///< Invalid function argument
#define LOGIC_ERROR -3 ///< Functional logic error
#define FILE_NOT_FOUND -4 ///< File not found
#define SAFE_FREE(ptr) {if (NULL != (ptr)) {free(ptr); (ptr)=NULL;}}
#define VMC_ATTRIBUTE_MASK 0xFFFFFFFFFFFFFFCB
typedef uint8_t dh_nonce[NONCE_SIZE];
typedef uint8_t cmac_128[MAC_SIZE];
#pragma pack(push, 1)
//Format of the AES-GCM message being exchanged between the source and the destination enclaves
typedef struct _secure_message_t
{
uint32_t session_id; //Session ID identifyting the session to which the message belongs
sgx_aes_gcm_data_t message_aes_gcm_data;
}secure_message_t;
//Format of the input function parameter structure
typedef struct _ms_in_msg_exchange_t {
uint32_t msg_type; //Type of Call E2E or general message exchange
uint32_t target_fn_id; //Function Id to be called in Destination. Is valid only when msg_type=ENCLAVE_TO_ENCLAVE_CALL
uint32_t inparam_buff_len; //Length of the serialized input parameters
char inparam_buff[]; //Serialized input parameters
} ms_in_msg_exchange_t;
//Format of the return value and output function parameter structure
typedef struct _ms_out_msg_exchange_t {
uint32_t retval_len; //Length of the return value
uint32_t ret_outparam_buff_len; //Length of the serialized return value and output parameters
char ret_outparam_buff[]; //Serialized return value and output parameters
} ms_out_msg_exchange_t;
//Session Tracker to generate session ids
typedef struct _session_id_tracker_t
{
uint32_t session_id;
}session_id_tracker_t;
#pragma pack(pop)
#endif

53
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/LocalAttestationCode/error_codes.h
View file

@ -1,53 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef ERROR_CODES_H_
#define ERROR_CODES_H_
typedef uint32_t ATTESTATION_STATUS;
#define SUCCESS 0x00
#define INVALID_PARAMETER 0xE1
#define VALID_SESSION 0xE2
#define INVALID_SESSION 0xE3
#define ATTESTATION_ERROR 0xE4
#define ATTESTATION_SE_ERROR 0xE5
#define IPP_ERROR 0xE6
#define NO_AVAILABLE_SESSION_ERROR 0xE7
#define MALLOC_ERROR 0xE8
#define ERROR_TAG_MISMATCH 0xE9
#define OUT_BUFFER_LENGTH_ERROR 0xEA
#define INVALID_REQUEST_TYPE_ERROR 0xEB
#define INVALID_PARAMETER_ERROR 0xEC
#define ENCLAVE_TRUST_ERROR 0xED
#define ENCRYPT_DECRYPT_ERROR 0xEE
#define DUPLICATE_SESSION 0xEF
#endif

346
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Makefile
View file

@ -1,346 +0,0 @@
#
# Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
#
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
# * Neither the name of Intel Corporation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
#
######## SGX SDK Settings ########
SGX_SDK ?= /opt/intel/sgxsdk
SGX_MODE ?= HW
SGX_ARCH ?= x64
SGX_DEBUG ?= 1
ifeq ($(shell getconf LONG_BIT), 32)
SGX_ARCH := x86
else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32)
SGX_ARCH := x86
endif
ifeq ($(SGX_ARCH), x86)
SGX_COMMON_CFLAGS := -m32
SGX_LIBRARY_PATH := $(SGX_SDK)/lib
SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign
SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r
else
SGX_COMMON_CFLAGS := -m64
SGX_LIBRARY_PATH := $(SGX_SDK)/lib64
SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign
SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r
endif
ifeq ($(SGX_DEBUG), 1)
ifeq ($(SGX_PRERELEASE), 1)
$(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!)
endif
endif
ifeq ($(SGX_DEBUG), 1)
SGX_COMMON_CFLAGS += -O0 -g
else
SGX_COMMON_CFLAGS += -O2
endif
######## Library Settings ########
Trust_Lib_Name := libLocalAttestation_Trusted.a
TrustLib_Cpp_Files := $(wildcard LocalAttestationCode/*.cpp)
TrustLib_Cpp_Objects := $(TrustLib_Cpp_Files:.cpp=.o)
TrustLib_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx -I$(SGX_SDK)/include/epid -I./Include
TrustLib_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector $(TrustLib_Include_Paths)
TrustLib_Compile_Cxx_Flags := -std=c++11 -nostdinc++
UnTrustLib_Name := libLocalAttestation_unTrusted.a
UnTrustLib_Cpp_Files := $(wildcard Untrusted_LocalAttestation/*.cpp)
UnTrustLib_Cpp_Objects := $(UnTrustLib_Cpp_Files:.cpp=.o)
UnTrustLib_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/ippcp -I./Include -I./LocalAttestationCode
UnTrustLib_Compile_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes -std=c++11 $(UnTrustLib_Include_Paths)
######## App Settings ########
ifneq ($(SGX_MODE), HW)
Urts_Library_Name := sgx_urts_sim
else
Urts_Library_Name := sgx_urts
endif
App_Cpp_Files := $(wildcard App/*.cpp)
App_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/ippcp -I./Include -I./LocalAttestationCode
App_Compile_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths)
# Three configuration modes - Debug, prerelease, release
# Debug - Macro DEBUG enabled.
# Prerelease - Macro NDEBUG and EDEBUG enabled.
# Release - Macro NDEBUG enabled.
ifeq ($(SGX_DEBUG), 1)
App_Compile_Flags += -DDEBUG -UNDEBUG -UEDEBUG
else ifeq ($(SGX_PRERELEASE), 1)
App_Compile_Flags += -DNDEBUG -DEDEBUG -UDEBUG
else
App_Compile_Flags += -DNDEBUG -UEDEBUG -UDEBUG
endif
App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -L. -lpthread -lLocalAttestation_unTrusted
ifneq ($(SGX_MODE), HW)
App_Link_Flags += -lsgx_uae_service_sim
else
App_Link_Flags += -lsgx_uae_service
endif
App_Cpp_Objects := $(App_Cpp_Files:.cpp=.o)
App_Name := app
######## Enclave Settings ########
Enclave1_Version_Script := Enclave1/Enclave1.lds
Enclave2_Version_Script := Enclave2/Enclave2.lds
Enclave3_Version_Script := Enclave3/Enclave3.lds
ifneq ($(SGX_MODE), HW)
Trts_Library_Name := sgx_trts_sim
Service_Library_Name := sgx_tservice_sim
else
Trts_Library_Name := sgx_trts
Service_Library_Name := sgx_tservice
endif
Crypto_Library_Name := sgx_tcrypto
Enclave_Cpp_Files_1 := $(wildcard Enclave1/*.cpp)
Enclave_Cpp_Files_2 := $(wildcard Enclave2/*.cpp)
Enclave_Cpp_Files_3 := $(wildcard Enclave3/*.cpp)
Enclave_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx -I./LocalAttestationCode -I./Include
CC_BELOW_4_9 := $(shell expr "`$(CC) -dumpversion`" \< "4.9")
ifeq ($(CC_BELOW_4_9), 1)
Enclave_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -ffunction-sections -fdata-sections -fstack-protector
else
Enclave_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -ffunction-sections -fdata-sections -fstack-protector-strong
endif
Enclave_Compile_Flags += $(Enclave_Include_Paths)
# To generate a proper enclave, it is recommended to follow below guideline to link the trusted libraries:
# 1. Link sgx_trts with the `--whole-archive' and `--no-whole-archive' options,
# so that the whole content of trts is included in the enclave.
# 2. For other libraries, you just need to pull the required symbols.
# Use `--start-group' and `--end-group' to link these libraries.
# Do NOT move the libraries linked with `--start-group' and `--end-group' within `--whole-archive' and `--no-whole-archive' options.
# Otherwise, you may get some undesirable errors.
Common_Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \
-Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
-Wl,--start-group -lsgx_tstdc -lsgx_tcxx -l$(Crypto_Library_Name) -L. -lLocalAttestation_Trusted -l$(Service_Library_Name) -Wl,--end-group \
-Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
-Wl,-pie,-eenclave_entry -Wl,--export-dynamic \
-Wl,--defsym,__ImageBase=0 -Wl,--gc-sections
Enclave1_Link_Flags := $(Common_Enclave_Link_Flags) -Wl,--version-script=$(Enclave1_Version_Script)
Enclave2_Link_Flags := $(Common_Enclave_Link_Flags) -Wl,--version-script=$(Enclave2_Version_Script)
Enclave3_Link_Flags := $(Common_Enclave_Link_Flags) -Wl,--version-script=$(Enclave3_Version_Script)
Enclave_Cpp_Objects_1 := $(Enclave_Cpp_Files_1:.cpp=.o)
Enclave_Cpp_Objects_2 := $(Enclave_Cpp_Files_2:.cpp=.o)
Enclave_Cpp_Objects_3 := $(Enclave_Cpp_Files_3:.cpp=.o)
Enclave_Name_1 := libenclave1.so
Enclave_Name_2 := libenclave2.so
Enclave_Name_3 := libenclave3.so
ifeq ($(SGX_MODE), HW)
ifeq ($(SGX_DEBUG), 1)
Build_Mode = HW_DEBUG
else ifeq ($(SGX_PRERELEASE), 1)
Build_Mode = HW_PRERELEASE
else
Build_Mode = HW_RELEASE
endif
else
ifeq ($(SGX_DEBUG), 1)
Build_Mode = SIM_DEBUG
else ifeq ($(SGX_PRERELEASE), 1)
Build_Mode = SIM_PRERELEASE
else
Build_Mode = SIM_RELEASE
endif
endif
ifeq ($(Build_Mode), HW_RELEASE)
all: .config_$(Build_Mode)_$(SGX_ARCH) $(Trust_Lib_Name) $(UnTrustLib_Name) Enclave1.so Enclave2.so Enclave3.so $(App_Name)
@echo "The project has been built in release hardware mode."
@echo "Please sign the enclaves (Enclave1.so, Enclave2.so, Enclave3.so) first with your signing keys before you run the $(App_Name) to launch and access the enclave."
@echo "To sign the enclaves use the following commands:"
@echo " $(SGX_ENCLAVE_SIGNER) sign -key <key1> -enclave Enclave1.so -out <$(Enclave_Name_1)> -config Enclave1/Enclave1.config.xml"
@echo " $(SGX_ENCLAVE_SIGNER) sign -key <key2> -enclave Enclave2.so -out <$(Enclave_Name_2)> -config Enclave2/Enclave2.config.xml"
@echo " $(SGX_ENCLAVE_SIGNER) sign -key <key3> -enclave Enclave3.so -out <$(Enclave_Name_3)> -config Enclave3/Enclave3.config.xml"
@echo "You can also sign the enclaves using an external signing tool."
@echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW."
else
all: .config_$(Build_Mode)_$(SGX_ARCH) $(Trust_Lib_Name) $(UnTrustLib_Name) $(Enclave_Name_1) $(Enclave_Name_2) $(Enclave_Name_3) $(App_Name)
ifeq ($(Build_Mode), HW_DEBUG)
@echo "The project has been built in debug hardware mode."
else ifeq ($(Build_Mode), SIM_DEBUG)
@echo "The project has been built in debug simulation mode."
else ifeq ($(Build_Mode), HW_PRERELEASE)
@echo "The project has been built in pre-release hardware mode."
else ifeq ($(Build_Mode), SIM_PRERELEASE)
@echo "The project has been built in pre-release simulation mode."
else
@echo "The project has been built in release simulation mode."
endif
endif
.config_$(Build_Mode)_$(SGX_ARCH):
@rm -rf .config_* $(App_Name) *.so *.a App/*.o Enclave1/*.o Enclave1/*_t.* Enclave1/*_u.* Enclave2/*.o Enclave2/*_t.* Enclave2/*_u.* Enclave3/*.o Enclave3/*_t.* Enclave3/*_u.* LocalAttestationCode/*.o Untrusted_LocalAttestation/*.o LocalAttestationCode/*_t.*
@touch .config_$(Build_Mode)_$(SGX_ARCH)
######## Library Objects ########
LocalAttestationCode/LocalAttestationCode_t.c LocalAttestationCode/LocalAttestationCode_t.h : $(SGX_EDGER8R) LocalAttestationCode/LocalAttestationCode.edl
@cd LocalAttestationCode && $(SGX_EDGER8R) --trusted ../LocalAttestationCode/LocalAttestationCode.edl --search-path $(SGX_SDK)/include
@echo "GEN => $@"
LocalAttestationCode/LocalAttestationCode_t.o: LocalAttestationCode/LocalAttestationCode_t.c
@$(CC) $(TrustLib_Compile_Flags) -c $< -o $@
@echo "CC <= $<"
LocalAttestationCode/%.o: LocalAttestationCode/%.cpp LocalAttestationCode/LocalAttestationCode_t.h
@$(CXX) $(TrustLib_Compile_Flags) $(TrustLib_Compile_Cxx_Flags) -c $< -o $@
@echo "CC <= $<"
$(Trust_Lib_Name): LocalAttestationCode/LocalAttestationCode_t.o $(TrustLib_Cpp_Objects)
@$(AR) rcs $@ $^
@echo "GEN => $@"
Untrusted_LocalAttestation/%.o: Untrusted_LocalAttestation/%.cpp
@$(CXX) $(UnTrustLib_Compile_Flags) -c $< -o $@
@echo "CC <= $<"
$(UnTrustLib_Name): $(UnTrustLib_Cpp_Objects)
@$(AR) rcs $@ $^
@echo "GEN => $@"
######## App Objects ########
Enclave1/Enclave1_u.c Enclave1/Enclave1_u.h: $(SGX_EDGER8R) Enclave1/Enclave1.edl
@cd Enclave1 && $(SGX_EDGER8R) --use-prefix --untrusted ../Enclave1/Enclave1.edl --search-path $(SGX_SDK)/include
@echo "GEN => $@"
App/Enclave1_u.o: Enclave1/Enclave1_u.c
@$(CC) $(App_Compile_Flags) -c $< -o $@
@echo "CC <= $<"
Enclave2/Enclave2_u.c Enclave2/Enclave2_u.h: $(SGX_EDGER8R) Enclave2/Enclave2.edl
@cd Enclave2 && $(SGX_EDGER8R) --use-prefix --untrusted ../Enclave2/Enclave2.edl --search-path $(SGX_SDK)/include
@echo "GEN => $@"
App/Enclave2_u.o: Enclave2/Enclave2_u.c
@$(CC) $(App_Compile_Flags) -c $< -o $@
@echo "CC <= $<"
Enclave3/Enclave3_u.c Enclave3/Enclave3_u.h: $(SGX_EDGER8R) Enclave3/Enclave3.edl
@cd Enclave3 && $(SGX_EDGER8R) --use-prefix --untrusted ../Enclave3/Enclave3.edl --search-path $(SGX_SDK)/include
@echo "GEN => $@"
App/Enclave3_u.o: Enclave3/Enclave3_u.c
@$(CC) $(App_Compile_Flags) -c $< -o $@
@echo "CC <= $<"
App/%.o: App/%.cpp Enclave1/Enclave1_u.h Enclave2/Enclave2_u.h Enclave3/Enclave3_u.h
@$(CXX) $(App_Compile_Flags) -c $< -o $@
@echo "CXX <= $<"
$(App_Name): App/Enclave1_u.o App/Enclave2_u.o App/Enclave3_u.o $(App_Cpp_Objects) $(UnTrustLib_Name)
@$(CXX) $^ -o $@ $(App_Link_Flags)
@echo "LINK => $@"
######## Enclave Objects ########
Enclave1/Enclave1_t.c Enclave1/Enclave1_t.h: $(SGX_EDGER8R) Enclave1/Enclave1.edl
@cd Enclave1 && $(SGX_EDGER8R) --use-prefix --trusted ../Enclave1/Enclave1.edl --search-path $(SGX_SDK)/include
@echo "GEN => $@"
Enclave1/Enclave1_t.o: Enclave1/Enclave1_t.c
@$(CC) $(Enclave_Compile_Flags) -c $< -o $@
@echo "CC <= $<"
Enclave1/%.o: Enclave1/%.cpp Enclave1/Enclave1_t.h
@$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags) -c $< -o $@
@echo "CXX <= $<"
Enclave1.so: Enclave1/Enclave1_t.o $(Enclave_Cpp_Objects_1) $(Trust_Lib_Name)
@$(CXX) Enclave1/Enclave1_t.o $(Enclave_Cpp_Objects_1) -o $@ $(Enclave1_Link_Flags)
@echo "LINK => $@"
$(Enclave_Name_1): Enclave1.so
@$(SGX_ENCLAVE_SIGNER) sign -key Enclave1/Enclave1_private.pem -enclave Enclave1.so -out $@ -config Enclave1/Enclave1.config.xml
@echo "SIGN => $@"
Enclave2/Enclave2_t.c: $(SGX_EDGER8R) Enclave2/Enclave2.edl
@cd Enclave2 && $(SGX_EDGER8R) --use-prefix --trusted ../Enclave2/Enclave2.edl --search-path $(SGX_SDK)/include
@echo "GEN => $@"
Enclave2/Enclave2_t.o: Enclave2/Enclave2_t.c
@$(CC) $(Enclave_Compile_Flags) -c $< -o $@
@echo "CC <= $<"
Enclave2/%.o: Enclave2/%.cpp
@$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags) -c $< -o $@
@echo "CXX <= $<"
Enclave2.so: Enclave2/Enclave2_t.o $(Enclave_Cpp_Objects_2) $(Trust_Lib_Name)
@$(CXX) Enclave2/Enclave2_t.o $(Enclave_Cpp_Objects_2) -o $@ $(Enclave2_Link_Flags)
@echo "LINK => $@"
$(Enclave_Name_2): Enclave2.so
@$(SGX_ENCLAVE_SIGNER) sign -key Enclave2/Enclave2_private.pem -enclave Enclave2.so -out $@ -config Enclave2/Enclave2.config.xml
@echo "SIGN => $@"
Enclave3/Enclave3_t.c: $(SGX_EDGER8R) Enclave3/Enclave3.edl
@cd Enclave3 && $(SGX_EDGER8R) --use-prefix --trusted ../Enclave3/Enclave3.edl --search-path $(SGX_SDK)/include
@echo "GEN => $@"
Enclave3/Enclave3_t.o: Enclave3/Enclave3_t.c
@$(CC) $(Enclave_Compile_Flags) -c $< -o $@
@echo "CC <= $<"
Enclave3/%.o: Enclave3/%.cpp
@$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags) -c $< -o $@
@echo "CXX <= $<"
Enclave3.so: Enclave3/Enclave3_t.o $(Enclave_Cpp_Objects_3) $(Trust_Lib_Name)
@$(CXX) Enclave3/Enclave3_t.o $(Enclave_Cpp_Objects_3) -o $@ $(Enclave3_Link_Flags)
@echo "LINK => $@"
$(Enclave_Name_3): Enclave3.so
@$(SGX_ENCLAVE_SIGNER) sign -key Enclave3/Enclave3_private.pem -enclave Enclave3.so -out $@ -config Enclave3/Enclave3.config.xml
@echo "SIGN => $@"
######## Clean ########
.PHONY: clean
clean:
@rm -rf .config_* $(App_Name) *.so *.a App/*.o Enclave1/*.o Enclave1/*_t.* Enclave1/*_u.* Enclave2/*.o Enclave2/*_t.* Enclave2/*_u.* Enclave3/*.o Enclave3/*_t.* Enclave3/*_u.* LocalAttestationCode/*.o Untrusted_LocalAttestation/*.o LocalAttestationCode/*_t.*

29
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/README.txt
View file

@ -1,29 +0,0 @@
---------------------------
Purpose of LocalAttestation
---------------------------
The project demonstrates:
- How to establish a protected channel
- Secret message exchange using enclave to enclave function calls
------------------------------------
How to Build/Execute the Sample Code
------------------------------------
1. Install Intel(R) Software Guard Extensions (Intel(R) SGX) SDK for Linux* OS
2. Make sure your environment is set:
$ source ${sgx-sdk-install-path}/environment
3. Build the project with the prepared Makefile:
a. Hardware Mode, Debug build:
$ make
b. Hardware Mode, Pre-release build:
$ make SGX_PRERELEASE=1 SGX_DEBUG=0
c. Hardware Mode, Release build:
$ make SGX_DEBUG=0
d. Simulation Mode, Debug build:
$ make SGX_MODE=SIM
e. Simulation Mode, Pre-release build:
$ make SGX_MODE=SIM SGX_PRERELEASE=1 SGX_DEBUG=0
f. Simulation Mode, Release build:
$ make SGX_MODE=SIM SGX_DEBUG=0
4. Execute the binary directly:
$ ./app
5. Remember to "make clean" before switching build mode

194
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Untrusted_LocalAttestation/UntrustedEnclaveMessageExchange.cpp
View file

@ -1,194 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include "sgx_eid.h"
#include "error_codes.h"
#include "datatypes.h"
#include "sgx_urts.h"
#include "UntrustedEnclaveMessageExchange.h"
#include "sgx_dh.h"
#include <map>
#include <sys/ipc.h>
#include <sys/shm.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
std::map<sgx_enclave_id_t, uint32_t>g_enclave_id_map;
//Makes an sgx_ecall to the destination enclave to get session id and message1
ATTESTATION_STATUS session_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id)
{
uint32_t status = 0;
sgx_status_t ret = SGX_SUCCESS;
// wait for Enclave2 to fill msg1
printf("[OCALL IPC] Waiting for Enclave2 to generate SessionID and message1...\n");
sleep(5);
printf("[OCALL IPC] SessionID and message1 should be ready\n");
// for session id
printf("[OCALL IPC] Retriving SessionID from shared memory\n");
key_t key_session_id = ftok("../..", 3);
int shmid_session_id = shmget(key_session_id, sizeof(uint32_t), 0666|IPC_CREAT);
uint32_t* tmp_session_id = (uint32_t*)shmat(shmid_session_id, (void*)0, 0);
memcpy(session_id, tmp_session_id, sizeof(uint32_t));
shmdt(tmp_session_id);
// for msg1
printf("[OCALL IPC] Retriving message1 from shared memory\n");
key_t key_msg1 = ftok("../..", 2);
int shmid_msg1 = shmget(key_msg1, sizeof(sgx_dh_msg1_t), 0666|IPC_CREAT);
sgx_dh_msg1_t *tmp_msg1 = (sgx_dh_msg1_t*)shmat(shmid_msg1, (void*)0, 0);
memcpy(dh_msg1, tmp_msg1, sizeof(sgx_dh_msg1_t));
shmdt(tmp_msg1);
ret = SGX_SUCCESS;
if (ret == SGX_SUCCESS)
return SUCCESS;
else
return INVALID_SESSION;
}
//Makes an sgx_ecall to the destination enclave sends message2 from the source enclave and gets message 3 from the destination enclave
ATTESTATION_STATUS exchange_report_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t session_id)
{
uint32_t status = 0;
sgx_status_t ret = SGX_SUCCESS;
// for msg2 (filled by Enclave1)
printf("[OCALL IPC] Passing message2 to shared memory for Enclave2\n");
key_t key_msg2 = ftok("../..", 4);
int shmid_msg2 = shmget(key_msg2, sizeof(sgx_dh_msg2_t), 0666|IPC_CREAT);
sgx_dh_msg2_t *tmp_msg2 = (sgx_dh_msg2_t*)shmat(shmid_msg2, (void*)0, 0);
memcpy(tmp_msg2, dh_msg2, sizeof(sgx_dh_msg2_t));
shmdt(tmp_msg2);
// wait for Enclave2 to process msg2
printf("[OCALL IPC] Waiting for Enclave2 to process message2 and generate message3...\n");
sleep(5);
// retrieve msg3 (filled by Enclave2)
printf("[OCALL IPC] Message3 should be ready\n");
printf("[OCALL IPC] Retrieving message3 from shared memory\n");
key_t key_msg3 = ftok("../..", 5);
int shmid_msg3 = shmget(key_msg3, sizeof(sgx_dh_msg3_t), 0666|IPC_CREAT);
sgx_dh_msg3_t *tmp_msg3 = (sgx_dh_msg3_t*)shmat(shmid_msg3, (void*)0, 0);
memcpy(dh_msg3, tmp_msg3, sizeof(sgx_dh_msg3_t));
shmdt(tmp_msg3);
ret = SGX_SUCCESS;
if (ret == SGX_SUCCESS)
return SUCCESS;
else
return INVALID_SESSION;
}
//Make an sgx_ecall to the destination enclave function that generates the actual response
ATTESTATION_STATUS send_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id,secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size)
{
uint32_t status = 0;
sgx_status_t ret = SGX_SUCCESS;
uint32_t temp_enclave_no;
std::map<sgx_enclave_id_t, uint32_t>::iterator it = g_enclave_id_map.find(dest_enclave_id);
if(it != g_enclave_id_map.end())
{
temp_enclave_no = it->second;
}
else
{
return INVALID_SESSION;
}
switch(temp_enclave_no)
{
case 1:
ret = Enclave1_generate_response(dest_enclave_id, &status, src_enclave_id, req_message, req_message_size, max_payload_size, resp_message, resp_message_size);
break;
case 2:
ret = Enclave2_generate_response(dest_enclave_id, &status, src_enclave_id, req_message, req_message_size, max_payload_size, resp_message, resp_message_size);
break;
case 3:
ret = Enclave3_generate_response(dest_enclave_id, &status, src_enclave_id, req_message, req_message_size, max_payload_size, resp_message, resp_message_size);
break;
}
if (ret == SGX_SUCCESS)
return (ATTESTATION_STATUS)status;
else
return INVALID_SESSION;
}
//Make an sgx_ecall to the destination enclave to close the session
ATTESTATION_STATUS end_session_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id)
{
uint32_t status = 0;
sgx_status_t ret = SGX_SUCCESS;
uint32_t temp_enclave_no;
std::map<sgx_enclave_id_t, uint32_t>::iterator it = g_enclave_id_map.find(dest_enclave_id);
if(it != g_enclave_id_map.end())
{
temp_enclave_no = it->second;
}
else
{
return INVALID_SESSION;
}
switch(temp_enclave_no)
{
case 1:
ret = Enclave1_end_session(dest_enclave_id, &status, src_enclave_id);
break;
case 2:
ret = Enclave2_end_session(dest_enclave_id, &status, src_enclave_id);
break;
case 3:
ret = Enclave3_end_session(dest_enclave_id, &status, src_enclave_id);
break;
}
if (ret == SGX_SUCCESS)
return (ATTESTATION_STATUS)status;
else
return INVALID_SESSION;
}
void ocall_print_string(const char *str)
{
printf("%s", str);
}

74
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Untrusted_LocalAttestation/UntrustedEnclaveMessageExchange.h
View file

@ -1,74 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include "sgx_eid.h"
#include "error_codes.h"
#include "datatypes.h"
#include "sgx_urts.h"
#include "dh_session_protocol.h"
#include "sgx_dh.h"
#include <cstddef>
#ifndef ULOCALATTESTATION_H_
#define ULOCALATTESTATION_H_
#ifdef __cplusplus
extern "C" {
#endif
sgx_status_t Enclave1_session_request(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id);
sgx_status_t Enclave1_exchange_report(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id);
sgx_status_t Enclave1_generate_response(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size);
sgx_status_t Enclave1_end_session(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id);
sgx_status_t Enclave2_session_request(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id);
sgx_status_t Enclave2_exchange_report(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id);
sgx_status_t Enclave2_generate_response(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size);
sgx_status_t Enclave2_end_session(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id);
sgx_status_t Enclave3_session_request(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id);
sgx_status_t Enclave3_exchange_report(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id);
sgx_status_t Enclave3_generate_response(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size);
sgx_status_t Enclave3_end_session(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id);
uint32_t session_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id);
uint32_t exchange_report_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id);
uint32_t send_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size);
uint32_t end_session_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
void ocall_print_string(const char *str);
#ifdef __cplusplus
}
#endif
#endif

216
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/.cproject
View file

@ -1,216 +0,0 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<?fileVersion 4.0.0?><cproject storage_type_id="org.eclipse.cdt.core.XmlProjectDescriptionStorage">
<storageModule moduleId="org.eclipse.cdt.core.settings">
<cconfiguration id="com.intel.sgx.configuration.Sim.Debug">
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.Sim.Debug" moduleId="org.eclipse.cdt.core.settings" name="Intel(R) SGX Simulation Debug">
<externalSettings/>
<extensions>
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
</extensions>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.Sim.Debug" name="Intel(R) SGX Simulation Debug" parent="com.intel.sgx.configuration.Sim.Debug">
<folderInfo id="com.intel.sgx.configuration.Sim.Debug.935873960" name="/" resourcePath="">
<toolChain id="com.intel.sgx.toolChain.Sim.Debug.2132595457" name="Intel(R) SGX" superClass="com.intel.sgx.toolChain.Sim.Debug">
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.1678491512" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
<builder arguments="SGX_DEBUG=1 SGX_MODE=SIM -f Makefile" command="make" id="com.intel.sgx.builder2.229166714" keepEnvironmentInBuildfile="false" name="Intel(R) Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder2"/>
<tool id="com.intel.sgx.compiler.81269967" name="Intel(R) SGX" superClass="com.intel.sgx.compiler">
<option id="com.intel.sgx.option.includePath.1694375039" superClass="com.intel.sgx.option.includePath" valueType="includePath">
<listOptionValue builtIn="false" value="&quot;${SGX_SDK}/include&quot;"/>
</option>
<inputType id="com.intel.sgx.inputType.742388855" superClass="com.intel.sgx.inputType"/>
</tool>
</toolChain>
</folderInfo>
</configuration>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
</cconfiguration>
<cconfiguration id="com.intel.sgx.configuration.Sim.Release">
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.Sim.Release" moduleId="org.eclipse.cdt.core.settings" name="Intel(R) SGX Simulation">
<externalSettings/>
<extensions>
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
</extensions>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.Sim.Release" name="Intel(R) SGX Simulation" parent="com.intel.sgx.configuration.Sim.Release">
<folderInfo id="com.intel.sgx.configuration.Sim.Release.428839196" name="/" resourcePath="">
<toolChain id="com.intel.sgx.toolChain.Sim.Release.709775329" name="Intel(R) SGX" superClass="com.intel.sgx.toolChain.Sim.Release">
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.1866379479" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
<builder arguments="SGX_DEBUG=0 SGX_MODE=SIM -f Makefile" command="make" id="com.intel.sgx.builder3.1000705250" keepEnvironmentInBuildfile="false" name="Intel(R) Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder3"/>
<tool id="com.intel.sgx.compiler.301453474" name="Intel(R) SGX" superClass="com.intel.sgx.compiler">
<option id="com.intel.sgx.option.includePath.1312096753" superClass="com.intel.sgx.option.includePath" valueType="includePath">
<listOptionValue builtIn="false" value="&quot;${SGX_SDK}/include&quot;"/>
</option>
<inputType id="com.intel.sgx.inputType.596141238" superClass="com.intel.sgx.inputType"/>
</tool>
</toolChain>
</folderInfo>
</configuration>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
</cconfiguration>
<cconfiguration id="com.intel.sgx.configuration.HW.Debug">
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.HW.Debug" moduleId="org.eclipse.cdt.core.settings" name="Intel(R) SGX Hardware Debug">
<externalSettings/>
<extensions>
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
</extensions>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.HW.Debug" name="Intel(R) SGX Hardware Debug" parent="com.intel.sgx.configuration.HW.Debug">
<folderInfo id="com.intel.sgx.configuration.HW.Debug.562917509" name="/" resourcePath="">
<toolChain id="com.intel.sgx.toolChain.HW.Debug.2046051538" name="Intel(R) SGX" superClass="com.intel.sgx.toolChain.HW.Debug">
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.999277922" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
<builder arguments="SGX_DEBUG=1 SGX_MODE=HW -f Makefile" command="make" id="com.intel.sgx.builder1.577701014" keepEnvironmentInBuildfile="false" name="Intel(R) Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder1"/>
<tool id="com.intel.sgx.compiler.1898704176" name="Intel(R) SGX" superClass="com.intel.sgx.compiler">
<option id="com.intel.sgx.option.includePath.1026657138" superClass="com.intel.sgx.option.includePath" valueType="includePath">
<listOptionValue builtIn="false" value="&quot;${SGX_SDK}/include&quot;"/>
</option>
<inputType id="com.intel.sgx.inputType.393162412" superClass="com.intel.sgx.inputType"/>
</tool>
</toolChain>
</folderInfo>
</configuration>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
</cconfiguration>
<cconfiguration id="com.intel.sgx.configuration.HW.Prerelease">
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.HW.Prerelease" moduleId="org.eclipse.cdt.core.settings" name="Intel(R) SGX Hardware Prerelease">
<externalSettings/>
<extensions>
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
</extensions>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.HW.Prerelease" name="Intel(R) SGX Hardware Prerelease" parent="com.intel.sgx.configuration.HW.Prerelease">
<folderInfo id="com.intel.sgx.configuration.HW.Prerelease.2074448686" name="/" resourcePath="">
<toolChain id="com.intel.sgx.toolChain.HW.Prerelease.2016152654" name="Intel(R) SGX" superClass="com.intel.sgx.toolChain.HW.Prerelease">
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.1520324017" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
<builder arguments="SGX_PRERELEASE=1 SGX_MODE=HW -f Makefile" command="make" id="com.intel.sgx.builder5.293910513" keepEnvironmentInBuildfile="false" name="Intel(R) Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder5"/>
<tool id="com.intel.sgx.compiler.845441552" name="Intel(R) SGX" superClass="com.intel.sgx.compiler">
<option id="com.intel.sgx.option.includePath.199398937" superClass="com.intel.sgx.option.includePath" valueType="includePath">
<listOptionValue builtIn="false" value="&quot;${SGX_SDK}/include&quot;"/>
</option>
<inputType id="com.intel.sgx.inputType.1555926498" superClass="com.intel.sgx.inputType"/>
</tool>
</toolChain>
</folderInfo>
</configuration>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
</cconfiguration>
<cconfiguration id="com.intel.sgx.configuration.HW.Release">
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.HW.Release" moduleId="org.eclipse.cdt.core.settings" name="Intel(R) SGX Hardware Release">
<externalSettings/>
<extensions>
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
</extensions>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.HW.Release" name="Intel(R) SGX Hardware Release" parent="com.intel.sgx.configuration.HW.Release">
<folderInfo id="com.intel.sgx.configuration.HW.Release.1347223665" name="/" resourcePath="">
<toolChain id="com.intel.sgx.toolChain.HW.Release.1050674831" name="Intel(R) SGX" superClass="com.intel.sgx.toolChain.HW.Release">
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.987781695" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
<builder arguments="SGX_DEBUG=0 SGX_MODE=HW -f Makefile" command="make" id="com.intel.sgx.builder6.484951388" keepEnvironmentInBuildfile="false" name="Intel(R) Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder6"/>
<tool id="com.intel.sgx.compiler.945246695" name="Intel(R) SGX" superClass="com.intel.sgx.compiler">
<option id="com.intel.sgx.option.includePath.119487102" superClass="com.intel.sgx.option.includePath" valueType="includePath">
<listOptionValue builtIn="false" value="&quot;${SGX_SDK}/include&quot;"/>
</option>
<inputType id="com.intel.sgx.inputType.593431891" superClass="com.intel.sgx.inputType"/>
</tool>
</toolChain>
</folderInfo>
</configuration>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
</cconfiguration>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<project id="LocalAttestation.cdt.managedbuild.target.gnu.exe.872917958" name="Executable" projectType="cdt.managedbuild.target.gnu.exe"/>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.LanguageSettingsProviders"/>
<storageModule moduleId="refreshScope" versionNumber="2">
<configuration configurationName="Intel(R) SGX Hardware Debug">
<resource resourceType="PROJECT" workspacePath="/LocalAttestation"/>
</configuration>
<configuration configurationName="Intel(R) SGX Simulation Debug">
<resource resourceType="PROJECT" workspacePath="/LocalAttestation"/>
</configuration>
<configuration configurationName="Intel(R) SGX Hardware Prerelease">
<resource resourceType="PROJECT" workspacePath="/LocalAttestation"/>
</configuration>
<configuration configurationName="Intel(R) SGX Simulation">
<resource resourceType="PROJECT" workspacePath="/LocalAttestation"/>
</configuration>
<configuration configurationName="Intel(R) SGX Hardware Release">
<resource resourceType="PROJECT" workspacePath="/LocalAttestation"/>
</configuration>
</storageModule>
<storageModule moduleId="scannerConfiguration">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.HW.Release;com.intel.sgx.configuration.HW.Release.1347223665;com.intel.sgx.compiler.945246695;com.intel.sgx.inputType.593431891">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.Sim.Debug;com.intel.sgx.configuration.Sim.Debug.935873960;com.intel.sgx.compiler.81269967;com.intel.sgx.inputType.742388855">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.Sim.Release;com.intel.sgx.configuration.Sim.Release.428839196;com.intel.sgx.compiler.301453474;com.intel.sgx.inputType.596141238">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="cdt.managedbuild.config.gnu.exe.debug.1609650460;cdt.managedbuild.config.gnu.exe.debug.1609650460.;cdt.managedbuild.tool.gnu.c.compiler.exe.debug.1644119147;cdt.managedbuild.tool.gnu.c.compiler.input.938348551">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="cdt.managedbuild.config.gnu.exe.release.1394873887;cdt.managedbuild.config.gnu.exe.release.1394873887.;cdt.managedbuild.tool.gnu.c.compiler.exe.release.2035356548;cdt.managedbuild.tool.gnu.c.compiler.input.793813290">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.HW.Debug;com.intel.sgx.configuration.HW.Debug.562917509;com.intel.sgx.compiler.1898704176;com.intel.sgx.inputType.393162412">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.HW.Prerelease;com.intel.sgx.configuration.HW.Prerelease.2074448686;com.intel.sgx.compiler.845441552;com.intel.sgx.inputType.1555926498">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
</scannerConfigBuildInfo>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.internal.ui.text.commentOwnerProjectMappings"/>
</cproject>

28
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/.project
View file

@ -1,28 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<projectDescription>
<name>LocalAttestation</name>
<comment></comment>
<projects>
</projects>
<buildSpec>
<buildCommand>
<name>org.eclipse.cdt.managedbuilder.core.genmakebuilder</name>
<triggers>clean,full,incremental,</triggers>
<arguments>
</arguments>
</buildCommand>
<buildCommand>
<name>org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder</name>
<triggers>full,incremental,</triggers>
<arguments>
</arguments>
</buildCommand>
</buildSpec>
<natures>
<nature>org.eclipse.cdt.core.cnature</nature>
<nature>org.eclipse.cdt.managedbuilder.core.managedBuildNature</nature>
<nature>org.eclipse.cdt.managedbuilder.core.ScannerConfigNature</nature>
<nature>org.eclipse.cdt.core.ccnature</nature>
<nature>com.intel.sgx.sgxnature</nature>
</natures>
</projectDescription>

73
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/.settings/language.settings.xml
View file

@ -1,73 +0,0 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<project>
<configuration id="com.intel.sgx.configuration.Sim.Debug" name="Intel(R) SGX Simulation Debug">
<extension point="org.eclipse.cdt.core.LanguageSettingsProvider">
<provider class="org.eclipse.cdt.core.language.settings.providers.LanguageSettingsGenericProvider" id="org.eclipse.cdt.ui.UserLanguageSettingsProvider" name="CDT User Setting Entries" prefer-non-shared="true" store-entries-with-project="true">
<resource project-relative-path="">
<entry kind="includePath" name="${SGX_SDK}/include">
<flag value="LOCAL"/>
</entry>
</resource>
</provider>
<provider-reference id="org.eclipse.cdt.core.ReferencedProjectsLanguageSettingsProvider" ref="shared-provider"/>
<provider-reference id="org.eclipse.cdt.managedbuilder.core.MBSLanguageSettingsProvider" ref="shared-provider"/>
<provider-reference id="org.eclipse.cdt.managedbuilder.core.GCCBuiltinSpecsDetector" ref="shared-provider"/>
</extension>
</configuration>
<configuration id="com.intel.sgx.configuration.Sim.Release" name="Intel(R) SGX Simulation">
<extension point="org.eclipse.cdt.core.LanguageSettingsProvider">
<provider class="org.eclipse.cdt.core.language.settings.providers.LanguageSettingsGenericProvider" id="org.eclipse.cdt.ui.UserLanguageSettingsProvider" name="CDT User Setting Entries" prefer-non-shared="true" store-entries-with-project="true">
<resource project-relative-path="">
<entry kind="includePath" name="${SGX_SDK}/include">
<flag value="LOCAL"/>
</entry>
</resource>
</provider>
<provider-reference id="org.eclipse.cdt.core.ReferencedProjectsLanguageSettingsProvider" ref="shared-provider"/>
<provider-reference id="org.eclipse.cdt.managedbuilder.core.MBSLanguageSettingsProvider" ref="shared-provider"/>
<provider-reference id="org.eclipse.cdt.managedbuilder.core.GCCBuiltinSpecsDetector" ref="shared-provider"/>
</extension>
</configuration>
<configuration id="com.intel.sgx.configuration.HW.Debug" name="Intel(R) SGX Hardware Debug">
<extension point="org.eclipse.cdt.core.LanguageSettingsProvider">
<provider class="org.eclipse.cdt.core.language.settings.providers.LanguageSettingsGenericProvider" id="org.eclipse.cdt.ui.UserLanguageSettingsProvider" name="CDT User Setting Entries" prefer-non-shared="true" store-entries-with-project="true">
<resource project-relative-path="">
<entry kind="includePath" name="${SGX_SDK}/include">
<flag value="LOCAL"/>
</entry>
</resource>
</provider>
<provider-reference id="org.eclipse.cdt.core.ReferencedProjectsLanguageSettingsProvider" ref="shared-provider"/>
<provider-reference id="org.eclipse.cdt.managedbuilder.core.MBSLanguageSettingsProvider" ref="shared-provider"/>
<provider-reference id="org.eclipse.cdt.managedbuilder.core.GCCBuiltinSpecsDetector" ref="shared-provider"/>
</extension>
</configuration>
<configuration id="com.intel.sgx.configuration.HW.Prerelease" name="Intel(R) SGX Hardware Prerelease">
<extension point="org.eclipse.cdt.core.LanguageSettingsProvider">
<provider class="org.eclipse.cdt.core.language.settings.providers.LanguageSettingsGenericProvider" id="org.eclipse.cdt.ui.UserLanguageSettingsProvider" name="CDT User Setting Entries" prefer-non-shared="true" store-entries-with-project="true">
<resource project-relative-path="">
<entry kind="includePath" name="${SGX_SDK}/include">
<flag value="LOCAL"/>
</entry>
</resource>
</provider>
<provider-reference id="org.eclipse.cdt.core.ReferencedProjectsLanguageSettingsProvider" ref="shared-provider"/>
<provider-reference id="org.eclipse.cdt.managedbuilder.core.MBSLanguageSettingsProvider" ref="shared-provider"/>
<provider-reference id="org.eclipse.cdt.managedbuilder.core.GCCBuiltinSpecsDetector" ref="shared-provider"/>
</extension>
</configuration>
<configuration id="com.intel.sgx.configuration.HW.Release" name="Intel(R) SGX Hardware Release">
<extension point="org.eclipse.cdt.core.LanguageSettingsProvider">
<provider class="org.eclipse.cdt.core.language.settings.providers.LanguageSettingsGenericProvider" id="org.eclipse.cdt.ui.UserLanguageSettingsProvider" name="CDT User Setting Entries" prefer-non-shared="true" store-entries-with-project="true">
<resource project-relative-path="">
<entry kind="includePath" name="${SGX_SDK}/include">
<flag value="LOCAL"/>
</entry>
</resource>
</provider>
<provider-reference id="org.eclipse.cdt.core.ReferencedProjectsLanguageSettingsProvider" ref="shared-provider"/>
<provider-reference id="org.eclipse.cdt.managedbuilder.core.MBSLanguageSettingsProvider" ref="shared-provider"/>
<provider-reference id="org.eclipse.cdt.managedbuilder.core.GCCBuiltinSpecsDetector" ref="shared-provider"/>
</extension>
</configuration>
</project>

151
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/App/App.cpp
View file

@ -1,151 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
// App.cpp : Defines the entry point for the console application.
#include <stdio.h>
#include <map>
#include "../Enclave1/Enclave1_u.h"
#include "../Enclave2/Enclave2_u.h"
#include "../Enclave3/Enclave3_u.h"
#include "sgx_eid.h"
#include "sgx_urts.h"
#define __STDC_FORMAT_MACROS
#include <inttypes.h>
#include <sys/ipc.h>
#include <sys/shm.h>
#include <unistd.h>
#define UNUSED(val) (void)(val)
#define TCHAR char
#define _TCHAR char
#define _T(str) str
#define scanf_s scanf
#define _tmain main
extern std::map<sgx_enclave_id_t, uint32_t>g_enclave_id_map;
sgx_enclave_id_t e1_enclave_id = 0;
sgx_enclave_id_t e2_enclave_id = 0;
sgx_enclave_id_t e3_enclave_id = 0;
#define ENCLAVE1_PATH "libenclave1.so"
#define ENCLAVE2_PATH "libenclave2.so"
#define ENCLAVE3_PATH "libenclave3.so"
void waitForKeyPress()
{
char ch;
int temp;
printf("\n\nHit a key....\n");
temp = scanf_s("%c", &ch);
}
uint32_t load_enclaves()
{
uint32_t enclave_temp_no;
int ret, launch_token_updated;
sgx_launch_token_t launch_token;
enclave_temp_no = 0;
ret = sgx_create_enclave(ENCLAVE1_PATH, SGX_DEBUG_FLAG, &launch_token, &launch_token_updated, &e1_enclave_id, NULL);
if (ret != SGX_SUCCESS) {
return ret;
}
enclave_temp_no++;
g_enclave_id_map.insert(std::pair<sgx_enclave_id_t, uint32_t>(e1_enclave_id, enclave_temp_no));
return SGX_SUCCESS;
}
int _tmain(int argc, _TCHAR* argv[])
{
uint32_t ret_status;
sgx_status_t status;
UNUSED(argc);
UNUSED(argv);
if(load_enclaves() != SGX_SUCCESS)
{
printf("\nLoad Enclave Failure");
}
//printf("\nAvailable Enclaves");
//printf("\nEnclave1 - EnclaveID %" PRIx64 "\n", e1_enclave_id);
// shared memory between Enlave1 and Enclave2 to pass data
key_t key = ftok("../..", 1);
int shmid = shmget(key, 1024, 0666 | IPC_CREAT);
char *str = (char*)shmat(shmid, (void*)0, 0);
printf("[TEST IPC] Receiving from Enclave1: %s", str);
shmdt(str);
shmctl(shmid, IPC_RMID, NULL);
do
{
printf("[START] Testing create session between Enclave1 (Initiator) and Enclave2 (Responder)\n");
status = Enclave1_test_create_session(e1_enclave_id, &ret_status, e1_enclave_id, 0);
if (status!=SGX_SUCCESS)
{
printf("[END] test_create_session Ecall failed: Error code is %x\n", status);
break;
}
else
{
if(ret_status==0)
{
printf("[END] Secure Channel Establishment between Initiator (E1) and Responder (E2) Enclaves successful !!!\n");
}
else
{
printf("[END] Session establishment and key exchange failure between Initiator (E1) and Responder (E2): Error code is %x\n", ret_status);
break;
}
}
#pragma warning (push)
#pragma warning (disable : 4127)
}while(0);
#pragma warning (pop)
sgx_destroy_enclave(e1_enclave_id);
waitForKeyPress();
return 0;
}

12
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave1/Enclave1.config.xml
View file

@ -1,12 +0,0 @@
<EnclaveConfiguration>
<ProdID>0</ProdID>
<ISVSVN>0</ISVSVN>
<StackMaxSize>0x40000</StackMaxSize>
<HeapMaxSize>0x100000</HeapMaxSize>
<TCSNum>1</TCSNum>
<TCSPolicy>1</TCSPolicy>
<!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
<DisableDebug>0</DisableDebug>
<MiscSelect>0</MiscSelect>
<MiscMask>0xFFFFFFFF</MiscMask>
</EnclaveConfiguration>

367
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave1/Enclave1.cpp
View file

@ -1,367 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
// Enclave1.cpp : Defines the exported functions for the .so application
#include "sgx_eid.h"
#include "Enclave1_t.h"
#include "EnclaveMessageExchange.h"
#include "error_codes.h"
#include "Utility_E1.h"
#include "sgx_thread.h"
#include "sgx_dh.h"
#include <map>
#define UNUSED(val) (void)(val)
std::map<sgx_enclave_id_t, dh_session_t>g_src_session_info_map;
static uint32_t e1_foo1_wrapper(ms_in_msg_exchange_t *ms, size_t param_lenth, char** resp_buffer, size_t* resp_length);
//Function pointer table containing the list of functions that the enclave exposes
const struct {
size_t num_funcs;
const void* table[1];
} func_table = {
1,
{
(const void*)e1_foo1_wrapper,
}
};
//Makes use of the sample code function to establish a secure channel with the destination enclave (Test Vector)
uint32_t test_create_session(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id)
{
ATTESTATION_STATUS ke_status = SUCCESS;
dh_session_t dest_session_info;
//Core reference code function for creating a session
ke_status = create_session(src_enclave_id, dest_enclave_id, &dest_session_info);
return ke_status;
}
//Makes use of the sample code function to do an enclave to enclave call (Test Vector)
uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id)
{
ATTESTATION_STATUS ke_status = SUCCESS;
uint32_t var1,var2;
uint32_t target_fn_id, msg_type;
char* marshalled_inp_buff;
size_t marshalled_inp_buff_len;
char* out_buff;
size_t out_buff_len;
dh_session_t *dest_session_info;
size_t max_out_buff_size;
char* retval;
var1 = 0x4;
var2 = 0x5;
target_fn_id = 0;
msg_type = ENCLAVE_TO_ENCLAVE_CALL;
max_out_buff_size = 50;
//Marshals the input parameters for calling function foo1 in Enclave2 into a input buffer
ke_status = marshal_input_parameters_e2_foo1(target_fn_id, msg_type, var1, var2, &marshalled_inp_buff, &marshalled_inp_buff_len);
if(ke_status != SUCCESS)
{
return ke_status;
}
//Search the map for the session information associated with the destination enclave id of Enclave2 passed in
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
if(it != g_src_session_info_map.end())
{
dest_session_info = &it->second;
}
else
{
SAFE_FREE(marshalled_inp_buff);
return INVALID_SESSION;
}
//Core Reference Code function
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
if(ke_status != SUCCESS)
{
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
return ke_status;
}
//Un-marshal the return value and output parameters from foo1 of Enclave 2
ke_status = unmarshal_retval_and_output_parameters_e2_foo1(out_buff, &retval);
if(ke_status != SUCCESS)
{
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
return ke_status;
}
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
SAFE_FREE(retval);
return SUCCESS;
}
//Makes use of the sample code function to do a generic secret message exchange (Test Vector)
uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id)
{
ATTESTATION_STATUS ke_status = SUCCESS;
uint32_t target_fn_id, msg_type;
char* marshalled_inp_buff;
size_t marshalled_inp_buff_len;
char* out_buff;
size_t out_buff_len;
dh_session_t *dest_session_info;
size_t max_out_buff_size;
char* secret_response;
uint32_t secret_data;
target_fn_id = 0;
msg_type = MESSAGE_EXCHANGE;
max_out_buff_size = 50;
secret_data = 0x12345678; //Secret Data here is shown only for purpose of demonstration.
//Marshals the secret data into a buffer
ke_status = marshal_message_exchange_request(target_fn_id, msg_type, secret_data, &marshalled_inp_buff, &marshalled_inp_buff_len);
if(ke_status != SUCCESS)
{
return ke_status;
}
//Search the map for the session information associated with the destination enclave id passed in
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
if(it != g_src_session_info_map.end())
{
dest_session_info = &it->second;
}
else
{
SAFE_FREE(marshalled_inp_buff);
return INVALID_SESSION;
}
//Core Reference Code function
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
if(ke_status != SUCCESS)
{
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
return ke_status;
}
//Un-marshal the secret response data
ke_status = umarshal_message_exchange_response(out_buff, &secret_response);
if(ke_status != SUCCESS)
{
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
return ke_status;
}
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
SAFE_FREE(secret_response);
return SUCCESS;
}
//Makes use of the sample code function to close a current session
uint32_t test_close_session(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id)
{
dh_session_t dest_session_info;
ATTESTATION_STATUS ke_status = SUCCESS;
//Search the map for the session information associated with the destination enclave id passed in
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
if(it != g_src_session_info_map.end())
{
dest_session_info = it->second;
}
else
{
return NULL;
}
//Core reference code function for closing a session
ke_status = close_session(src_enclave_id, dest_enclave_id);
//Erase the session information associated with the destination enclave id
g_src_session_info_map.erase(dest_enclave_id);
return ke_status;
}
//Function that is used to verify the trust of the other enclave
//Each enclave can have its own way verifying the peer enclave identity
extern "C" uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity)
{
if(!peer_enclave_identity)
{
return INVALID_PARAMETER_ERROR;
}
if(peer_enclave_identity->isv_prod_id != 0 || !(peer_enclave_identity->attributes.flags & SGX_FLAGS_INITTED))
// || peer_enclave_identity->attributes.xfrm !=3)// || peer_enclave_identity->mr_signer != xx //TODO: To be hardcoded with values to check
{
return ENCLAVE_TRUST_ERROR;
}
else
{
return SUCCESS;
}
}
//Dispatcher function that calls the approriate enclave function based on the function id
//Each enclave can have its own way of dispatching the calls from other enclave
extern "C" uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data,
size_t decrypted_data_length,
char** resp_buffer,
size_t* resp_length)
{
ms_in_msg_exchange_t *ms;
uint32_t (*fn1)(ms_in_msg_exchange_t *ms, size_t, char**, size_t*);
if(!decrypted_data || !resp_length)
{
return INVALID_PARAMETER_ERROR;
}
ms = (ms_in_msg_exchange_t *)decrypted_data;
if(ms->target_fn_id >= func_table.num_funcs)
{
return INVALID_PARAMETER_ERROR;
}
fn1 = (uint32_t (*)(ms_in_msg_exchange_t*, size_t, char**, size_t*))func_table.table[ms->target_fn_id];
return fn1(ms, decrypted_data_length, resp_buffer, resp_length);
}
//Operates on the input secret and generates the output secret
uint32_t get_message_exchange_response(uint32_t inp_secret_data)
{
uint32_t secret_response;
//User should use more complex encryption method to protect their secret, below is just a simple example
secret_response = inp_secret_data & 0x11111111;
return secret_response;
}
//Generates the response from the request message
extern "C" uint32_t message_exchange_response_generator(char* decrypted_data,
char** resp_buffer,
size_t* resp_length)
{
ms_in_msg_exchange_t *ms;
uint32_t inp_secret_data;
uint32_t out_secret_data;
if(!decrypted_data || !resp_length)
{
return INVALID_PARAMETER_ERROR;
}
ms = (ms_in_msg_exchange_t *)decrypted_data;
if(umarshal_message_exchange_request(&inp_secret_data,ms) != SUCCESS)
return ATTESTATION_ERROR;
out_secret_data = get_message_exchange_response(inp_secret_data);
if(marshal_message_exchange_response(resp_buffer, resp_length, out_secret_data) != SUCCESS)
return MALLOC_ERROR;
return SUCCESS;
}
static uint32_t e1_foo1(external_param_struct_t *p_struct_var)
{
if(!p_struct_var)
{
return INVALID_PARAMETER_ERROR;
}
(p_struct_var->var1)++;
(p_struct_var->var2)++;
(p_struct_var->p_internal_struct->ivar1)++;
(p_struct_var->p_internal_struct->ivar2)++;
return (p_struct_var->var1 + p_struct_var->var2 + p_struct_var->p_internal_struct->ivar1 + p_struct_var->p_internal_struct->ivar2);
}
//Function which is executed on request from the source enclave
static uint32_t e1_foo1_wrapper(ms_in_msg_exchange_t *ms,
size_t param_lenth,
char** resp_buffer,
size_t* resp_length)
{
UNUSED(param_lenth);
uint32_t ret;
size_t len_data, len_ptr_data;
external_param_struct_t *p_struct_var;
internal_param_struct_t internal_struct_var;
if(!ms || !resp_length)
{
return INVALID_PARAMETER_ERROR;
}
p_struct_var = (external_param_struct_t*)malloc(sizeof(external_param_struct_t));
if(!p_struct_var)
return MALLOC_ERROR;
p_struct_var->p_internal_struct = &internal_struct_var;
if(unmarshal_input_parameters_e1_foo1(p_struct_var, ms) != SUCCESS)//can use the stack
{
SAFE_FREE(p_struct_var);
return ATTESTATION_ERROR;
}
ret = e1_foo1(p_struct_var);
len_data = sizeof(external_param_struct_t) - sizeof(p_struct_var->p_internal_struct);
len_ptr_data = sizeof(internal_struct_var);
if(marshal_retval_and_output_parameters_e1_foo1(resp_buffer, resp_length, ret, p_struct_var, len_data, len_ptr_data) != SUCCESS)
{
SAFE_FREE(p_struct_var);
return MALLOC_ERROR;
}
SAFE_FREE(p_struct_var);
return SUCCESS;
}

43
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave1/Enclave1.edl
View file

@ -1,43 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
enclave {
include "sgx_eid.h"
from "../LocalAttestationCode/LocalAttestationCode.edl" import *;
from "sgx_tstdc.edl" import *;
trusted{
public uint32_t test_create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
public uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
public uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
public uint32_t test_close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
};
};

10
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave1/Enclave1.lds
View file

@ -1,10 +0,0 @@
Enclave1.so
{
global:
g_global_data_sim;
g_global_data;
enclave_entry;
g_peak_heap_used;
local:
*;
};

39
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave1/Enclave1_private.pem
View file

@ -1,39 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIG4wIBAAKCAYEAuJh4w/KzndQhzEqwH6Ut/3BmOom5CN117KT1/cemEbDLPhn0
c5yjAfe4NL1qtGqz0RTK9X9BBSi89b6BrsM9S6c2cUJaeYAPrAtJ+IuzN/5BAmmf
RXbPccETd7rHvDdQ9KBRjCipTx+H0D5nOB76S5PZPVrduwrCmSqVFmLNVWWfPYQx
YewbJ2QfEfioICZFYR0Jou38mJqDTl+CH0gLAuQ4n1kdpQ3VGymzt3oUiPzf5ImJ
oZh5HjarRRiWV+cyNyXYJTnx0dOtFQDgd8HhniagbRB0ZOIt6599JjMkWGkVP0Ni
U/NIlXG5musU35GfLB8MbTcxblMNm9sMYz1R8y/eAreoPTXUhtK8NG2TEywRh3UP
RF9/jM9WczjQXxJ3RznKOwNVwg4cRY2AOqD2vb1iGSqyc/WMzVULgfclkcScp75/
Auz9Y6473CQvaxyrseSWHGwCG7KG1GxYE8Bg8T6OlYD4mzKggoMdwVLAzUepRaPZ
5hqRDZzbTGUxJ+GLAgEDAoIBgHsQUIKhzRPiwTLcdWpuHqpK7tGxJgXo+Uht+VPa
brZ13NQRTaJobKv6es3TnHhHIotjMfj/gK4bKKPUVnSCKN0aJEuBkaZVX8gHhqWy
d3qpgKxGai5PNPaAt6UnL9LPi03ANl1wcN9qWorURNAUpt0NO348k9IHLGYcY2RB
3jjuaikCy5adZ2+YFLalxWrELkC+BmyeqGW8V4mVAWowB1dC0Go7aRiz42dxInpR
YwX96phbsRZlphQkci4QZDqaIFg3ndzTO5bo704zaMcbWtEjmFrYRyb519tRoDkN
Y0rGwOxFANeRV5dSfGGLm7K5JztiuHN0nMu3PhY4LOV0SeZ4+5sYn0LzB2nyKqgy
/c3AA2OG34DEdGxxh94kD66iKFVPyJG38/gnu9CsGmrLl3n4fgutPEVIbPdSSjex
4Y9EQfcnqImPxTrpP9CqD208VPcQHD/uy8s9q3961Ew3RPdHMZ8amIJdXkOmPEme
KZ7SG+VENBaj8r038iq1mPzcWwKBwQDcvJg75LfVuKX+cWMrTO2+MFVcEFiZ/NB/
gh7mgL6lCleROVa9P6iR2Wn6vHq8nP5BkChehm/rXEG78fgXEMoArimF7FrrICfI
4yB0opDJz/tWrE/62impN7OR8Ce+RQThFj4RTnibQEEVt++JMUXFiMKLdWDSpC2i
tNWnlTOb7d89bk0yk62IoLElCZK/MIMxkCHBKW6YgrmvlPJKQwpA6Z3wQbUpE6Rb
9f8xJfxZGEJPH0s3Ds9A0CVuEt8OOXcCgcEA1hXTHhhgmb2gIUJgIcvrpkDmiLux
EG6ZoyLt6h5QwzScS6KKU1mcoJyVDd0wlt7mEXrPYYHWUWPuvpTQ8/4ZGMw7FCZe
bakhnwRbw36FlLwRG35wCF6nQO1XFBKRGto15ivfTyDvMpJBdtNpET5NwT/ifDF3
OWS7t6TGhtcfnvBad5S1AgGoAq+q/huFiBGpDbxJ+1xh0lNL5Z8nVypvPWomNpde
rpLuwRPEIb+GBfQ9Hp5AjRXVsPjKnkHsnl2NAoHBAJMoZX1DJTklw/72Qhzd89Qg
OOgK5bv94FUBae8Afxixj7YmOdN/xbaQ8VHS/H29/tZgGumu9UeS1n1L+roLMVXJ
cQPy50dqxTCXavhsYIaKp48diqc8G8YlImFKxSmDWJYO1AuJpbzVgLklSlt2LoOw
gbJOQIxtc8HN48UOImfz6ij0M3cNHlsVy24GYdTLAiEKwStw9GWse8pjTDGCBtXx
E/WBI3C3wuf5VMtuqDtlgYoU3M9fNNXgGPQMlLQmTwKBwQCOuTdpZZW708AWLEAW
h/Ju1e8F0nYK9GZswfPxaYsszb2HwbGM5mhrEw4JPiBklJlg/IpBATmLl/R/DeCi
qWYQiCdixD7zxhZqAufXqa5jKAtnqaAFlG+AnjoNYbYR5s6ZcpTfa0ohttZPN5tg
1DPWKpb9dk97mH0lGIRZ5L+/Sub6YyNWq8VXH8dUElkFYRtefYankuvhjN1Dv2+P
cZ9+RsQkZOnJt0nWDS1r1QQD+Ci/FCsIuTkgpdxpgUhpk7MCgcEAkfkmaBDb7DG2
Kc39R6ZZuPnV10w+WOpph7ugwcguG/E0wGq+jFWv6HFckCPeHT4BNtOk8Dem/kPp
teF51eAuFWEefj2tScvlSBBPcnla+WzMWXrlxVnajTt73w+oT2Ql//WhgREpsNfx
SvU80YPVu4GJfl+hhxBifLx+0FM20OESW93qFRc3p040bNrDY9JIZuly/y5zaiBa
mRZF9H8P+x3Lu5AJpdXQEOMZ/XJ/xkoWWjbTojkmgOmmZSMLd5Te
-----END RSA PRIVATE KEY-----

222
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave1/Utility_E1.cpp
View file

@ -1,222 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include "sgx_eid.h"
#include "EnclaveMessageExchange.h"
#include "error_codes.h"
#include "Utility_E1.h"
#include "stdlib.h"
#include "string.h"
uint32_t marshal_input_parameters_e2_foo1(uint32_t target_fn_id, uint32_t msg_type, uint32_t var1, uint32_t var2, char** marshalled_buff, size_t* marshalled_buff_len)
{
ms_in_msg_exchange_t *ms;
size_t param_len, ms_len;
char *temp_buff;
param_len = sizeof(var1)+sizeof(var2);
temp_buff = (char*)malloc(param_len);
if(!temp_buff)
return MALLOC_ERROR;
memcpy(temp_buff,&var1,sizeof(var1));
memcpy(temp_buff+sizeof(var1),&var2,sizeof(var2));
ms_len = sizeof(ms_in_msg_exchange_t) + param_len;
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
if(!ms)
{
SAFE_FREE(temp_buff);
return MALLOC_ERROR;
}
ms->msg_type = msg_type;
ms->target_fn_id = target_fn_id;
ms->inparam_buff_len = (uint32_t)param_len;
memcpy(&ms->inparam_buff, temp_buff, param_len);
*marshalled_buff = (char*)ms;
*marshalled_buff_len = ms_len;
SAFE_FREE(temp_buff);
return SUCCESS;
}
uint32_t unmarshal_retval_and_output_parameters_e2_foo1(char* out_buff, char** retval)
{
size_t retval_len;
ms_out_msg_exchange_t *ms;
if(!out_buff)
return INVALID_PARAMETER_ERROR;
ms = (ms_out_msg_exchange_t *)out_buff;
retval_len = ms->retval_len;
*retval = (char*)malloc(retval_len);
if(!*retval)
return MALLOC_ERROR;
memcpy(*retval, ms->ret_outparam_buff, retval_len);
return SUCCESS;
}
uint32_t unmarshal_input_parameters_e1_foo1(external_param_struct_t *pstruct, ms_in_msg_exchange_t* ms)
{
char* buff;
size_t len;
if(!pstruct || !ms)
return INVALID_PARAMETER_ERROR;
buff = ms->inparam_buff;
len = ms->inparam_buff_len;
if(len != (sizeof(pstruct->var1)+sizeof(pstruct->var2)+sizeof(pstruct->p_internal_struct->ivar1)+sizeof(pstruct->p_internal_struct->ivar2)))
return ATTESTATION_ERROR;
memcpy(&pstruct->var1, buff, sizeof(pstruct->var1));
memcpy(&pstruct->var2, buff + sizeof(pstruct->var1), sizeof(pstruct->var2));
memcpy(&pstruct->p_internal_struct->ivar1, buff+(sizeof(pstruct->var1)+sizeof(pstruct->var2)), sizeof(pstruct->p_internal_struct->ivar1));
memcpy(&pstruct->p_internal_struct->ivar2, buff+(sizeof(pstruct->var1)+sizeof(pstruct->var2)+sizeof(pstruct->p_internal_struct->ivar1)), sizeof(pstruct->p_internal_struct->ivar2));
return SUCCESS;
}
uint32_t marshal_retval_and_output_parameters_e1_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval, external_param_struct_t *p_struct_var, size_t len_data, size_t len_ptr_data)
{
ms_out_msg_exchange_t *ms;
size_t param_len, ms_len, ret_param_len;;
char *temp_buff;
int* addr;
char* struct_data;
size_t retval_len;
if(!resp_length || !p_struct_var)
return INVALID_PARAMETER_ERROR;
retval_len = sizeof(retval);
struct_data = (char*)p_struct_var;
param_len = len_data + len_ptr_data;
ret_param_len = param_len + retval_len;
addr = *(int **)(struct_data + len_data);
temp_buff = (char*)malloc(ret_param_len);
if(!temp_buff)
return MALLOC_ERROR;
memcpy(temp_buff, &retval, sizeof(retval));
memcpy(temp_buff + sizeof(retval), struct_data, len_data);
memcpy(temp_buff + sizeof(retval) + len_data, addr, len_ptr_data);
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
if(!ms)
{
SAFE_FREE(temp_buff);
return MALLOC_ERROR;
}
ms->retval_len = (uint32_t)retval_len;
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
memcpy(&ms->ret_outparam_buff, temp_buff, ret_param_len);
*resp_buffer = (char*)ms;
*resp_length = ms_len;
SAFE_FREE(temp_buff);
return SUCCESS;
}
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len)
{
ms_in_msg_exchange_t *ms;
size_t secret_data_len, ms_len;
if(!marshalled_buff_len)
return INVALID_PARAMETER_ERROR;
secret_data_len = sizeof(secret_data);
ms_len = sizeof(ms_in_msg_exchange_t) + secret_data_len;
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
if(!ms)
return MALLOC_ERROR;
ms->msg_type = msg_type;
ms->target_fn_id = target_fn_id;
ms->inparam_buff_len = (uint32_t)secret_data_len;
memcpy(&ms->inparam_buff, &secret_data, secret_data_len);
*marshalled_buff = (char*)ms;
*marshalled_buff_len = ms_len;
return SUCCESS;
}
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms)
{
char* buff;
size_t len;
if(!inp_secret_data || !ms)
return INVALID_PARAMETER_ERROR;
buff = ms->inparam_buff;
len = ms->inparam_buff_len;
if(len != sizeof(uint32_t))
return ATTESTATION_ERROR;
memcpy(inp_secret_data, buff, sizeof(uint32_t));
return SUCCESS;
}
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response)
{
ms_out_msg_exchange_t *ms;
size_t secret_response_len, ms_len;
size_t retval_len, ret_param_len;
if(!resp_length)
return INVALID_PARAMETER_ERROR;
secret_response_len = sizeof(secret_response);
retval_len = secret_response_len;
ret_param_len = secret_response_len;
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
if(!ms)
return MALLOC_ERROR;
ms->retval_len = (uint32_t)retval_len;
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
memcpy(&ms->ret_outparam_buff, &secret_response, secret_response_len);
*resp_buffer = (char*)ms;
*resp_length = ms_len;
return SUCCESS;
}
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response)
{
size_t retval_len;
ms_out_msg_exchange_t *ms;
if(!out_buff)
return INVALID_PARAMETER_ERROR;
ms = (ms_out_msg_exchange_t *)out_buff;
retval_len = ms->retval_len;
*secret_response = (char*)malloc(retval_len);
if(!*secret_response)
{
return MALLOC_ERROR;
}
memcpy(*secret_response, ms->ret_outparam_buff, retval_len);
return SUCCESS;
}

65
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave1/Utility_E1.h
View file

@ -1,65 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef UTILITY_E1_H__
#define UTILITY_E1_H__
#include "stdint.h"
typedef struct _internal_param_struct_t
{
uint32_t ivar1;
uint32_t ivar2;
}internal_param_struct_t;
typedef struct _external_param_struct_t
{
uint32_t var1;
uint32_t var2;
internal_param_struct_t *p_internal_struct;
}external_param_struct_t;
#ifdef __cplusplus
extern "C" {
#endif
uint32_t marshal_input_parameters_e2_foo1(uint32_t target_fn_id, uint32_t msg_type, uint32_t var1, uint32_t var2, char** marshalled_buff, size_t* marshalled_buff_len);
uint32_t unmarshal_retval_and_output_parameters_e2_foo1(char* out_buff, char** retval);
uint32_t unmarshal_input_parameters_e1_foo1(external_param_struct_t *pstruct, ms_in_msg_exchange_t* ms);
uint32_t marshal_retval_and_output_parameters_e1_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval, external_param_struct_t *p_struct_var, size_t len_data, size_t len_ptr_data);
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len);
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms);
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response);
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response);
#ifdef __cplusplus
}
#endif
#endif

12
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave2/Enclave2.config.xml
View file

@ -1,12 +0,0 @@
<EnclaveConfiguration>
<ProdID>0</ProdID>
<ISVSVN>0</ISVSVN>
<StackMaxSize>0x40000</StackMaxSize>
<HeapMaxSize>0x100000</HeapMaxSize>
<TCSNum>1</TCSNum>
<TCSPolicy>1</TCSPolicy>
<!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
<DisableDebug>0</DisableDebug>
<MiscSelect>0</MiscSelect>
<MiscMask>0xFFFFFFFF</MiscMask>
</EnclaveConfiguration>

339
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave2/Enclave2.cpp
View file

@ -1,339 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
// Enclave2.cpp : Defines the exported functions for the DLL application
#include "sgx_eid.h"
#include "Enclave2_t.h"
#include "EnclaveMessageExchange.h"
#include "error_codes.h"
#include "Utility_E2.h"
#include "sgx_thread.h"
#include "sgx_dh.h"
#include <map>
#define UNUSED(val) (void)(val)
std::map<sgx_enclave_id_t, dh_session_t>g_src_session_info_map;
static uint32_t e2_foo1_wrapper(ms_in_msg_exchange_t *ms, size_t param_lenth, char** resp_buffer, size_t* resp_length);
//Function pointer table containing the list of functions that the enclave exposes
const struct {
size_t num_funcs;
const void* table[1];
} func_table = {
1,
{
(const void*)e2_foo1_wrapper,
}
};
//Makes use of the sample code function to establish a secure channel with the destination enclave
uint32_t test_create_session(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id)
{
ATTESTATION_STATUS ke_status = SUCCESS;
dh_session_t dest_session_info;
//Core reference code function for creating a session
ke_status = create_session(src_enclave_id, dest_enclave_id,&dest_session_info);
if(ke_status == SUCCESS)
{
//Insert the session information into the map under the corresponding destination enclave id
g_src_session_info_map.insert(std::pair<sgx_enclave_id_t, dh_session_t>(dest_enclave_id, dest_session_info));
}
memset(&dest_session_info, 0, sizeof(dh_session_t));
return ke_status;
}
//Makes use of the sample code function to do an enclave to enclave call (Test Vector)
uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id)
{
ATTESTATION_STATUS ke_status = SUCCESS;
param_struct_t *p_struct_var, struct_var;
uint32_t target_fn_id, msg_type;
char* marshalled_inp_buff;
size_t marshalled_inp_buff_len;
char* out_buff;
size_t out_buff_len;
dh_session_t *dest_session_info;
size_t max_out_buff_size;
char* retval;
max_out_buff_size = 50;
target_fn_id = 0;
msg_type = ENCLAVE_TO_ENCLAVE_CALL;
struct_var.var1 = 0x3;
struct_var.var2 = 0x4;
p_struct_var = &struct_var;
//Marshals the input parameters for calling function foo1 in Enclave3 into a input buffer
ke_status = marshal_input_parameters_e3_foo1(target_fn_id, msg_type, p_struct_var, &marshalled_inp_buff, &marshalled_inp_buff_len);
if(ke_status != SUCCESS)
{
return ke_status;
}
//Search the map for the session information associated with the destination enclave id passed in
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
if(it != g_src_session_info_map.end())
{
dest_session_info = &it->second;
}
else
{
SAFE_FREE(marshalled_inp_buff);
return INVALID_SESSION;
}
//Core Reference Code function
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
if(ke_status != SUCCESS)
{
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
return ke_status;
}
//Un-marshal the return value and output parameters from foo1 of Enclave3
ke_status = unmarshal_retval_and_output_parameters_e3_foo1(out_buff, p_struct_var, &retval);
if(ke_status != SUCCESS)
{
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
return ke_status;
}
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
SAFE_FREE(retval);
return SUCCESS;
}
//Makes use of the sample code function to do a generic secret message exchange (Test Vector)
uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id)
{
ATTESTATION_STATUS ke_status = SUCCESS;
uint32_t target_fn_id, msg_type;
char* marshalled_inp_buff;
size_t marshalled_inp_buff_len;
char* out_buff;
size_t out_buff_len;
dh_session_t *dest_session_info;
size_t max_out_buff_size;
char* secret_response;
uint32_t secret_data;
target_fn_id = 0;
msg_type = MESSAGE_EXCHANGE;
max_out_buff_size = 50;
secret_data = 0x12345678; //Secret Data here is shown only for purpose of demonstration.
//Marshals the secret data into a buffer
ke_status = marshal_message_exchange_request(target_fn_id, msg_type, secret_data, &marshalled_inp_buff, &marshalled_inp_buff_len);
if(ke_status != SUCCESS)
{
return ke_status;
}
//Search the map for the session information associated with the destination enclave id passed in
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
if(it != g_src_session_info_map.end())
{
dest_session_info = &it->second;
}
else
{
SAFE_FREE(marshalled_inp_buff);
return INVALID_SESSION;
}
//Core Reference Code function
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
if(ke_status != SUCCESS)
{
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
return ke_status;
}
//Un-marshal the secret response data
ke_status = umarshal_message_exchange_response(out_buff, &secret_response);
if(ke_status != SUCCESS)
{
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
return ke_status;
}
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
SAFE_FREE(secret_response);
return SUCCESS;
}
//Makes use of the sample code function to close a current session
uint32_t test_close_session(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id)
{
dh_session_t dest_session_info;
ATTESTATION_STATUS ke_status = SUCCESS;
//Search the map for the session information associated with the destination enclave id passed in
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
if(it != g_src_session_info_map.end())
{
dest_session_info = it->second;
}
else
{
return NULL;
}
//Core reference code function for closing a session
ke_status = close_session(src_enclave_id, dest_enclave_id);
//Erase the session information associated with the destination enclave id
g_src_session_info_map.erase(dest_enclave_id);
return ke_status;
}
//Function that is used to verify the trust of the other enclave
//Each enclave can have its own way verifying the peer enclave identity
extern "C" uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity)
{
if(!peer_enclave_identity)
{
return INVALID_PARAMETER_ERROR;
}
if(peer_enclave_identity->isv_prod_id != 0 || !(peer_enclave_identity->attributes.flags & SGX_FLAGS_INITTED))
// || peer_enclave_identity->attributes.xfrm !=3)// || peer_enclave_identity->mr_signer != xx //TODO: To be hardcoded with values to check
{
return ENCLAVE_TRUST_ERROR;
}
else
{
return SUCCESS;
}
}
//Dispatch function that calls the approriate enclave function based on the function id
//Each enclave can have its own way of dispatching the calls from other enclave
extern "C" uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data,
size_t decrypted_data_length,
char** resp_buffer,
size_t* resp_length)
{
ms_in_msg_exchange_t *ms;
uint32_t (*fn1)(ms_in_msg_exchange_t *ms, size_t, char**, size_t*);
if(!decrypted_data || !resp_length)
{
return INVALID_PARAMETER_ERROR;
}
ms = (ms_in_msg_exchange_t *)decrypted_data;
if(ms->target_fn_id >= func_table.num_funcs)
{
return INVALID_PARAMETER_ERROR;
}
fn1 = (uint32_t (*)(ms_in_msg_exchange_t*, size_t, char**, size_t*))func_table.table[ms->target_fn_id];
return fn1(ms, decrypted_data_length, resp_buffer, resp_length);
}
//Operates on the input secret and generates the output secret
uint32_t get_message_exchange_response(uint32_t inp_secret_data)
{
uint32_t secret_response;
//User should use more complex encryption method to protect their secret, below is just a simple example
secret_response = inp_secret_data & 0x11111111;
return secret_response;
}
//Generates the response from the request message
extern "C" uint32_t message_exchange_response_generator(char* decrypted_data,
char** resp_buffer,
size_t* resp_length)
{
ms_in_msg_exchange_t *ms;
uint32_t inp_secret_data;
uint32_t out_secret_data;
if(!decrypted_data || !resp_length)
{
return INVALID_PARAMETER_ERROR;
}
ms = (ms_in_msg_exchange_t *)decrypted_data;
if(umarshal_message_exchange_request(&inp_secret_data,ms) != SUCCESS)
return ATTESTATION_ERROR;
out_secret_data = get_message_exchange_response(inp_secret_data);
if(marshal_message_exchange_response(resp_buffer, resp_length, out_secret_data) != SUCCESS)
return MALLOC_ERROR;
return SUCCESS;
}
static uint32_t e2_foo1(uint32_t var1, uint32_t var2)
{
return(var1 + var2);
}
//Function which is executed on request from the source enclave
static uint32_t e2_foo1_wrapper(ms_in_msg_exchange_t *ms,
size_t param_lenth,
char** resp_buffer,
size_t* resp_length)
{
UNUSED(param_lenth);
uint32_t var1,var2,ret;
if(!ms || !resp_length)
{
return INVALID_PARAMETER_ERROR;
}
if(unmarshal_input_parameters_e2_foo1(&var1, &var2, ms) != SUCCESS)
return ATTESTATION_ERROR;
ret = e2_foo1(var1, var2);
if(marshal_retval_and_output_parameters_e2_foo1(resp_buffer, resp_length, ret) != SUCCESS )
return MALLOC_ERROR; //can set resp buffer to null here
return SUCCESS;
}

43
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave2/Enclave2.edl
View file

@ -1,43 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
enclave {
include "sgx_eid.h"
from "../LocalAttestationCode/LocalAttestationCode.edl" import *;
from "sgx_tstdc.edl" import *;
trusted{
public uint32_t test_create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
public uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
public uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
public uint32_t test_close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
};
};

10
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave2/Enclave2.lds
View file

@ -1,10 +0,0 @@
Enclave2.so
{
global:
g_global_data_sim;
g_global_data;
enclave_entry;
g_peak_heap_used;
local:
*;
};

39
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave2/Enclave2_private.pem
View file

@ -1,39 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIG4gIBAAKCAYEAroOogvsj/fZDZY8XFdkl6dJmky0lRvnWMmpeH41Bla6U1qLZ
AmZuyIF+mQC/cgojIsrBMzBxb1kKqzATF4+XwPwgKz7fmiddmHyYz2WDJfAjIveJ
ZjdMjM4+EytGlkkJ52T8V8ds0/L2qKexJ+NBLxkeQLfV8n1mIk7zX7jguwbCG1Pr
nEMdJ3Sew20vnje+RsngAzdPChoJpVsWi/K7cettX/tbnre1DL02GXc5qJoQYk7b
3zkmhz31TgFrd9VVtmUGyFXAysuSAb3EN+5VnHGr0xKkeg8utErea2FNtNIgua8H
ONfm9Eiyaav1SVKzPHlyqLtcdxH3I8Wg7yqMsaprZ1n5A1v/levxnL8+It02KseD
5HqV4rf/cImSlCt3lpRg8U5E1pyFQ2IVEC/XTDMiI3c+AR+w2jSRB3Bwn9zJtFlW
KHG3m1xGI4ck+Lci1JvWWLXQagQSPtZTsubxTQNx1gsgZhgv1JHVZMdbVlAbbRMC
1nSuJNl7KPAS/VfzAgEDAoIBgHRXxaynbVP5gkO0ug6Qw/E27wzIw4SmjsxG6Wpe
K7kfDeRskKxESdsA/xCrKkwGwhcx1iIgS5+Qscd1Yg+1D9X9asd/P7waPmWoZd+Z
AhlKwhdPsO7PiF3e1AzHhGQwsUTt/Y/aSI1MpHBvy2/s1h9mFCslOUxTmWw0oj/Q
ldIEgWeNR72CE2+jFIJIyml6ftnb6qzPiga8Bm48ubKh0kvySOqnkmnPzgh+JBD6
JnBmtZbfPT97bwTT+N6rnPqOOApvfHPf15kWI8yDbprG1l4OCUaIUH1AszxLd826
5IPM+8gINLRDP1MA6azECPjTyHXhtnSIBZCyWSVkc05vYmNXYUNiXWMajcxW9M02
wKzFELO8NCEAkaTPxwo4SCyIjUxiK1LbQ9h8PSy4c1+gGP4LAMR8xqP4QKg6zdu9
osUGG/xRe/uufgTBFkcjqBHtK5L5VI0jeNIUAgW/6iNbYXjBMJ0GfauLs+g1VsOm
WfdgXzsb9DYdMa0OXXHypmV4GwKBwQDUwQj8RKJ6c8cT4vcWCoJvJF00+RFL+P3i
Gx2DLERxRrDa8AVGfqaCjsR+3vLgG8V/py+z+dxZYSqeB80Qeo6PDITcRKoeAYh9
xlT3LJOS+k1cJcEmlbbO2IjLkTmzSwa80fWexKu8/Xv6vv15gpqYl1ngYoqJM3pd
vzmTIOi7MKSZ0WmEQavrZj8zK4endE3v0eAEeQ55j1GImbypSf7Idh7wOXtjZ7WD
Dg6yWDrri+AP/L3gClMj8wsAxMV4ZR8CgcEA0fzDHkFa6raVOxWnObmRoDhAtE0a
cjUj976NM5yyfdf2MrKy4/RhdTiPZ6b08/lBC/+xRfV3xKVGzacm6QjqjZrUpgHC
0LKiZaMtccCJjLtPwQd0jGQEnKfMFaPsnhOc5y8qVkCzVOSthY5qhz0XNotHHFmJ
gffVgB0iqrMTvSL7IA2yqqpOqNRlhaYhNl8TiFP3gIeMtVa9rZy31JPgT2uJ+kfo
gV7sdTPEjPWZd7OshGxWpT6QfVDj/T9T7L6tAoHBAI3WBf2DFvxNL2KXT2QHAZ9t
k3imC4f7U+wSE6zILaDZyzygA4RUbwG0gv8/TJVn2P/Eynf76DuWHGlaiLWnCbSz
Az2DHBQBBaku409zDQym3j1ugMRjzzSQWzJg0SIyBH3hTmnYcn3+Uqcp/lEBvGW6
O+rsXFt3pukqJmIV8HzLGGaLm62BHUeZf3dyWm+i3p/hQAL7Xvu04QW70xuGqdr5
afV7p5eaeQIJXyGQJ0eylV/90+qxjMKiB1XYg6WYvwKBwQCL/ddpgOdHJGN8uRom
e7Zq0Csi3hGheMKlKbN3vcxT5U7MdyHtTZZOJbTvxKNNUNYH/8uD+PqDGNneb29G
BfGzvI3EASyLIcGZF3OhKwZd0jUrWk2y7Vhob91jwp2+t73vdMbkKyI4mHOuXvGv
fg95si9oO7EBT+Oqvhccd2J+F1IVXncccYnF4u5ZGWt5lLewN/pVr7MjjykeaHqN
t+rfnQam2psA6fL4zS2zTmZPzR2tnY8Y1GBTi0Ko1OKd1HMCgcAb5cB/7/AQlhP9
yQa04PLH9ygQkKKptZp7dy5WcWRx0K/hAHRoi2aw1wZqfm7VBNu2SLcs90kCCCxp
6C5sfJi6b8NpNbIPC+sc9wsFr7pGo9SFzQ78UlcWYK2Gu2FxlMjonhka5hvo4zvg
WxlpXKEkaFt3gLd92m/dMqBrHfafH7VwOJY2zT3WIpjwuk0ZzmRg5p0pG/svVQEH
NZmwRwlopysbR69B/n1nefJ84UO50fLh5s5Zr3gBRwbWNZyzhXk=
-----END RSA PRIVATE KEY-----

213
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave2/Utility_E2.cpp
View file

@ -1,213 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include "sgx_eid.h"
#include "EnclaveMessageExchange.h"
#include "error_codes.h"
#include "Utility_E2.h"
#include "stdlib.h"
#include "string.h"
uint32_t marshal_input_parameters_e3_foo1(uint32_t target_fn_id, uint32_t msg_type, param_struct_t *p_struct_var, char** marshalled_buff, size_t* marshalled_buff_len)
{
ms_in_msg_exchange_t *ms;
size_t param_len, ms_len;
char *temp_buff;
if(!p_struct_var || !marshalled_buff_len)
return INVALID_PARAMETER_ERROR;
param_len = sizeof(param_struct_t);
temp_buff = (char*)malloc(param_len);
if(!temp_buff)
return MALLOC_ERROR;
memcpy(temp_buff, p_struct_var, sizeof(param_struct_t)); //can be optimized
ms_len = sizeof(ms_in_msg_exchange_t) + param_len;
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
if(!ms)
{
SAFE_FREE(temp_buff);
return MALLOC_ERROR;
}
ms->msg_type = msg_type;
ms->target_fn_id = target_fn_id;
ms->inparam_buff_len = (uint32_t)param_len;
memcpy(&ms->inparam_buff, temp_buff, param_len);
*marshalled_buff = (char*)ms;
*marshalled_buff_len = ms_len;
SAFE_FREE(temp_buff);
return SUCCESS;
}
uint32_t unmarshal_retval_and_output_parameters_e3_foo1(char* out_buff, param_struct_t *p_struct_var, char** retval)
{
size_t retval_len;
ms_out_msg_exchange_t *ms;
if(!out_buff)
return INVALID_PARAMETER_ERROR;
ms = (ms_out_msg_exchange_t *)out_buff;
retval_len = ms->retval_len;
*retval = (char*)malloc(retval_len);
if(!*retval)
{
return MALLOC_ERROR;
}
memcpy(*retval, ms->ret_outparam_buff, retval_len);
memcpy(&p_struct_var->var1, (ms->ret_outparam_buff) + retval_len, sizeof(p_struct_var->var1));
memcpy(&p_struct_var->var2, (ms->ret_outparam_buff) + retval_len + sizeof(p_struct_var->var1), sizeof(p_struct_var->var2));
return SUCCESS;
}
uint32_t unmarshal_input_parameters_e2_foo1(uint32_t* var1, uint32_t* var2, ms_in_msg_exchange_t* ms)
{
char* buff;
size_t len;
if(!var1 || !var2 || !ms)
return INVALID_PARAMETER_ERROR;
buff = ms->inparam_buff;
len = ms->inparam_buff_len;
if(len != (sizeof(*var1) + sizeof(*var2)))
return ATTESTATION_ERROR;
memcpy(var1, buff, sizeof(*var1));
memcpy(var2, buff + sizeof(*var1), sizeof(*var2));
return SUCCESS;
}
uint32_t marshal_retval_and_output_parameters_e2_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval)
{
ms_out_msg_exchange_t *ms;
size_t ret_param_len, ms_len;
char *temp_buff;
size_t retval_len;
if(!resp_length)
return INVALID_PARAMETER_ERROR;
retval_len = sizeof(retval);
ret_param_len = retval_len; //no out parameters
temp_buff = (char*)malloc(ret_param_len);
if(!temp_buff)
return MALLOC_ERROR;
memcpy(temp_buff, &retval, sizeof(retval));
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
if(!ms)
{
SAFE_FREE(temp_buff);
return MALLOC_ERROR;
}
ms->retval_len = (uint32_t)retval_len;
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
memcpy(&ms->ret_outparam_buff, temp_buff, ret_param_len);
*resp_buffer = (char*)ms;
*resp_length = ms_len;
SAFE_FREE(temp_buff);
return SUCCESS;
}
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len)
{
ms_in_msg_exchange_t *ms;
size_t secret_data_len, ms_len;
if(!marshalled_buff_len)
return INVALID_PARAMETER_ERROR;
secret_data_len = sizeof(secret_data);
ms_len = sizeof(ms_in_msg_exchange_t) + secret_data_len;
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
if(!ms)
return MALLOC_ERROR;
ms->msg_type = msg_type;
ms->target_fn_id = target_fn_id;
ms->inparam_buff_len = (uint32_t)secret_data_len;
memcpy(&ms->inparam_buff, &secret_data, secret_data_len);
*marshalled_buff = (char*)ms;
*marshalled_buff_len = ms_len;
return SUCCESS;
}
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms)
{
char* buff;
size_t len;
if(!inp_secret_data || !ms)
return INVALID_PARAMETER_ERROR;
buff = ms->inparam_buff;
len = ms->inparam_buff_len;
if(len != sizeof(uint32_t))
return ATTESTATION_ERROR;
memcpy(inp_secret_data, buff, sizeof(uint32_t));
return SUCCESS;
}
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response)
{
ms_out_msg_exchange_t *ms;
size_t secret_response_len, ms_len;
size_t retval_len, ret_param_len;
if(!resp_length)
return INVALID_PARAMETER_ERROR;
secret_response_len = sizeof(secret_response);
retval_len = secret_response_len;
ret_param_len = secret_response_len;
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
if(!ms)
return MALLOC_ERROR;
ms->retval_len = (uint32_t)retval_len;
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
memcpy(&ms->ret_outparam_buff, &secret_response, secret_response_len);
*resp_buffer = (char*)ms;
*resp_length = ms_len;
return SUCCESS;
}
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response)
{
size_t retval_len;
ms_out_msg_exchange_t *ms;
if(!out_buff)
return INVALID_PARAMETER_ERROR;
ms = (ms_out_msg_exchange_t *)out_buff;
retval_len = ms->retval_len;
*secret_response = (char*)malloc(retval_len);
if(!*secret_response)
{
return MALLOC_ERROR;
}
memcpy(*secret_response, ms->ret_outparam_buff, retval_len);
return SUCCESS;
}

59
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave2/Utility_E2.h
View file

@ -1,59 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef UTILITY_E2_H__
#define UTILITY_E2_H__
#include "stdint.h"
typedef struct _param_struct_t
{
uint32_t var1;
uint32_t var2;
}param_struct_t;
#ifdef __cplusplus
extern "C" {
#endif
uint32_t marshal_input_parameters_e3_foo1(uint32_t target_fn_id, uint32_t msg_type, param_struct_t *p_struct_var, char** marshalled_buff, size_t* marshalled_buff_len);
uint32_t unmarshal_retval_and_output_parameters_e3_foo1(char* out_buff, param_struct_t *p_struct_var, char** retval);
uint32_t unmarshal_input_parameters_e2_foo1(uint32_t* var1, uint32_t* var2, ms_in_msg_exchange_t* ms);
uint32_t marshal_retval_and_output_parameters_e2_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval);
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len);
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms);
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response);
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response);
#ifdef __cplusplus
}
#endif
#endif

12
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave3/Enclave3.config.xml
View file

@ -1,12 +0,0 @@
<EnclaveConfiguration>
<ProdID>0</ProdID>
<ISVSVN>0</ISVSVN>
<StackMaxSize>0x40000</StackMaxSize>
<HeapMaxSize>0x100000</HeapMaxSize>
<TCSNum>1</TCSNum>
<TCSPolicy>1</TCSPolicy>
<!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
<DisableDebug>0</DisableDebug>
<MiscSelect>0</MiscSelect>
<MiscMask>0xFFFFFFFF</MiscMask>
</EnclaveConfiguration>

366
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave3/Enclave3.cpp
View file

@ -1,366 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
// Enclave3.cpp : Defines the exported functions for the DLL application
#include "sgx_eid.h"
#include "Enclave3_t.h"
#include "EnclaveMessageExchange.h"
#include "error_codes.h"
#include "Utility_E3.h"
#include "sgx_thread.h"
#include "sgx_dh.h"
#include <map>
#define UNUSED(val) (void)(val)
std::map<sgx_enclave_id_t, dh_session_t>g_src_session_info_map;
static uint32_t e3_foo1_wrapper(ms_in_msg_exchange_t *ms, size_t param_lenth, char** resp_buffer, size_t* resp_length);
//Function pointer table containing the list of functions that the enclave exposes
const struct {
size_t num_funcs;
const void* table[1];
} func_table = {
1,
{
(const void*)e3_foo1_wrapper,
}
};
//Makes use of the sample code function to establish a secure channel with the destination enclave
uint32_t test_create_session(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id)
{
ATTESTATION_STATUS ke_status = SUCCESS;
dh_session_t dest_session_info;
//Core reference code function for creating a session
ke_status = create_session(src_enclave_id, dest_enclave_id,&dest_session_info);
if(ke_status == SUCCESS)
{
//Insert the session information into the map under the corresponding destination enclave id
g_src_session_info_map.insert(std::pair<sgx_enclave_id_t, dh_session_t>(dest_enclave_id, dest_session_info));
}
memset(&dest_session_info, 0, sizeof(dh_session_t));
return ke_status;
}
//Makes use of the sample code function to do an enclave to enclave call (Test Vector)
uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id)
{
ATTESTATION_STATUS ke_status = SUCCESS;
external_param_struct_t *p_struct_var, struct_var;
internal_param_struct_t internal_struct_var;
uint32_t target_fn_id, msg_type;
char* marshalled_inp_buff;
size_t marshalled_inp_buff_len;
char* out_buff;
size_t out_buff_len;
dh_session_t *dest_session_info;
size_t max_out_buff_size;
char* retval;
max_out_buff_size = 50;
msg_type = ENCLAVE_TO_ENCLAVE_CALL;
target_fn_id = 0;
internal_struct_var.ivar1 = 0x5;
internal_struct_var.ivar2 = 0x6;
struct_var.var1 = 0x3;
struct_var.var2 = 0x4;
struct_var.p_internal_struct = &internal_struct_var;
p_struct_var = &struct_var;
size_t len_data = sizeof(struct_var) - sizeof(struct_var.p_internal_struct);
size_t len_ptr_data = sizeof(internal_struct_var);
//Marshals the input parameters for calling function foo1 in Enclave1 into a input buffer
ke_status = marshal_input_parameters_e1_foo1(target_fn_id, msg_type, p_struct_var, len_data,
len_ptr_data, &marshalled_inp_buff, &marshalled_inp_buff_len);
if(ke_status != SUCCESS)
{
return ke_status;
}
//Search the map for the session information associated with the destination enclave id passed in
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
if(it != g_src_session_info_map.end())
{
dest_session_info = &it->second;
}
else
{
SAFE_FREE(marshalled_inp_buff);
return INVALID_SESSION;
}
//Core Reference Code function
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info,
marshalled_inp_buff, marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
if(ke_status != SUCCESS)
{
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
return ke_status;
}
////Un-marshal the return value and output parameters from foo1 of Enclave1
ke_status = unmarshal_retval_and_output_parameters_e1_foo1(out_buff, p_struct_var, &retval);
if(ke_status != SUCCESS)
{
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
return ke_status;
}
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
SAFE_FREE(retval);
return SUCCESS;
}
//Makes use of the sample code function to do a generic secret message exchange (Test Vector)
uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id)
{
ATTESTATION_STATUS ke_status = SUCCESS;
uint32_t target_fn_id, msg_type;
char* marshalled_inp_buff;
size_t marshalled_inp_buff_len;
char* out_buff;
size_t out_buff_len;
dh_session_t *dest_session_info;
size_t max_out_buff_size;
char* secret_response;
uint32_t secret_data;
target_fn_id = 0;
msg_type = MESSAGE_EXCHANGE;
max_out_buff_size = 50;
secret_data = 0x12345678; //Secret Data here is shown only for purpose of demonstration.
//Marshals the parameters into a buffer
ke_status = marshal_message_exchange_request(target_fn_id, msg_type, secret_data, &marshalled_inp_buff, &marshalled_inp_buff_len);
if(ke_status != SUCCESS)
{
return ke_status;
}
//Search the map for the session information associated with the destination enclave id passed in
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
if(it != g_src_session_info_map.end())
{
dest_session_info = &it->second;
}
else
{
SAFE_FREE(marshalled_inp_buff);
return INVALID_SESSION;
}
//Core Reference Code function
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
if(ke_status != SUCCESS)
{
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
return ke_status;
}
//Un-marshal the secret response data
ke_status = umarshal_message_exchange_response(out_buff, &secret_response);
if(ke_status != SUCCESS)
{
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
return ke_status;
}
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
SAFE_FREE(secret_response);
return SUCCESS;
}
//Makes use of the sample code function to close a current session
uint32_t test_close_session(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id)
{
dh_session_t dest_session_info;
ATTESTATION_STATUS ke_status = SUCCESS;
//Search the map for the session information associated with the destination enclave id passed in
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
if(it != g_src_session_info_map.end())
{
dest_session_info = it->second;
}
else
{
return NULL;
}
//Core reference code function for closing a session
ke_status = close_session(src_enclave_id, dest_enclave_id);
//Erase the session information associated with the destination enclave id
g_src_session_info_map.erase(dest_enclave_id);
return ke_status;
}
//Function that is used to verify the trust of the other enclave
//Each enclave can have its own way verifying the peer enclave identity
extern "C" uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity)
{
if(!peer_enclave_identity)
{
return INVALID_PARAMETER_ERROR;
}
if(peer_enclave_identity->isv_prod_id != 0 || !(peer_enclave_identity->attributes.flags & SGX_FLAGS_INITTED))
// || peer_enclave_identity->attributes.xfrm !=3)// || peer_enclave_identity->mr_signer != xx //TODO: To be hardcoded with values to check
{
return ENCLAVE_TRUST_ERROR;
}
else
{
return SUCCESS;
}
}
//Dispatch function that calls the approriate enclave function based on the function id
//Each enclave can have its own way of dispatching the calls from other enclave
extern "C" uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data,
size_t decrypted_data_length,
char** resp_buffer,
size_t* resp_length)
{
ms_in_msg_exchange_t *ms;
uint32_t (*fn1)(ms_in_msg_exchange_t *ms, size_t, char**, size_t*);
if(!decrypted_data || !resp_length)
{
return INVALID_PARAMETER_ERROR;
}
ms = (ms_in_msg_exchange_t *)decrypted_data;
if(ms->target_fn_id >= func_table.num_funcs)
{
return INVALID_PARAMETER_ERROR;
}
fn1 = (uint32_t (*)(ms_in_msg_exchange_t*, size_t, char**, size_t*))func_table.table[ms->target_fn_id];
return fn1(ms, decrypted_data_length, resp_buffer, resp_length);
}
//Operates on the input secret and generates the output secret
uint32_t get_message_exchange_response(uint32_t inp_secret_data)
{
uint32_t secret_response;
//User should use more complex encryption method to protect their secret, below is just a simple example
secret_response = inp_secret_data & 0x11111111;
return secret_response;
}
//Generates the response from the request message
extern "C" uint32_t message_exchange_response_generator(char* decrypted_data,
char** resp_buffer,
size_t* resp_length)
{
ms_in_msg_exchange_t *ms;
uint32_t inp_secret_data;
uint32_t out_secret_data;
if(!decrypted_data || !resp_length)
{
return INVALID_PARAMETER_ERROR;
}
ms = (ms_in_msg_exchange_t *)decrypted_data;
if(umarshal_message_exchange_request(&inp_secret_data,ms) != SUCCESS)
return ATTESTATION_ERROR;
out_secret_data = get_message_exchange_response(inp_secret_data);
if(marshal_message_exchange_response(resp_buffer, resp_length, out_secret_data) != SUCCESS)
return MALLOC_ERROR;
return SUCCESS;
}
static uint32_t e3_foo1(param_struct_t *p_struct_var)
{
if(!p_struct_var)
{
return INVALID_PARAMETER_ERROR;
}
p_struct_var->var1++;
p_struct_var->var2++;
return(p_struct_var->var1 * p_struct_var->var2);
}
//Function which is executed on request from the source enclave
static uint32_t e3_foo1_wrapper(ms_in_msg_exchange_t *ms,
size_t param_lenth,
char** resp_buffer,
size_t* resp_length)
{
UNUSED(param_lenth);
uint32_t ret;
param_struct_t *p_struct_var;
if(!ms || !resp_length)
{
return INVALID_PARAMETER_ERROR;
}
p_struct_var = (param_struct_t*)malloc(sizeof(param_struct_t));
if(!p_struct_var)
return MALLOC_ERROR;
if(unmarshal_input_parameters_e3_foo1(p_struct_var, ms) != SUCCESS)
{
SAFE_FREE(p_struct_var);
return ATTESTATION_ERROR;
}
ret = e3_foo1(p_struct_var);
if(marshal_retval_and_output_parameters_e3_foo1(resp_buffer, resp_length, ret, p_struct_var) != SUCCESS)
{
SAFE_FREE(p_struct_var);
return MALLOC_ERROR;
}
SAFE_FREE(p_struct_var);
return SUCCESS;
}

42
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave3/Enclave3.edl
View file

@ -1,42 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
enclave {
include "sgx_eid.h"
from "../LocalAttestationCode/LocalAttestationCode.edl" import *;
from "sgx_tstdc.edl" import *;
trusted{
public uint32_t test_create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
public uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
public uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
public uint32_t test_close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
};
};

10
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave3/Enclave3.lds
View file

@ -1,10 +0,0 @@
Enclave3.so
{
global:
g_global_data_sim;
g_global_data;
enclave_entry;
g_peak_heap_used;
local:
*;
};

39
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave3/Enclave3_private.pem
View file

@ -1,39 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIG4wIBAAKCAYEA0MvI9NpdP4GEqCvtlJQv00OybzTXzxBhPu/257VYt9cYw/ph
BN1WRyxBBcrZs15xmcvlb3xNmFGWs4w5oUgrFBNgi6g+CUOCsj0cM8xw7P/y3K0H
XaZUf+T3CXCp8NvlkZHzfdWAFA5lGGR9g6kmuk7SojE3h87Zm1KjPU/PvAe+BaMU
trlRr4gPNVnu19Vho60xwuswPxfl/pBFUIk7qWEUR3l2hiqWMeLgf3Ays/WSnkXA
uijwPt5g0hxsgIlyDrI3jKbf0zkFB56jvPwSykfU8aw4Gkbo5qSZxUAKnwH2L8Uf
yM6inBaaYtM79icRwsu45Yt6X0GAt7CSb/1TKBrnm5exmK1sug3YSQ/YuK1FYawU
vIaDD0YfzOndTNVBewA+Hr5xNPvqGJoRKHuGbyu2lI9jrKYpVxQWsmx38wnxF6kE
zX6N4m7KZiLeLpDdBVQtLuOzIdIE4wT3t/ckeqElxO/1Ut9bj765GcTTrYwMKHRw
ukWIH7ZtHtAjj0KzAgEDAoIBgQCLMoX4kZN/q63Fcp5jDXU3gnb0zeU0tZYp9U9F
I5B6j2XX/ECt6OQvctYD3JEiPvZmh+5KUt5li7nNCCZrhXINYkBdGtQGLQHMKL13
3aCd//c9yK+TxDhVQ09boHFLPUO2YUz+jlVitENlmFOtG28m3zcWy3paieZnjGzT
iop9Wn6ubLh50OEfsAojkUnlOOvCc3aB8iAqD+6ptYOLBifGQLgvpk8EHGQhQer/
oCHNTmG+2SsmxfV/Pus2vZ2rBkrUbZU0hwrnvKOIPhnt3Qwtmx9xsC67jF+MpWko
UisJXC27FAGz2gpIGMhBp35HEppwG9hhCuMQdK2g62bvweyr1tC4qOVdQrKvhksN
r6CMjS9eSXvmWdF7lU4oxStN0V56/LICSIsLbggUaxTPKhAVEgfTSqwEJoQuFA3Q
4GmgTydPhcRH1L/lhbWJqZQm7V1Gt+5i5J6iATD32uNQQ2iZi5GsUhr+jZC+WlE5
6lS813cRNiaK52HIk62bG7IXOksCgcEA+6RxZhQ5GaCPYZNsk7TqxqsKopXKoYAr
2R4KWuexJTd+1kcNMk0ETX8OSgpY2cYL2uPFWmdutxPpLfpr8S2u92Da/Wxs70Ti
QSb0426ybTmnS5L7nOnGOHiddXILhW175liAszTeoR7nQ6vpr9YjfcnrXiB8bKIm
akft2DQoxrBPzEe9tA8gfkyDTsSG2j7kncSbvYRtkKcJOmmypotVU6uhRPSrSXCc
J59uBQkg6Bk4CKA1mz8ctG07MluFY0/ZAoHBANRpZlfIFl39gFmuEER7lb80GySO
J190LbqOca3dGOvAMsDgEAi6juJyX7ZNpbHFHj++LvmTtw9+kxhVDBcswS7304kt
7J2EfnGdctEZtXif1wiq30YWAp1tjRpQENKtt9wssmgcwgK39rZNiEHmStHGv3l+
5TnKPKeuFCDnsLvi5lQYoK2wTYvZtsjf+Rnt7H17q90IV54pMjTS8BkGskCkKf2A
IYuaZkqX0T3cM6ovoYYDAU6rWL5rrYPLEwkbawKBwQCnwvZEDXtmawpBDPMNI0cv
HLHBuTHBAB07aVw8mnYYz6nkL14hiK2I/17cBuXmhAfnQoORmknPYptz/Ef2HnSk
6zyo8vNKLewrb03s9Hbze8TdDKe98S7QUGj49rJY86fu5asiIz8WFJotHUZ1OWz+
hpzpav2dwW7xhUk6zXCEdYqIL9PNX2r+3azfLa88Ke2+gxJ+WEkLGgYm8SHEXOON
HRYt+HIw9b1vv56uBhXwENAFwCO81L3Nnid2565CNTsCgcEAjZuZj9q5k/5VkR61
gv0Of3gSGF7E6k1z0bRLyT4QnSrMgJVgBdG0lvbqeYkZIS4UKn7J+7fPX6m3ZY4I
D3MrdKU3sMlIaQL+9mj3NhEjpb/ksHHqLrlXE55eEYq14cklPXMhmr3WrHqkeYkF
gUQx4S8qUP9De9wob8liwJp10pdEOBBrHnWJB+Z52z/7Zp6dqP0dPgWPvsYheIyg
EK8hgG1xU6rBB7xEMbqLfpLNHB/BBAIA3xzl1EfJAodiBhJHAoHAeTS2znDHYayI
TvK86tBAPVORiBVTSdRUONdGF3dipo24hyeyrI5MtiOoMc3sKWXnSTkDQWa3WiPx
qStBmmO/SbGTuz7T6+oOwGeMiYzYBe87Ayn8Y0KYYshFikieJbGusHjUlIGmCVPy
UHrDMYGwFGUGBwW47gBsnZa+YPHtxWCPDe/U80et2Trx0RXJJQPmupAVMSiJWObI
9k5gRU+xDqkHanyD1gkGGwhFTUNX94EJEOdQEWw3hxLnVtePoke/
-----END RSA PRIVATE KEY-----

223
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave3/Utility_E3.cpp
View file

@ -1,223 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include "sgx_eid.h"
#include "EnclaveMessageExchange.h"
#include "error_codes.h"
#include "Utility_E3.h"
#include "stdlib.h"
#include "string.h"
uint32_t marshal_input_parameters_e1_foo1(uint32_t target_fn_id, uint32_t msg_type, external_param_struct_t *p_struct_var, size_t len_data, size_t len_ptr_data, char** marshalled_buff, size_t* marshalled_buff_len)
{
ms_in_msg_exchange_t *ms;
size_t param_len, ms_len;
char *temp_buff;
int* addr;
char* struct_data;
if(!p_struct_var || !marshalled_buff_len)
return INVALID_PARAMETER_ERROR;
struct_data = (char*)p_struct_var;
temp_buff = (char*)malloc(len_data + len_ptr_data);
if(!temp_buff)
return MALLOC_ERROR;
memcpy(temp_buff, struct_data, len_data);
addr = *(int **)(struct_data + len_data);
memcpy(temp_buff + len_data, addr, len_ptr_data); //can be optimized
param_len = len_data + len_ptr_data;
ms_len = sizeof(ms_in_msg_exchange_t) + param_len;
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
if(!ms)
{
SAFE_FREE(temp_buff);
return MALLOC_ERROR;
}
ms->msg_type = msg_type;
ms->target_fn_id = target_fn_id;
ms->inparam_buff_len = (uint32_t)param_len;
memcpy(&ms->inparam_buff, temp_buff, param_len);
*marshalled_buff = (char*)ms;
*marshalled_buff_len = ms_len;
SAFE_FREE(temp_buff);
return SUCCESS;
}
uint32_t marshal_retval_and_output_parameters_e3_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval, param_struct_t *p_struct_var)
{
ms_out_msg_exchange_t *ms;
size_t ret_param_len, ms_len;
char *temp_buff;
size_t retval_len;
if(!resp_length || !p_struct_var)
return INVALID_PARAMETER_ERROR;
retval_len = sizeof(retval);
ret_param_len = sizeof(retval) + sizeof(param_struct_t);
temp_buff = (char*)malloc(ret_param_len);
if(!temp_buff)
return MALLOC_ERROR;
memcpy(temp_buff, &retval, sizeof(retval));
memcpy(temp_buff + sizeof(retval), p_struct_var, sizeof(param_struct_t));
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
if(!ms)
{
SAFE_FREE(temp_buff);
return MALLOC_ERROR;
}
ms->retval_len = (uint32_t)retval_len;
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
memcpy(&ms->ret_outparam_buff, temp_buff, ret_param_len);
*resp_buffer = (char*)ms;
*resp_length = ms_len;
SAFE_FREE(temp_buff);
return SUCCESS;
}
uint32_t unmarshal_input_parameters_e3_foo1(param_struct_t *pstruct, ms_in_msg_exchange_t* ms)
{
char* buff;
size_t len;
if(!pstruct || !ms)
return INVALID_PARAMETER_ERROR;
buff = ms->inparam_buff;
len = ms->inparam_buff_len;
if(len != (sizeof(pstruct->var1) + sizeof(pstruct->var2)))
return ATTESTATION_ERROR;
memcpy(&pstruct->var1, buff, sizeof(pstruct->var1));
memcpy(&pstruct->var2, buff + sizeof(pstruct->var1), sizeof(pstruct->var2));
return SUCCESS;
}
uint32_t unmarshal_retval_and_output_parameters_e1_foo1(char* out_buff, external_param_struct_t *p_struct_var, char** retval)
{
size_t retval_len;
ms_out_msg_exchange_t *ms;
if(!out_buff || !p_struct_var)
return INVALID_PARAMETER_ERROR;
ms = (ms_out_msg_exchange_t *)out_buff;
retval_len = ms->retval_len;
*retval = (char*)malloc(retval_len);
if(!*retval)
{
return MALLOC_ERROR;
}
memcpy(*retval, ms->ret_outparam_buff, retval_len);
memcpy(&p_struct_var->var1, (ms->ret_outparam_buff) + retval_len, sizeof(p_struct_var->var1));
memcpy(&p_struct_var->var2, (ms->ret_outparam_buff) + retval_len + sizeof(p_struct_var->var1), sizeof(p_struct_var->var2));
memcpy(&p_struct_var->p_internal_struct->ivar1, (ms->ret_outparam_buff) + retval_len + sizeof(p_struct_var->var1)+ sizeof(p_struct_var->var2), sizeof(p_struct_var->p_internal_struct->ivar1));
memcpy(&p_struct_var->p_internal_struct->ivar2, (ms->ret_outparam_buff) + retval_len + sizeof(p_struct_var->var1)+ sizeof(p_struct_var->var2) + sizeof(p_struct_var->p_internal_struct->ivar1), sizeof(p_struct_var->p_internal_struct->ivar2));
return SUCCESS;
}
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len)
{
ms_in_msg_exchange_t *ms;
size_t secret_data_len, ms_len;
if(!marshalled_buff_len)
return INVALID_PARAMETER_ERROR;
secret_data_len = sizeof(secret_data);
ms_len = sizeof(ms_in_msg_exchange_t) + secret_data_len;
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
if(!ms)
return MALLOC_ERROR;
ms->msg_type = msg_type;
ms->target_fn_id = target_fn_id;
ms->inparam_buff_len = (uint32_t)secret_data_len;
memcpy(&ms->inparam_buff, &secret_data, secret_data_len);
*marshalled_buff = (char*)ms;
*marshalled_buff_len = ms_len;
return SUCCESS;
}
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms)
{
char* buff;
size_t len;
if(!inp_secret_data || !ms)
return INVALID_PARAMETER_ERROR;
buff = ms->inparam_buff;
len = ms->inparam_buff_len;
if(len != sizeof(uint32_t))
return ATTESTATION_ERROR;
memcpy(inp_secret_data, buff, sizeof(uint32_t));
return SUCCESS;
}
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response)
{
ms_out_msg_exchange_t *ms;
size_t secret_response_len, ms_len;
size_t retval_len, ret_param_len;
if(!resp_length)
return INVALID_PARAMETER_ERROR;
secret_response_len = sizeof(secret_response);
retval_len = secret_response_len;
ret_param_len = secret_response_len;
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
if(!ms)
return MALLOC_ERROR;
ms->retval_len = (uint32_t)retval_len;
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
memcpy(&ms->ret_outparam_buff, &secret_response, secret_response_len);
*resp_buffer = (char*)ms;
*resp_length = ms_len;
return SUCCESS;
}
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response)
{
size_t retval_len;
ms_out_msg_exchange_t *ms;
if(!out_buff)
return INVALID_PARAMETER_ERROR;
ms = (ms_out_msg_exchange_t *)out_buff;
retval_len = ms->retval_len;
*secret_response = (char*)malloc(retval_len);
if(!*secret_response)
{
return MALLOC_ERROR;
}
memcpy(*secret_response, ms->ret_outparam_buff, retval_len);
return SUCCESS;
}

73
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave3/Utility_E3.h
View file

@ -1,73 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef UTILITY_E3_H__
#define UTILITY_E3_H__
#include "stdint.h"
typedef struct _internal_param_struct_t
{
uint32_t ivar1;
uint32_t ivar2;
}internal_param_struct_t;
typedef struct _external_param_struct_t
{
uint32_t var1;
uint32_t var2;
internal_param_struct_t *p_internal_struct;
}external_param_struct_t;
typedef struct _param_struct_t
{
uint32_t var1;
uint32_t var2;
}param_struct_t;
#ifdef __cplusplus
extern "C" {
#endif
uint32_t marshal_input_parameters_e1_foo1(uint32_t target_fn_id, uint32_t msg_type, external_param_struct_t *p_struct_var, size_t len_data, size_t len_ptr_data, char** marshalled_buff, size_t* marshalled_buff_len);
uint32_t unmarshal_retval_and_output_parameters_e1_foo1(char* out_buff, external_param_struct_t *p_struct_var, char** retval);
uint32_t unmarshal_input_parameters_e3_foo1(param_struct_t *pstruct, ms_in_msg_exchange_t* ms);
uint32_t marshal_retval_and_output_parameters_e3_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval, param_struct_t *p_struct_var);
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len);
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms);
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response);
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response);
#ifdef __cplusplus
}
#endif
#endif

68
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Include/dh_session_protocol.h
View file

@ -1,68 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef _DH_SESSION_PROROCOL_H
#define _DH_SESSION_PROROCOL_H
#include "sgx_ecp_types.h"
#include "sgx_key.h"
#include "sgx_report.h"
#include "sgx_attributes.h"
#define NONCE_SIZE 16
#define MAC_SIZE 16
#define MSG_BUF_LEN sizeof(ec_pub_t)*2
#define MSG_HASH_SZ 32
//Session information structure
typedef struct _la_dh_session_t
{
uint32_t session_id; //Identifies the current session
uint32_t status; //Indicates session is in progress, active or closed
union
{
struct
{
sgx_dh_session_t dh_session;
}in_progress;
struct
{
sgx_key_128bit_t AEK; //Session Key
uint32_t counter; //Used to store Message Sequence Number
}active;
};
} dh_session_t;
#endif

760
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/LocalAttestationCode/EnclaveMessageExchange.cpp
View file

@ -1,760 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include "sgx_trts.h"
#include "sgx_utils.h"
#include "EnclaveMessageExchange.h"
#include "sgx_eid.h"
#include "error_codes.h"
#include "sgx_ecp_types.h"
#include "sgx_thread.h"
#include <map>
#include "dh_session_protocol.h"
#include "sgx_dh.h"
#include "sgx_tcrypto.h"
#include "LocalAttestationCode_t.h"
#ifdef __cplusplus
extern "C" {
#endif
uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data, size_t decrypted_data_length, char** resp_buffer, size_t* resp_length);
uint32_t message_exchange_response_generator(char* decrypted_data, char** resp_buffer, size_t* resp_length);
uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity);
#ifdef __cplusplus
}
#endif
#define MAX_SESSION_COUNT 16
//number of open sessions
uint32_t g_session_count = 0;
ATTESTATION_STATUS generate_session_id(uint32_t *session_id);
ATTESTATION_STATUS end_session(sgx_enclave_id_t src_enclave_id);
//Array of open session ids
session_id_tracker_t *g_session_id_tracker[MAX_SESSION_COUNT];
//Map between the source enclave id and the session information associated with that particular session
std::map<sgx_enclave_id_t, dh_session_t>g_dest_session_info_map;
//Create a session with the destination enclave
ATTESTATION_STATUS create_session(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id,
dh_session_t *session_info)
{
ocall_print_string("[ECALL] create_session()\n");
sgx_dh_msg1_t dh_msg1; //Diffie-Hellman Message 1
sgx_key_128bit_t dh_aek; // Session Key
sgx_dh_msg2_t dh_msg2; //Diffie-Hellman Message 2
sgx_dh_msg3_t dh_msg3; //Diffie-Hellman Message 3
uint32_t session_id;
uint32_t retstatus;
sgx_status_t status = SGX_SUCCESS;
sgx_dh_session_t sgx_dh_session;
sgx_dh_session_enclave_identity_t responder_identity;
// for exchange report
// ATTESTATION_STATUS status = SUCCESS;
sgx_dh_session_enclave_identity_t initiator_identity;
if(!session_info)
{
return INVALID_PARAMETER_ERROR;
}
memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
memset(&dh_msg1, 0, sizeof(sgx_dh_msg1_t));
memset(&dh_msg2, 0, sizeof(sgx_dh_msg2_t));
memset(&dh_msg3, 0, sizeof(sgx_dh_msg3_t));
memset(session_info, 0, sizeof(dh_session_t));
//Intialize the session as a session responder
ocall_print_string("[ECALL] Initializing the session as session responder...\n");
status = sgx_dh_init_session(SGX_DH_SESSION_RESPONDER, &sgx_dh_session);
if(SGX_SUCCESS != status)
{
return status;
}
//get a new SessionID
ocall_print_string("[ECALL] Getting a new SessionID\n");
if ((status = (sgx_status_t)generate_session_id(&session_id)) != SUCCESS)
return status; //no more sessions available
//Allocate memory for the session id tracker
g_session_id_tracker[session_id] = (session_id_tracker_t *)malloc(sizeof(session_id_tracker_t));
if(!g_session_id_tracker[session_id])
{
return MALLOC_ERROR;
}
memset(g_session_id_tracker[session_id], 0, sizeof(session_id_tracker_t));
g_session_id_tracker[session_id]->session_id = session_id;
session_info->status = IN_PROGRESS;
//Generate Message1 that will be returned to Source Enclave
ocall_print_string("[ECALL] Generating message1 that will be passed to session initiator\n");
status = sgx_dh_responder_gen_msg1((sgx_dh_msg1_t*)&dh_msg1, &sgx_dh_session);
if(SGX_SUCCESS != status)
{
SAFE_FREE(g_session_id_tracker[session_id]);
return status;
}
memcpy(&session_info->in_progress.dh_session, &sgx_dh_session, sizeof(sgx_dh_session_t));
//Store the session information under the correspoding source enlave id key
g_dest_session_info_map.insert(std::pair<sgx_enclave_id_t, dh_session_t>(0, *session_info));
// pass session id and msg1 to shared memory
// ocall_print_string("Entering session_request_ocall for IPC\n");
status = session_request_ocall(&retstatus, src_enclave_id, dest_enclave_id, &dh_msg1, &session_id);
if (status == SGX_SUCCESS)
{
if ((ATTESTATION_STATUS)retstatus != SUCCESS)
return ((ATTESTATION_STATUS)retstatus);
}
else
{
return ATTESTATION_SE_ERROR;
}
// starts report exchange
//first retrieve msg2 from initiator
status = exchange_report_ocall(&retstatus, src_enclave_id, dest_enclave_id, &dh_msg2, NULL, session_id);
dh_msg3.msg3_body.additional_prop_length = 0;
//Process message 2 from source enclave and obtain message 3
ocall_print_string("[ECALL] Processing message2 from Enclave1(Initiator) and obtain message3\n");
sgx_status_t se_ret = sgx_dh_responder_proc_msg2(&dh_msg2,
&dh_msg3,
&sgx_dh_session,
&dh_aek,
&initiator_identity);
if(SGX_SUCCESS != se_ret)
{
status = se_ret;
return status;
}
//Verify source enclave's trust
ocall_print_string("[ECALL] Verifying Enclave1(Initiator)'s trust\n");
if(verify_peer_enclave_trust(&initiator_identity) != SUCCESS)
{
return INVALID_SESSION;
}
status = exchange_report_ocall(&retstatus, src_enclave_id, dest_enclave_id, &dh_msg2, &dh_msg3, session_id);
if (status == SGX_SUCCESS)
{
if ((ATTESTATION_STATUS)retstatus != SUCCESS)
return ((ATTESTATION_STATUS)retstatus);
}
else
{
return ATTESTATION_SE_ERROR;
}
return status;
}
//Handle the request from Source Enclave for a session
ATTESTATION_STATUS session_request(sgx_enclave_id_t src_enclave_id,
sgx_dh_msg1_t *dh_msg1,
uint32_t *session_id )
{
ocall_print_string("Testing session_request()\n");
dh_session_t session_info;
sgx_dh_session_t sgx_dh_session;
sgx_status_t status = SGX_SUCCESS;
if(!session_id || !dh_msg1)
{
return INVALID_PARAMETER_ERROR;
}
//Intialize the session as a session responder
status = sgx_dh_init_session(SGX_DH_SESSION_RESPONDER, &sgx_dh_session);
if(SGX_SUCCESS != status)
{
return status;
}
//get a new SessionID
if ((status = (sgx_status_t)generate_session_id(session_id)) != SUCCESS)
return status; //no more sessions available
//Allocate memory for the session id tracker
g_session_id_tracker[*session_id] = (session_id_tracker_t *)malloc(sizeof(session_id_tracker_t));
if(!g_session_id_tracker[*session_id])
{
return MALLOC_ERROR;
}
memset(g_session_id_tracker[*session_id], 0, sizeof(session_id_tracker_t));
g_session_id_tracker[*session_id]->session_id = *session_id;
session_info.status = IN_PROGRESS;
//Generate Message1 that will be returned to Source Enclave
status = sgx_dh_responder_gen_msg1((sgx_dh_msg1_t*)dh_msg1, &sgx_dh_session);
if(SGX_SUCCESS != status)
{
SAFE_FREE(g_session_id_tracker[*session_id]);
return status;
}
memcpy(&session_info.in_progress.dh_session, &sgx_dh_session, sizeof(sgx_dh_session_t));
//Store the session information under the correspoding source enlave id key
g_dest_session_info_map.insert(std::pair<sgx_enclave_id_t, dh_session_t>(src_enclave_id, session_info));
return status;
}
//Verify Message 2, generate Message3 and exchange Message 3 with Source Enclave
ATTESTATION_STATUS exchange_report(sgx_enclave_id_t src_enclave_id,
sgx_dh_msg2_t *dh_msg2,
sgx_dh_msg3_t *dh_msg3,
uint32_t session_id)
{
sgx_key_128bit_t dh_aek; // Session key
dh_session_t *session_info;
ATTESTATION_STATUS status = SUCCESS;
sgx_dh_session_t sgx_dh_session;
sgx_dh_session_enclave_identity_t initiator_identity;
if(!dh_msg2 || !dh_msg3)
{
return INVALID_PARAMETER_ERROR;
}
memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
do
{
//Retreive the session information for the corresponding source enclave id
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_dest_session_info_map.find(src_enclave_id);
if(it != g_dest_session_info_map.end())
{
session_info = &it->second;
}
else
{
status = INVALID_SESSION;
break;
}
if(session_info->status != IN_PROGRESS)
{
status = INVALID_SESSION;
break;
}
memcpy(&sgx_dh_session, &session_info->in_progress.dh_session, sizeof(sgx_dh_session_t));
dh_msg3->msg3_body.additional_prop_length = 0;
//Process message 2 from source enclave and obtain message 3
sgx_status_t se_ret = sgx_dh_responder_proc_msg2(dh_msg2,
dh_msg3,
&sgx_dh_session,
&dh_aek,
&initiator_identity);
if(SGX_SUCCESS != se_ret)
{
status = se_ret;
break;
}
//Verify source enclave's trust
if(verify_peer_enclave_trust(&initiator_identity) != SUCCESS)
{
return INVALID_SESSION;
}
//save the session ID, status and initialize the session nonce
session_info->session_id = session_id;
session_info->status = ACTIVE;
session_info->active.counter = 0;
memcpy(session_info->active.AEK, &dh_aek, sizeof(sgx_key_128bit_t));
memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
g_session_count++;
}while(0);
if(status != SUCCESS)
{
end_session(src_enclave_id);
}
return status;
}
//Request for the response size, send the request message to the destination enclave and receive the response message back
ATTESTATION_STATUS send_request_receive_response(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id,
dh_session_t *session_info,
char *inp_buff,
size_t inp_buff_len,
size_t max_out_buff_size,
char **out_buff,
size_t* out_buff_len)
{
const uint8_t* plaintext;
uint32_t plaintext_length;
sgx_status_t status;
uint32_t retstatus;
secure_message_t* req_message;
secure_message_t* resp_message;
uint8_t *decrypted_data;
uint32_t decrypted_data_length;
uint32_t plain_text_offset;
uint8_t l_tag[TAG_SIZE];
size_t max_resp_message_length;
plaintext = (const uint8_t*)(" ");
plaintext_length = 0;
if(!session_info || !inp_buff)
{
return INVALID_PARAMETER_ERROR;
}
//Check if the nonce for the session has not exceeded 2^32-2 if so end session and start a new session
if(session_info->active.counter == ((uint32_t) - 2))
{
close_session(src_enclave_id, dest_enclave_id);
create_session(src_enclave_id, dest_enclave_id, session_info);
}
//Allocate memory for the AES-GCM request message
req_message = (secure_message_t*)malloc(sizeof(secure_message_t)+ inp_buff_len);
if(!req_message)
{
return MALLOC_ERROR;
}
memset(req_message,0,sizeof(secure_message_t)+ inp_buff_len);
const uint32_t data2encrypt_length = (uint32_t)inp_buff_len;
//Set the payload size to data to encrypt length
req_message->message_aes_gcm_data.payload_size = data2encrypt_length;
//Use the session nonce as the payload IV
memcpy(req_message->message_aes_gcm_data.reserved,&session_info->active.counter,sizeof(session_info->active.counter));
//Set the session ID of the message to the current session id
req_message->session_id = session_info->session_id;
//Prepare the request message with the encrypted payload
status = sgx_rijndael128GCM_encrypt(&session_info->active.AEK, (uint8_t*)inp_buff, data2encrypt_length,
reinterpret_cast<uint8_t *>(&(req_message->message_aes_gcm_data.payload)),
reinterpret_cast<uint8_t *>(&(req_message->message_aes_gcm_data.reserved)),
sizeof(req_message->message_aes_gcm_data.reserved), plaintext, plaintext_length,
&(req_message->message_aes_gcm_data.payload_tag));
if(SGX_SUCCESS != status)
{
SAFE_FREE(req_message);
return status;
}
//Allocate memory for the response payload to be copied
*out_buff = (char*)malloc(max_out_buff_size);
if(!*out_buff)
{
SAFE_FREE(req_message);
return MALLOC_ERROR;
}
memset(*out_buff, 0, max_out_buff_size);
//Allocate memory for the response message
resp_message = (secure_message_t*)malloc(sizeof(secure_message_t)+ max_out_buff_size);
if(!resp_message)
{
SAFE_FREE(req_message);
return MALLOC_ERROR;
}
memset(resp_message, 0, sizeof(secure_message_t)+ max_out_buff_size);
//Ocall to send the request to the Destination Enclave and get the response message back
status = send_request_ocall(&retstatus, src_enclave_id, dest_enclave_id, req_message,
(sizeof(secure_message_t)+ inp_buff_len), max_out_buff_size,
resp_message, (sizeof(secure_message_t)+ max_out_buff_size));
if (status == SGX_SUCCESS)
{
if ((ATTESTATION_STATUS)retstatus != SUCCESS)
{
SAFE_FREE(req_message);
SAFE_FREE(resp_message);
return ((ATTESTATION_STATUS)retstatus);
}
}
else
{
SAFE_FREE(req_message);
SAFE_FREE(resp_message);
return ATTESTATION_SE_ERROR;
}
max_resp_message_length = sizeof(secure_message_t)+ max_out_buff_size;
if(sizeof(resp_message) > max_resp_message_length)
{
SAFE_FREE(req_message);
SAFE_FREE(resp_message);
return INVALID_PARAMETER_ERROR;
}
//Code to process the response message from the Destination Enclave
decrypted_data_length = resp_message->message_aes_gcm_data.payload_size;
plain_text_offset = decrypted_data_length;
decrypted_data = (uint8_t*)malloc(decrypted_data_length);
if(!decrypted_data)
{
SAFE_FREE(req_message);
SAFE_FREE(resp_message);
return MALLOC_ERROR;
}
memset(&l_tag, 0, 16);
memset(decrypted_data, 0, decrypted_data_length);
//Decrypt the response message payload
status = sgx_rijndael128GCM_decrypt(&session_info->active.AEK, resp_message->message_aes_gcm_data.payload,
decrypted_data_length, decrypted_data,
reinterpret_cast<uint8_t *>(&(resp_message->message_aes_gcm_data.reserved)),
sizeof(resp_message->message_aes_gcm_data.reserved), &(resp_message->message_aes_gcm_data.payload[plain_text_offset]), plaintext_length,
&resp_message->message_aes_gcm_data.payload_tag);
if(SGX_SUCCESS != status)
{
SAFE_FREE(req_message);
SAFE_FREE(decrypted_data);
SAFE_FREE(resp_message);
return status;
}
// Verify if the nonce obtained in the response is equal to the session nonce + 1 (Prevents replay attacks)
if(*(resp_message->message_aes_gcm_data.reserved) != (session_info->active.counter + 1 ))
{
SAFE_FREE(req_message);
SAFE_FREE(resp_message);
SAFE_FREE(decrypted_data);
return INVALID_PARAMETER_ERROR;
}
//Update the value of the session nonce in the source enclave
session_info->active.counter = session_info->active.counter + 1;
memcpy(out_buff_len, &decrypted_data_length, sizeof(decrypted_data_length));
memcpy(*out_buff, decrypted_data, decrypted_data_length);
SAFE_FREE(decrypted_data);
SAFE_FREE(req_message);
SAFE_FREE(resp_message);
return SUCCESS;
}
//Process the request from the Source enclave and send the response message back to the Source enclave
ATTESTATION_STATUS generate_response(sgx_enclave_id_t src_enclave_id,
secure_message_t* req_message,
size_t req_message_size,
size_t max_payload_size,
secure_message_t* resp_message,
size_t resp_message_size)
{
const uint8_t* plaintext;
uint32_t plaintext_length;
uint8_t *decrypted_data;
uint32_t decrypted_data_length;
uint32_t plain_text_offset;
ms_in_msg_exchange_t * ms;
size_t resp_data_length;
size_t resp_message_calc_size;
char* resp_data;
uint8_t l_tag[TAG_SIZE];
size_t header_size, expected_payload_size;
dh_session_t *session_info;
secure_message_t* temp_resp_message;
uint32_t ret;
sgx_status_t status;
plaintext = (const uint8_t*)(" ");
plaintext_length = 0;
if(!req_message || !resp_message)
{
return INVALID_PARAMETER_ERROR;
}
//Get the session information from the map corresponding to the source enclave id
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_dest_session_info_map.find(src_enclave_id);
if(it != g_dest_session_info_map.end())
{
session_info = &it->second;
}
else
{
return INVALID_SESSION;
}
if(session_info->status != ACTIVE)
{
return INVALID_SESSION;
}
//Set the decrypted data length to the payload size obtained from the message
decrypted_data_length = req_message->message_aes_gcm_data.payload_size;
header_size = sizeof(secure_message_t);
expected_payload_size = req_message_size - header_size;
//Verify the size of the payload
if(expected_payload_size != decrypted_data_length)
return INVALID_PARAMETER_ERROR;
memset(&l_tag, 0, 16);
plain_text_offset = decrypted_data_length;
decrypted_data = (uint8_t*)malloc(decrypted_data_length);
if(!decrypted_data)
{
return MALLOC_ERROR;
}
memset(decrypted_data, 0, decrypted_data_length);
//Decrypt the request message payload from source enclave
status = sgx_rijndael128GCM_decrypt(&session_info->active.AEK, req_message->message_aes_gcm_data.payload,
decrypted_data_length, decrypted_data,
reinterpret_cast<uint8_t *>(&(req_message->message_aes_gcm_data.reserved)),
sizeof(req_message->message_aes_gcm_data.reserved), &(req_message->message_aes_gcm_data.payload[plain_text_offset]), plaintext_length,
&req_message->message_aes_gcm_data.payload_tag);
if(SGX_SUCCESS != status)
{
SAFE_FREE(decrypted_data);
return status;
}
//Casting the decrypted data to the marshaling structure type to obtain type of request (generic message exchange/enclave to enclave call)
ms = (ms_in_msg_exchange_t *)decrypted_data;
// Verify if the nonce obtained in the request is equal to the session nonce
if((uint32_t)*(req_message->message_aes_gcm_data.reserved) != session_info->active.counter || *(req_message->message_aes_gcm_data.reserved) > ((2^32)-2))
{
SAFE_FREE(decrypted_data);
return INVALID_PARAMETER_ERROR;
}
if(ms->msg_type == MESSAGE_EXCHANGE)
{
//Call the generic secret response generator for message exchange
ret = message_exchange_response_generator((char*)decrypted_data, &resp_data, &resp_data_length);
if(ret !=0)
{
SAFE_FREE(decrypted_data);
SAFE_FREE(resp_data);
return INVALID_SESSION;
}
}
else if(ms->msg_type == ENCLAVE_TO_ENCLAVE_CALL)
{
//Call the destination enclave's dispatcher to call the appropriate function in the destination enclave
ret = enclave_to_enclave_call_dispatcher((char*)decrypted_data, decrypted_data_length, &resp_data, &resp_data_length);
if(ret !=0)
{
SAFE_FREE(decrypted_data);
SAFE_FREE(resp_data);
return INVALID_SESSION;
}
}
else
{
SAFE_FREE(decrypted_data);
return INVALID_REQUEST_TYPE_ERROR;
}
if(resp_data_length > max_payload_size)
{
SAFE_FREE(resp_data);
SAFE_FREE(decrypted_data);
return OUT_BUFFER_LENGTH_ERROR;
}
resp_message_calc_size = sizeof(secure_message_t)+ resp_data_length;
if(resp_message_calc_size > resp_message_size)
{
SAFE_FREE(resp_data);
SAFE_FREE(decrypted_data);
return OUT_BUFFER_LENGTH_ERROR;
}
//Code to build the response back to the Source Enclave
temp_resp_message = (secure_message_t*)malloc(resp_message_calc_size);
if(!temp_resp_message)
{
SAFE_FREE(resp_data);
SAFE_FREE(decrypted_data);
return MALLOC_ERROR;
}
memset(temp_resp_message,0,sizeof(secure_message_t)+ resp_data_length);
const uint32_t data2encrypt_length = (uint32_t)resp_data_length;
temp_resp_message->session_id = session_info->session_id;
temp_resp_message->message_aes_gcm_data.payload_size = data2encrypt_length;
//Increment the Session Nonce (Replay Protection)
session_info->active.counter = session_info->active.counter + 1;
//Set the response nonce as the session nonce
memcpy(&temp_resp_message->message_aes_gcm_data.reserved,&session_info->active.counter,sizeof(session_info->active.counter));
//Prepare the response message with the encrypted payload
status = sgx_rijndael128GCM_encrypt(&session_info->active.AEK, (uint8_t*)resp_data, data2encrypt_length,
reinterpret_cast<uint8_t *>(&(temp_resp_message->message_aes_gcm_data.payload)),
reinterpret_cast<uint8_t *>(&(temp_resp_message->message_aes_gcm_data.reserved)),
sizeof(temp_resp_message->message_aes_gcm_data.reserved), plaintext, plaintext_length,
&(temp_resp_message->message_aes_gcm_data.payload_tag));
if(SGX_SUCCESS != status)
{
SAFE_FREE(resp_data);
SAFE_FREE(decrypted_data);
SAFE_FREE(temp_resp_message);
return status;
}
memset(resp_message, 0, sizeof(secure_message_t)+ resp_data_length);
memcpy(resp_message, temp_resp_message, sizeof(secure_message_t)+ resp_data_length);
SAFE_FREE(decrypted_data);
SAFE_FREE(resp_data);
SAFE_FREE(temp_resp_message);
return SUCCESS;
}
//Close a current session
ATTESTATION_STATUS close_session(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id)
{
sgx_status_t status;
uint32_t retstatus;
//Ocall to ask the destination enclave to end the session
status = end_session_ocall(&retstatus, src_enclave_id, dest_enclave_id);
if (status == SGX_SUCCESS)
{
if ((ATTESTATION_STATUS)retstatus != SUCCESS)
return ((ATTESTATION_STATUS)retstatus);
}
else
{
return ATTESTATION_SE_ERROR;
}
return SUCCESS;
}
//Respond to the request from the Source Enclave to close the session
ATTESTATION_STATUS end_session(sgx_enclave_id_t src_enclave_id)
{
ATTESTATION_STATUS status = SUCCESS;
int i;
dh_session_t session_info;
uint32_t session_id;
//Get the session information from the map corresponding to the source enclave id
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_dest_session_info_map.find(src_enclave_id);
if(it != g_dest_session_info_map.end())
{
session_info = it->second;
}
else
{
return INVALID_SESSION;
}
session_id = session_info.session_id;
//Erase the session information for the current session
g_dest_session_info_map.erase(src_enclave_id);
//Update the session id tracker
if (g_session_count > 0)
{
//check if session exists
for (i=1; i <= MAX_SESSION_COUNT; i++)
{
if(g_session_id_tracker[i-1] != NULL && g_session_id_tracker[i-1]->session_id == session_id)
{
memset(g_session_id_tracker[i-1], 0, sizeof(session_id_tracker_t));
SAFE_FREE(g_session_id_tracker[i-1]);
g_session_count--;
break;
}
}
}
return status;
}
//Returns a new sessionID for the source destination session
ATTESTATION_STATUS generate_session_id(uint32_t *session_id)
{
ATTESTATION_STATUS status = SUCCESS;
if(!session_id)
{
return INVALID_PARAMETER_ERROR;
}
//if the session structure is untintialized, set that as the next session ID
for (int i = 0; i < MAX_SESSION_COUNT; i++)
{
if (g_session_id_tracker[i] == NULL)
{
*session_id = i;
return status;
}
}
status = NO_AVAILABLE_SESSION_ERROR;
return status;
}

54
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/LocalAttestationCode/EnclaveMessageExchange.h
View file

@ -1,54 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include "datatypes.h"
#include "sgx_eid.h"
#include "sgx_trts.h"
#include <map>
#include "dh_session_protocol.h"
#ifndef LOCALATTESTATION_H_
#define LOCALATTESTATION_H_
#ifdef __cplusplus
extern "C" {
#endif
uint32_t SGXAPI create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, dh_session_t *p_session_info);
uint32_t SGXAPI send_request_receive_response(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, dh_session_t *p_session_info, char *inp_buff, size_t inp_buff_len, size_t max_out_buff_size, char **out_buff, size_t* out_buff_len);
uint32_t SGXAPI close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
#ifdef __cplusplus
}
#endif
#endif

50
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/LocalAttestationCode/LocalAttestationCode.edl
View file

@ -1,50 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
enclave {
include "sgx_eid.h"
include "datatypes.h"
include "../Include/dh_session_protocol.h"
trusted{
public uint32_t session_request(sgx_enclave_id_t src_enclave_id, [out] sgx_dh_msg1_t *dh_msg1, [out] uint32_t *session_id);
public uint32_t exchange_report(sgx_enclave_id_t src_enclave_id, [in] sgx_dh_msg2_t *dh_msg2, [out] sgx_dh_msg3_t *dh_msg3, uint32_t session_id);
public uint32_t generate_response(sgx_enclave_id_t src_enclave_id, [in, size = req_message_size] secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, [out, size=resp_message_size] secure_message_t* resp_message, size_t resp_message_size );
public uint32_t end_session(sgx_enclave_id_t src_enclave_id);
};
untrusted{
uint32_t session_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [in, out] sgx_dh_msg1_t *dh_msg1,[in, out] uint32_t *session_id);
uint32_t exchange_report_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [in, out] sgx_dh_msg2_t *dh_msg2, [in, out] sgx_dh_msg3_t *dh_msg3, uint32_t session_id);
uint32_t send_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [in, size = req_message_size] secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, [out, size=resp_message_size] secure_message_t* resp_message, size_t resp_message_size);
uint32_t end_session_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
void ocall_print_string([in, string] const char *str);
};
};

105
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/LocalAttestationCode/datatypes.h
View file

@ -1,105 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include "sgx_report.h"
#include "sgx_eid.h"
#include "sgx_ecp_types.h"
#include "sgx_dh.h"
#include "sgx_tseal.h"
#ifndef DATATYPES_H_
#define DATATYPES_H_
#define DH_KEY_SIZE 20
#define NONCE_SIZE 16
#define MAC_SIZE 16
#define MAC_KEY_SIZE 16
#define PADDING_SIZE 16
#define TAG_SIZE 16
#define IV_SIZE 12
#define DERIVE_MAC_KEY 0x0
#define DERIVE_SESSION_KEY 0x1
#define DERIVE_VK1_KEY 0x3
#define DERIVE_VK2_KEY 0x4
#define CLOSED 0x0
#define IN_PROGRESS 0x1
#define ACTIVE 0x2
#define MESSAGE_EXCHANGE 0x0
#define ENCLAVE_TO_ENCLAVE_CALL 0x1
#define INVALID_ARGUMENT -2 ///< Invalid function argument
#define LOGIC_ERROR -3 ///< Functional logic error
#define FILE_NOT_FOUND -4 ///< File not found
#define SAFE_FREE(ptr) {if (NULL != (ptr)) {free(ptr); (ptr)=NULL;}}
#define VMC_ATTRIBUTE_MASK 0xFFFFFFFFFFFFFFCB
typedef uint8_t dh_nonce[NONCE_SIZE];
typedef uint8_t cmac_128[MAC_SIZE];
#pragma pack(push, 1)
//Format of the AES-GCM message being exchanged between the source and the destination enclaves
typedef struct _secure_message_t
{
uint32_t session_id; //Session ID identifyting the session to which the message belongs
sgx_aes_gcm_data_t message_aes_gcm_data;
}secure_message_t;
//Format of the input function parameter structure
typedef struct _ms_in_msg_exchange_t {
uint32_t msg_type; //Type of Call E2E or general message exchange
uint32_t target_fn_id; //Function Id to be called in Destination. Is valid only when msg_type=ENCLAVE_TO_ENCLAVE_CALL
uint32_t inparam_buff_len; //Length of the serialized input parameters
char inparam_buff[]; //Serialized input parameters
} ms_in_msg_exchange_t;
//Format of the return value and output function parameter structure
typedef struct _ms_out_msg_exchange_t {
uint32_t retval_len; //Length of the return value
uint32_t ret_outparam_buff_len; //Length of the serialized return value and output parameters
char ret_outparam_buff[]; //Serialized return value and output parameters
} ms_out_msg_exchange_t;
//Session Tracker to generate session ids
typedef struct _session_id_tracker_t
{
uint32_t session_id;
}session_id_tracker_t;
#pragma pack(pop)
#endif

53
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/LocalAttestationCode/error_codes.h
View file

@ -1,53 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef ERROR_CODES_H_
#define ERROR_CODES_H_
typedef uint32_t ATTESTATION_STATUS;
#define SUCCESS 0x00
#define INVALID_PARAMETER 0xE1
#define VALID_SESSION 0xE2
#define INVALID_SESSION 0xE3
#define ATTESTATION_ERROR 0xE4
#define ATTESTATION_SE_ERROR 0xE5
#define IPP_ERROR 0xE6
#define NO_AVAILABLE_SESSION_ERROR 0xE7
#define MALLOC_ERROR 0xE8
#define ERROR_TAG_MISMATCH 0xE9
#define OUT_BUFFER_LENGTH_ERROR 0xEA
#define INVALID_REQUEST_TYPE_ERROR 0xEB
#define INVALID_PARAMETER_ERROR 0xEC
#define ENCLAVE_TRUST_ERROR 0xED
#define ENCRYPT_DECRYPT_ERROR 0xEE
#define DUPLICATE_SESSION 0xEF
#endif

346
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Makefile
View file

@ -1,346 +0,0 @@
#
# Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
#
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
# * Neither the name of Intel Corporation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
#
######## SGX SDK Settings ########
SGX_SDK ?= /opt/intel/sgxsdk
SGX_MODE ?= HW
SGX_ARCH ?= x64
SGX_DEBUG ?= 1
ifeq ($(shell getconf LONG_BIT), 32)
SGX_ARCH := x86
else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32)
SGX_ARCH := x86
endif
ifeq ($(SGX_ARCH), x86)
SGX_COMMON_CFLAGS := -m32
SGX_LIBRARY_PATH := $(SGX_SDK)/lib
SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign
SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r
else
SGX_COMMON_CFLAGS := -m64
SGX_LIBRARY_PATH := $(SGX_SDK)/lib64
SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign
SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r
endif
ifeq ($(SGX_DEBUG), 1)
ifeq ($(SGX_PRERELEASE), 1)
$(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!)
endif
endif
ifeq ($(SGX_DEBUG), 1)
SGX_COMMON_CFLAGS += -O0 -g
else
SGX_COMMON_CFLAGS += -O2
endif
######## Library Settings ########
Trust_Lib_Name := libLocalAttestation_Trusted.a
TrustLib_Cpp_Files := $(wildcard LocalAttestationCode/*.cpp)
TrustLib_Cpp_Objects := $(TrustLib_Cpp_Files:.cpp=.o)
TrustLib_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx -I$(SGX_SDK)/include/epid -I./Include
TrustLib_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector $(TrustLib_Include_Paths)
TrustLib_Compile_Cxx_Flags := -std=c++11 -nostdinc++
UnTrustLib_Name := libLocalAttestation_unTrusted.a
UnTrustLib_Cpp_Files := $(wildcard Untrusted_LocalAttestation/*.cpp)
UnTrustLib_Cpp_Objects := $(UnTrustLib_Cpp_Files:.cpp=.o)
UnTrustLib_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/ippcp -I./Include -I./LocalAttestationCode
UnTrustLib_Compile_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes -std=c++11 $(UnTrustLib_Include_Paths)
######## App Settings ########
ifneq ($(SGX_MODE), HW)
Urts_Library_Name := sgx_urts_sim
else
Urts_Library_Name := sgx_urts
endif
App_Cpp_Files := $(wildcard App/*.cpp)
App_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/ippcp -I./Include -I./LocalAttestationCode
App_Compile_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths)
# Three configuration modes - Debug, prerelease, release
# Debug - Macro DEBUG enabled.
# Prerelease - Macro NDEBUG and EDEBUG enabled.
# Release - Macro NDEBUG enabled.
ifeq ($(SGX_DEBUG), 1)
App_Compile_Flags += -DDEBUG -UNDEBUG -UEDEBUG
else ifeq ($(SGX_PRERELEASE), 1)
App_Compile_Flags += -DNDEBUG -DEDEBUG -UDEBUG
else
App_Compile_Flags += -DNDEBUG -UEDEBUG -UDEBUG
endif
App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -L. -lpthread -lLocalAttestation_unTrusted
ifneq ($(SGX_MODE), HW)
App_Link_Flags += -lsgx_uae_service_sim
else
App_Link_Flags += -lsgx_uae_service
endif
App_Cpp_Objects := $(App_Cpp_Files:.cpp=.o)
App_Name := app
######## Enclave Settings ########
Enclave1_Version_Script := Enclave1/Enclave1.lds
Enclave2_Version_Script := Enclave2/Enclave2.lds
Enclave3_Version_Script := Enclave3/Enclave3.lds
ifneq ($(SGX_MODE), HW)
Trts_Library_Name := sgx_trts_sim
Service_Library_Name := sgx_tservice_sim
else
Trts_Library_Name := sgx_trts
Service_Library_Name := sgx_tservice
endif
Crypto_Library_Name := sgx_tcrypto
Enclave_Cpp_Files_1 := $(wildcard Enclave1/*.cpp)
Enclave_Cpp_Files_2 := $(wildcard Enclave2/*.cpp)
Enclave_Cpp_Files_3 := $(wildcard Enclave3/*.cpp)
Enclave_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx -I./LocalAttestationCode -I./Include
CC_BELOW_4_9 := $(shell expr "`$(CC) -dumpversion`" \< "4.9")
ifeq ($(CC_BELOW_4_9), 1)
Enclave_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -ffunction-sections -fdata-sections -fstack-protector
else
Enclave_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -ffunction-sections -fdata-sections -fstack-protector-strong
endif
Enclave_Compile_Flags += $(Enclave_Include_Paths)
# To generate a proper enclave, it is recommended to follow below guideline to link the trusted libraries:
# 1. Link sgx_trts with the `--whole-archive' and `--no-whole-archive' options,
# so that the whole content of trts is included in the enclave.
# 2. For other libraries, you just need to pull the required symbols.
# Use `--start-group' and `--end-group' to link these libraries.
# Do NOT move the libraries linked with `--start-group' and `--end-group' within `--whole-archive' and `--no-whole-archive' options.
# Otherwise, you may get some undesirable errors.
Common_Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \
-Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
-Wl,--start-group -lsgx_tstdc -lsgx_tcxx -l$(Crypto_Library_Name) -L. -lLocalAttestation_Trusted -l$(Service_Library_Name) -Wl,--end-group \
-Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
-Wl,-pie,-eenclave_entry -Wl,--export-dynamic \
-Wl,--defsym,__ImageBase=0 -Wl,--gc-sections
Enclave1_Link_Flags := $(Common_Enclave_Link_Flags) -Wl,--version-script=$(Enclave1_Version_Script)
Enclave2_Link_Flags := $(Common_Enclave_Link_Flags) -Wl,--version-script=$(Enclave2_Version_Script)
Enclave3_Link_Flags := $(Common_Enclave_Link_Flags) -Wl,--version-script=$(Enclave3_Version_Script)
Enclave_Cpp_Objects_1 := $(Enclave_Cpp_Files_1:.cpp=.o)
Enclave_Cpp_Objects_2 := $(Enclave_Cpp_Files_2:.cpp=.o)
Enclave_Cpp_Objects_3 := $(Enclave_Cpp_Files_3:.cpp=.o)
Enclave_Name_1 := libenclave1.so
Enclave_Name_2 := libenclave2.so
Enclave_Name_3 := libenclave3.so
ifeq ($(SGX_MODE), HW)
ifeq ($(SGX_DEBUG), 1)
Build_Mode = HW_DEBUG
else ifeq ($(SGX_PRERELEASE), 1)
Build_Mode = HW_PRERELEASE
else
Build_Mode = HW_RELEASE
endif
else
ifeq ($(SGX_DEBUG), 1)
Build_Mode = SIM_DEBUG
else ifeq ($(SGX_PRERELEASE), 1)
Build_Mode = SIM_PRERELEASE
else
Build_Mode = SIM_RELEASE
endif
endif
ifeq ($(Build_Mode), HW_RELEASE)
all: .config_$(Build_Mode)_$(SGX_ARCH) $(Trust_Lib_Name) $(UnTrustLib_Name) Enclave1.so Enclave2.so Enclave3.so $(App_Name)
@echo "The project has been built in release hardware mode."
@echo "Please sign the enclaves (Enclave1.so, Enclave2.so, Enclave3.so) first with your signing keys before you run the $(App_Name) to launch and access the enclave."
@echo "To sign the enclaves use the following commands:"
@echo " $(SGX_ENCLAVE_SIGNER) sign -key <key1> -enclave Enclave1.so -out <$(Enclave_Name_1)> -config Enclave1/Enclave1.config.xml"
@echo " $(SGX_ENCLAVE_SIGNER) sign -key <key2> -enclave Enclave2.so -out <$(Enclave_Name_2)> -config Enclave2/Enclave2.config.xml"
@echo " $(SGX_ENCLAVE_SIGNER) sign -key <key3> -enclave Enclave3.so -out <$(Enclave_Name_3)> -config Enclave3/Enclave3.config.xml"
@echo "You can also sign the enclaves using an external signing tool."
@echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW."
else
all: .config_$(Build_Mode)_$(SGX_ARCH) $(Trust_Lib_Name) $(UnTrustLib_Name) $(Enclave_Name_1) $(Enclave_Name_2) $(Enclave_Name_3) $(App_Name)
ifeq ($(Build_Mode), HW_DEBUG)
@echo "The project has been built in debug hardware mode."
else ifeq ($(Build_Mode), SIM_DEBUG)
@echo "The project has been built in debug simulation mode."
else ifeq ($(Build_Mode), HW_PRERELEASE)
@echo "The project has been built in pre-release hardware mode."
else ifeq ($(Build_Mode), SIM_PRERELEASE)
@echo "The project has been built in pre-release simulation mode."
else
@echo "The project has been built in release simulation mode."
endif
endif
.config_$(Build_Mode)_$(SGX_ARCH):
@rm -rf .config_* $(App_Name) *.so *.a App/*.o Enclave1/*.o Enclave1/*_t.* Enclave1/*_u.* Enclave2/*.o Enclave2/*_t.* Enclave2/*_u.* Enclave3/*.o Enclave3/*_t.* Enclave3/*_u.* LocalAttestationCode/*.o Untrusted_LocalAttestation/*.o LocalAttestationCode/*_t.*
@touch .config_$(Build_Mode)_$(SGX_ARCH)
######## Library Objects ########
LocalAttestationCode/LocalAttestationCode_t.c LocalAttestationCode/LocalAttestationCode_t.h : $(SGX_EDGER8R) LocalAttestationCode/LocalAttestationCode.edl
@cd LocalAttestationCode && $(SGX_EDGER8R) --trusted ../LocalAttestationCode/LocalAttestationCode.edl --search-path $(SGX_SDK)/include
@echo "GEN => $@"
LocalAttestationCode/LocalAttestationCode_t.o: LocalAttestationCode/LocalAttestationCode_t.c
@$(CC) $(TrustLib_Compile_Flags) -c $< -o $@
@echo "CC <= $<"
LocalAttestationCode/%.o: LocalAttestationCode/%.cpp LocalAttestationCode/LocalAttestationCode_t.h
@$(CXX) $(TrustLib_Compile_Flags) $(TrustLib_Compile_Cxx_Flags) -c $< -o $@
@echo "CC <= $<"
$(Trust_Lib_Name): LocalAttestationCode/LocalAttestationCode_t.o $(TrustLib_Cpp_Objects)
@$(AR) rcs $@ $^
@echo "GEN => $@"
Untrusted_LocalAttestation/%.o: Untrusted_LocalAttestation/%.cpp
@$(CXX) $(UnTrustLib_Compile_Flags) -c $< -o $@
@echo "CC <= $<"
$(UnTrustLib_Name): $(UnTrustLib_Cpp_Objects)
@$(AR) rcs $@ $^
@echo "GEN => $@"
######## App Objects ########
Enclave1/Enclave1_u.c Enclave1/Enclave1_u.h: $(SGX_EDGER8R) Enclave1/Enclave1.edl
@cd Enclave1 && $(SGX_EDGER8R) --use-prefix --untrusted ../Enclave1/Enclave1.edl --search-path $(SGX_SDK)/include
@echo "GEN => $@"
App/Enclave1_u.o: Enclave1/Enclave1_u.c
@$(CC) $(App_Compile_Flags) -c $< -o $@
@echo "CC <= $<"
Enclave2/Enclave2_u.c Enclave2/Enclave2_u.h: $(SGX_EDGER8R) Enclave2/Enclave2.edl
@cd Enclave2 && $(SGX_EDGER8R) --use-prefix --untrusted ../Enclave2/Enclave2.edl --search-path $(SGX_SDK)/include
@echo "GEN => $@"
App/Enclave2_u.o: Enclave2/Enclave2_u.c
@$(CC) $(App_Compile_Flags) -c $< -o $@
@echo "CC <= $<"
Enclave3/Enclave3_u.c Enclave3/Enclave3_u.h: $(SGX_EDGER8R) Enclave3/Enclave3.edl
@cd Enclave3 && $(SGX_EDGER8R) --use-prefix --untrusted ../Enclave3/Enclave3.edl --search-path $(SGX_SDK)/include
@echo "GEN => $@"
App/Enclave3_u.o: Enclave3/Enclave3_u.c
@$(CC) $(App_Compile_Flags) -c $< -o $@
@echo "CC <= $<"
App/%.o: App/%.cpp Enclave1/Enclave1_u.h Enclave2/Enclave2_u.h Enclave3/Enclave3_u.h
@$(CXX) $(App_Compile_Flags) -c $< -o $@
@echo "CXX <= $<"
$(App_Name): App/Enclave1_u.o App/Enclave2_u.o App/Enclave3_u.o $(App_Cpp_Objects) $(UnTrustLib_Name)
@$(CXX) $^ -o $@ $(App_Link_Flags)
@echo "LINK => $@"
######## Enclave Objects ########
Enclave1/Enclave1_t.c Enclave1/Enclave1_t.h: $(SGX_EDGER8R) Enclave1/Enclave1.edl
@cd Enclave1 && $(SGX_EDGER8R) --use-prefix --trusted ../Enclave1/Enclave1.edl --search-path $(SGX_SDK)/include
@echo "GEN => $@"
Enclave1/Enclave1_t.o: Enclave1/Enclave1_t.c
@$(CC) $(Enclave_Compile_Flags) -c $< -o $@
@echo "CC <= $<"
Enclave1/%.o: Enclave1/%.cpp Enclave1/Enclave1_t.h
@$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags) -c $< -o $@
@echo "CXX <= $<"
Enclave1.so: Enclave1/Enclave1_t.o $(Enclave_Cpp_Objects_1) $(Trust_Lib_Name)
@$(CXX) Enclave1/Enclave1_t.o $(Enclave_Cpp_Objects_1) -o $@ $(Enclave1_Link_Flags)
@echo "LINK => $@"
$(Enclave_Name_1): Enclave1.so
@$(SGX_ENCLAVE_SIGNER) sign -key Enclave1/Enclave1_private.pem -enclave Enclave1.so -out $@ -config Enclave1/Enclave1.config.xml
@echo "SIGN => $@"
Enclave2/Enclave2_t.c: $(SGX_EDGER8R) Enclave2/Enclave2.edl
@cd Enclave2 && $(SGX_EDGER8R) --use-prefix --trusted ../Enclave2/Enclave2.edl --search-path $(SGX_SDK)/include
@echo "GEN => $@"
Enclave2/Enclave2_t.o: Enclave2/Enclave2_t.c
@$(CC) $(Enclave_Compile_Flags) -c $< -o $@
@echo "CC <= $<"
Enclave2/%.o: Enclave2/%.cpp
@$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags) -c $< -o $@
@echo "CXX <= $<"
Enclave2.so: Enclave2/Enclave2_t.o $(Enclave_Cpp_Objects_2) $(Trust_Lib_Name)
@$(CXX) Enclave2/Enclave2_t.o $(Enclave_Cpp_Objects_2) -o $@ $(Enclave2_Link_Flags)
@echo "LINK => $@"
$(Enclave_Name_2): Enclave2.so
@$(SGX_ENCLAVE_SIGNER) sign -key Enclave2/Enclave2_private.pem -enclave Enclave2.so -out $@ -config Enclave2/Enclave2.config.xml
@echo "SIGN => $@"
Enclave3/Enclave3_t.c: $(SGX_EDGER8R) Enclave3/Enclave3.edl
@cd Enclave3 && $(SGX_EDGER8R) --use-prefix --trusted ../Enclave3/Enclave3.edl --search-path $(SGX_SDK)/include
@echo "GEN => $@"
Enclave3/Enclave3_t.o: Enclave3/Enclave3_t.c
@$(CC) $(Enclave_Compile_Flags) -c $< -o $@
@echo "CC <= $<"
Enclave3/%.o: Enclave3/%.cpp
@$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags) -c $< -o $@
@echo "CXX <= $<"
Enclave3.so: Enclave3/Enclave3_t.o $(Enclave_Cpp_Objects_3) $(Trust_Lib_Name)
@$(CXX) Enclave3/Enclave3_t.o $(Enclave_Cpp_Objects_3) -o $@ $(Enclave3_Link_Flags)
@echo "LINK => $@"
$(Enclave_Name_3): Enclave3.so
@$(SGX_ENCLAVE_SIGNER) sign -key Enclave3/Enclave3_private.pem -enclave Enclave3.so -out $@ -config Enclave3/Enclave3.config.xml
@echo "SIGN => $@"
######## Clean ########
.PHONY: clean
clean:
@rm -rf .config_* $(App_Name) *.so *.a App/*.o Enclave1/*.o Enclave1/*_t.* Enclave1/*_u.* Enclave2/*.o Enclave2/*_t.* Enclave2/*_u.* Enclave3/*.o Enclave3/*_t.* Enclave3/*_u.* LocalAttestationCode/*.o Untrusted_LocalAttestation/*.o LocalAttestationCode/*_t.*

29
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/README.txt
View file

@ -1,29 +0,0 @@
---------------------------
Purpose of LocalAttestation
---------------------------
The project demonstrates:
- How to establish a protected channel
- Secret message exchange using enclave to enclave function calls
------------------------------------
How to Build/Execute the Sample Code
------------------------------------
1. Install Intel(R) Software Guard Extensions (Intel(R) SGX) SDK for Linux* OS
2. Make sure your environment is set:
$ source ${sgx-sdk-install-path}/environment
3. Build the project with the prepared Makefile:
a. Hardware Mode, Debug build:
$ make
b. Hardware Mode, Pre-release build:
$ make SGX_PRERELEASE=1 SGX_DEBUG=0
c. Hardware Mode, Release build:
$ make SGX_DEBUG=0
d. Simulation Mode, Debug build:
$ make SGX_MODE=SIM
e. Simulation Mode, Pre-release build:
$ make SGX_MODE=SIM SGX_PRERELEASE=1 SGX_DEBUG=0
f. Simulation Mode, Release build:
$ make SGX_MODE=SIM SGX_DEBUG=0
4. Execute the binary directly:
$ ./app
5. Remember to "make clean" before switching build mode

200
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Untrusted_LocalAttestation/UntrustedEnclaveMessageExchange.cpp
View file

@ -1,200 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include "sgx_eid.h"
#include "error_codes.h"
#include "datatypes.h"
#include "sgx_urts.h"
#include "UntrustedEnclaveMessageExchange.h"
#include "sgx_dh.h"
#include <map>
#include <sys/ipc.h>
#include <sys/shm.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
std::map<sgx_enclave_id_t, uint32_t>g_enclave_id_map;
extern sgx_enclave_id_t e1_enclave_id;
//Makes an sgx_ecall to the destination enclave to get session id and message1
ATTESTATION_STATUS session_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id)
{
uint32_t status = 0;
sgx_status_t ret = SGX_SUCCESS;
// printf("[OCALL IPC] Generating msg1 and session_id for Enclave1\n");
// for session_id
printf("[OCALL IPC] Passing SessionID to shared memory for Enclave1\n");
key_t key_session_id = ftok("../..", 3);
int shmid_session_id = shmget(key_session_id, sizeof(uint32_t), 0666|IPC_CREAT);
uint32_t* tmp_session_id = (uint32_t*)shmat(shmid_session_id, (void*)0, 0);
memcpy(tmp_session_id, session_id, sizeof(uint32_t));
// for msg1
printf("[OCALL IPC] Passing message1 to shared memory for Enclave1\n");
key_t key_msg1 = ftok("../..", 2);
int shmid_msg1 = shmget(key_msg1, sizeof(sgx_dh_msg1_t), 0666|IPC_CREAT);
sgx_dh_msg1_t* tmp_msg1 = (sgx_dh_msg1_t *)shmat(shmid_msg1, (void*)0, 0);
memcpy(tmp_msg1, dh_msg1, sizeof(sgx_dh_msg1_t));
shmdt(tmp_msg1);
shmdt(tmp_session_id);
// let enclave1 to receive msg1
printf("[OCALL IPC] Waiting for Enclave1 to process SessionID and message1...\n");
sleep(5);
if (ret == SGX_SUCCESS)
return (ATTESTATION_STATUS)status;
else
return INVALID_SESSION;
}
//Makes an sgx_ecall to the destination enclave sends message2 from the source enclave and gets message 3 from the destination enclave
ATTESTATION_STATUS exchange_report_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t session_id)
{
uint32_t status = 0;
sgx_status_t ret = SGX_SUCCESS;
if (dh_msg3 == NULL)
{
// get msg2 from Enclave1
printf("[OCALL IPC] Message2 should be ready\n");
printf("[OCALL IPC] Retrieving message2 from shared memory\n");
key_t key_msg2 = ftok("../..", 4);
int shmid_msg2 = shmget(key_msg2, sizeof(sgx_dh_msg2_t), 0666|IPC_CREAT);
sgx_dh_msg2_t* tmp_msg2 = (sgx_dh_msg2_t *)shmat(shmid_msg2, (void*)0, 0);
memcpy(dh_msg2, tmp_msg2, sizeof(sgx_dh_msg2_t));
shmdt(tmp_msg2);
}
// ret = Enclave1_exchange_report(src_enclave_id, &status, 0, dh_msg2, dh_msg3, session_id);
else
{
// pass msg3 to shm for Enclave
printf("[OCALL IPC] Passing message3 to shared memory for Enclave1\n");
key_t key_msg3 = ftok("../..", 5);
int shmid_msg3 = shmget(key_msg3, sizeof(sgx_dh_msg3_t), 0666|IPC_CREAT);
sgx_dh_msg3_t* tmp_msg3 = (sgx_dh_msg3_t *)shmat(shmid_msg3, (void*)0, 0);
memcpy(tmp_msg3, dh_msg3, sizeof(sgx_dh_msg3_t));
shmdt(tmp_msg3);
// wait for Enclave1 to process msg3
printf("[OCALL IPC] Waiting for Enclave1 to process message3...\n");
sleep(5);
}
if (ret == SGX_SUCCESS)
return (ATTESTATION_STATUS)status;
else
return INVALID_SESSION;
}
//Make an sgx_ecall to the destination enclave function that generates the actual response
ATTESTATION_STATUS send_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id,secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size)
{
uint32_t status = 0;
sgx_status_t ret = SGX_SUCCESS;
uint32_t temp_enclave_no;
std::map<sgx_enclave_id_t, uint32_t>::iterator it = g_enclave_id_map.find(dest_enclave_id);
if(it != g_enclave_id_map.end())
{
temp_enclave_no = it->second;
}
else
{
return INVALID_SESSION;
}
switch(temp_enclave_no)
{
case 1:
ret = Enclave1_generate_response(dest_enclave_id, &status, src_enclave_id, req_message, req_message_size, max_payload_size, resp_message, resp_message_size);
break;
case 2:
ret = Enclave2_generate_response(dest_enclave_id, &status, src_enclave_id, req_message, req_message_size, max_payload_size, resp_message, resp_message_size);
break;
case 3:
ret = Enclave3_generate_response(dest_enclave_id, &status, src_enclave_id, req_message, req_message_size, max_payload_size, resp_message, resp_message_size);
break;
}
if (ret == SGX_SUCCESS)
return (ATTESTATION_STATUS)status;
else
return INVALID_SESSION;
}
//Make an sgx_ecall to the destination enclave to close the session
ATTESTATION_STATUS end_session_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id)
{
uint32_t status = 0;
sgx_status_t ret = SGX_SUCCESS;
uint32_t temp_enclave_no;
std::map<sgx_enclave_id_t, uint32_t>::iterator it = g_enclave_id_map.find(dest_enclave_id);
if(it != g_enclave_id_map.end())
{
temp_enclave_no = it->second;
}
else
{
return INVALID_SESSION;
}
switch(temp_enclave_no)
{
case 1:
ret = Enclave1_end_session(dest_enclave_id, &status, src_enclave_id);
break;
case 2:
ret = Enclave2_end_session(dest_enclave_id, &status, src_enclave_id);
break;
case 3:
ret = Enclave3_end_session(dest_enclave_id, &status, src_enclave_id);
break;
}
if (ret == SGX_SUCCESS)
return (ATTESTATION_STATUS)status;
else
return INVALID_SESSION;
}
void ocall_print_string(const char *str)
{
printf("%s", str);
}

74
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Untrusted_LocalAttestation/UntrustedEnclaveMessageExchange.h
View file

@ -1,74 +0,0 @@
/*
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include "sgx_eid.h"
#include "error_codes.h"
#include "datatypes.h"
#include "sgx_urts.h"
#include "dh_session_protocol.h"
#include "sgx_dh.h"
#include <cstddef>
#ifndef ULOCALATTESTATION_H_
#define ULOCALATTESTATION_H_
#ifdef __cplusplus
extern "C" {
#endif
sgx_status_t Enclave1_session_request(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id);
sgx_status_t Enclave1_exchange_report(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id);
sgx_status_t Enclave1_generate_response(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size);
sgx_status_t Enclave1_end_session(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id);
sgx_status_t Enclave2_session_request(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id);
sgx_status_t Enclave2_exchange_report(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id);
sgx_status_t Enclave2_generate_response(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size);
sgx_status_t Enclave2_end_session(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id);
sgx_status_t Enclave3_session_request(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id);
sgx_status_t Enclave3_exchange_report(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id);
sgx_status_t Enclave3_generate_response(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size);
sgx_status_t Enclave3_end_session(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id);
uint32_t session_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id);
uint32_t exchange_report_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id);
uint32_t send_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size);
uint32_t end_session_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
void ocall_print_string(const char *str);
#ifdef __cplusplus
}
#endif
#endif

211
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Application/Makefile
View file

@ -1,211 +0,0 @@
######## SGX SDK Settings ########
SGX_SDK ?= /opt/intel/sgxsdk
SGX_MODE ?= SIM
SGX_ARCH ?= x64
ifeq ($(shell getconf LONG_BIT), 32)
SGX_ARCH := x86
else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32)
SGX_ARCH := x86
endif
ifeq ($(SGX_ARCH), x86)
SGX_COMMON_CFLAGS := -m32
SGX_LIBRARY_PATH := $(SGX_SDK)/lib
SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign
SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r
else
SGX_COMMON_CFLAGS := -m64
SGX_LIBRARY_PATH := $(SGX_SDK)/lib64
SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign
SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r
endif
ifeq ($(SGX_DEBUG), 1)
ifeq ($(SGX_PRERELEASE), 1)
$(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!)
endif
endif
ifeq ($(SGX_DEBUG), 1)
SGX_COMMON_CFLAGS += -O0 -g
else
SGX_COMMON_CFLAGS += -O2
endif
ifeq ($(SUPPLIED_KEY_DERIVATION), 1)
SGX_COMMON_CFLAGS += -DSUPPLIED_KEY_DERIVATION
endif
######## App Settings ########
ifneq ($(SGX_MODE), HW)
Urts_Library_Name := sgx_urts_sim
else
Urts_Library_Name := sgx_urts
endif
App_Cpp_Files := isv_app/isv_app.cpp ../Util/LogBase.cpp ../Networking/NetworkManager.cpp ../Networking/Session.cpp ../Networking/Server.cpp \
../Networking/Client.cpp ../Networking/NetworkManagerServer.cpp ../GoogleMessages/Messages.pb.cpp ../Networking/AbstractNetworkOps.cpp \
../Util/UtilityFunctions.cpp ../Enclave/Enclave.cpp ../MessageHandler/MessageHandler.cpp ../Util/Base64.cpp
App_Include_Paths := -I../Util -Iservice_provider -I$(SGX_SDK)/include -Iheaders -I../Networking -Iisv_app -I../GoogleMessages -I/usr/local/include -I../Enclave \
-I../MessageHandler
App_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths)
# Three configuration modes - Debug, prerelease, release
# Debug - Macro DEBUG enabled.
# Prerelease - Macro NDEBUG and EDEBUG enabled.
# Release - Macro NDEBUG enabled.
ifeq ($(SGX_DEBUG), 1)
App_C_Flags += -DDEBUG -UNDEBUG -UEDEBUG
else ifeq ($(SGX_PRERELEASE), 1)
App_C_Flags += -DNDEBUG -DEDEBUG -UDEBUG
else
App_C_Flags += -DNDEBUG -UEDEBUG -UDEBUG
endif
App_Cpp_Flags := $(App_C_Flags) -std=c++11 -DEnableServer
App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -L. -lsgx_ukey_exchange -lpthread -Wl,-rpath=$(CURDIR)/../sample_libcrypto -Wl,-rpath=$(CURDIR) -llog4cpp -lboost_system -lssl -lcrypto -lboost_thread -lprotobuf -L /usr/local/lib -ljsoncpp
ifneq ($(SGX_MODE), HW)
App_Link_Flags += -lsgx_uae_service_sim
else
App_Link_Flags += -lsgx_uae_service
endif
App_Cpp_Objects := $(App_Cpp_Files:.cpp=.o)
App_Name := app
######## Enclave Settings ########
ifneq ($(SGX_MODE), HW)
Trts_Library_Name := sgx_trts_sim
Service_Library_Name := sgx_tservice_sim
else
Trts_Library_Name := sgx_trts
Service_Library_Name := sgx_tservice
endif
Crypto_Library_Name := sgx_tcrypto
Enclave_Cpp_Files := isv_enclave/isv_enclave.cpp
Enclave_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/stlport -I$(SGX_SDK)/include/crypto_px/include -I../Enclave/
Enclave_C_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector $(Enclave_Include_Paths)
Enclave_Cpp_Flags := $(Enclave_C_Flags) -std=c++11 -nostdinc++
# To generate a proper enclave, it is recommended to follow below guideline to link the trusted libraries:
# 1. Link sgx_trts with the `--whole-archive' and `--no-whole-archive' options,
# so that the whole content of trts is included in the enclave.
# 2. For other libraries, you just need to pull the required symbols.
# Use `--start-group' and `--end-group' to link these libraries.
# Do NOT move the libraries linked with `--start-group' and `--end-group' within `--whole-archive' and `--no-whole-archive' options.
# Otherwise, you may get some undesirable errors.
Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \
-Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
-Wl,--start-group -lsgx_tstdc -lsgx_tstdcxx -lsgx_tkey_exchange -l$(Crypto_Library_Name) -l$(Service_Library_Name) -Wl,--end-group \
-Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
-Wl,-pie,-eenclave_entry -Wl,--export-dynamic \
-Wl,--defsym,__ImageBase=0 \
-Wl,--version-script=isv_enclave/isv_enclave.lds
Enclave_Cpp_Objects := $(Enclave_Cpp_Files:.cpp=.o)
Enclave_Name := isv_enclave.so
Signed_Enclave_Name := isv_enclave.signed.so
Enclave_Config_File := isv_enclave/isv_enclave.config.xml
ifeq ($(SGX_MODE), HW)
ifneq ($(SGX_DEBUG), 1)
ifneq ($(SGX_PRERELEASE), 1)
Build_Mode = HW_RELEASE
endif
endif
endif
.PHONY: all run
ifeq ($(Build_Mode), HW_RELEASE)
all: $(App_Name) $(Enclave_Name)
@echo "The project has been built in release hardware mode."
@echo "Please sign the $(Enclave_Name) first with your signing key before you run the $(App_Name) to launch and access the enclave."
@echo "To sign the enclave use the command:"
@echo " $(SGX_ENCLAVE_SIGNER) sign -key <your key> -enclave $(Enclave_Name) -out <$(Signed_Enclave_Name)> -config $(Enclave_Config_File)"
@echo "You can also sign the enclave using an external signing tool."
@echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW."
else
all: $(App_Name) $(Signed_Enclave_Name)
endif
run: all
ifneq ($(Build_Mode), HW_RELEASE)
@$(CURDIR)/$(App_Name)
@echo "RUN => $(App_Name) [$(SGX_MODE)|$(SGX_ARCH), OK]"
endif
######## App Objects ########
isv_app/isv_enclave_u.c: $(SGX_EDGER8R) isv_enclave/isv_enclave.edl
@cd isv_app && $(SGX_EDGER8R) --untrusted ../isv_enclave/isv_enclave.edl --search-path ../isv_enclave --search-path $(SGX_SDK)/include
@echo "GEN => $@"
isv_app/isv_enclave_u.o: isv_app/isv_enclave_u.c
@$(CC) $(App_C_Flags) -c $< -o $@
@echo "CC <= $<"
isv_app/%.o: isv_app/%.cpp
@$(CXX) $(App_Cpp_Flags) -c $< -o $@
@echo "CXX <= $<"
../MessageHandler/%.o: ../MessageHandler/%.cpp
@$(CXX) $(App_Cpp_Flags) -c $< -o $@
@echo "CXX <= $<"
../Util/%.o: ../Util/%.cpp
@$(CXX) $(App_Cpp_Flags) -c $< -o $@
@echo "CXX <= $<"
../Networking/%.o: ../Networking/%.cpp
@$(CXX) $(App_Cpp_Flags) -c $< -o $@
@echo "CXX <= $<"
../Enclave/%.o: ../Enclave/%.cpp
@$(CXX) $(App_Cpp_Flags) -c $< -o $@
@echo "CXX <= $<"
$(App_Name): isv_app/isv_enclave_u.o $(App_Cpp_Objects)
@$(CXX) $^ -o $@ $(App_Link_Flags)
@echo "LINK => $@"
######## Enclave Objects ########
isv_enclave/isv_enclave_t.c: $(SGX_EDGER8R) isv_enclave/isv_enclave.edl
@cd isv_enclave && $(SGX_EDGER8R) --trusted ../isv_enclave/isv_enclave.edl --search-path ../isv_enclave --search-path $(SGX_SDK)/include
@echo "GEN => $@"
isv_enclave/isv_enclave_t.o: isv_enclave/isv_enclave_t.c
@$(CC) $(Enclave_C_Flags) -c $< -o $@
@echo "CC <= $<"
isv_enclave/%.o: isv_enclave/%.cpp
@$(CXX) $(Enclave_Cpp_Flags) -c $< -o $@
@echo "CXX <= $<"
$(Enclave_Name): isv_enclave/isv_enclave_t.o $(Enclave_Cpp_Objects)
@$(CXX) $^ -o $@ $(Enclave_Link_Flags)
@echo "LINK => $@"
$(Signed_Enclave_Name): $(Enclave_Name)
@$(SGX_ENCLAVE_SIGNER) sign -key isv_enclave/isv_enclave_private.pem -enclave $(Enclave_Name) -out $@ -config $(Enclave_Config_File)
@echo "SIGN => $@"
.PHONY: clean
clean:
@rm -f $(App_Name) $(Enclave_Name) $(Signed_Enclave_Name) $(App_Cpp_Objects) isv_app/isv_enclave_u.* $(Enclave_Cpp_Objects) isv_enclave/isv_enclave_t.* libservice_provider.* $(ServiceProvider_Cpp_Objects)

40
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Application/isv_app/isv_app.cpp
View file

@ -1,40 +0,0 @@
#include <iostream>
#include <unistd.h>
#include "LogBase.h"
using namespace util;
#include "MessageHandler.h"
int Main(int argc, char* argv[]) {
LogBase::Inst();
int ret = 0;
MessageHandler msg;
msg.init();
msg.start();
return ret;
}
int main( int argc, char **argv ) {
try {
return Main(argc, argv);
} catch (std::exception& e) {
Log("exception: %s", e.what());
} catch (...) {
Log("unexpected exception") ;
}
return -1;
}

11
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Application/isv_enclave/isv_enclave.config.xml
View file

@ -1,11 +0,0 @@
<EnclaveConfiguration>
<ProdID>0</ProdID>
<ISVSVN>0</ISVSVN>
<StackMaxSize>0x40000</StackMaxSize>
<HeapMaxSize>0x100000</HeapMaxSize>
<TCSNum>1</TCSNum>
<TCSPolicy>1</TCSPolicy>
<DisableDebug>0</DisableDebug>
<MiscSelect>0</MiscSelect>
<MiscMask>0xFFFFFFFF</MiscMask>
</EnclaveConfiguration>

311
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Application/isv_enclave/isv_enclave.cpp
View file

@ -1,311 +0,0 @@
#include <stdarg.h>
#include <stdio.h>
#include <assert.h>
#include "isv_enclave_t.h"
#include "sgx_tkey_exchange.h"
#include "sgx_tcrypto.h"
#include "string.h"
// This is the public EC key of the SP. The corresponding private EC key is
// used by the SP to sign data used in the remote attestation SIGMA protocol
// to sign channel binding data in MSG2. A successful verification of the
// signature confirms the identity of the SP to the ISV app in remote
// attestation secure channel binding. The public EC key should be hardcoded in
// the enclave or delivered in a trustworthy manner. The use of a spoofed public
// EC key in the remote attestation with secure channel binding session may lead
// to a security compromise. Every different SP the enlcave communicates to
// must have a unique SP public key. Delivery of the SP public key is
// determined by the ISV. The TKE SIGMA protocl expects an Elliptical Curve key
// based on NIST P-256
static const sgx_ec256_public_t g_sp_pub_key = {
{
0x72, 0x12, 0x8a, 0x7a, 0x17, 0x52, 0x6e, 0xbf,
0x85, 0xd0, 0x3a, 0x62, 0x37, 0x30, 0xae, 0xad,
0x3e, 0x3d, 0xaa, 0xee, 0x9c, 0x60, 0x73, 0x1d,
0xb0, 0x5b, 0xe8, 0x62, 0x1c, 0x4b, 0xeb, 0x38
},
{
0xd4, 0x81, 0x40, 0xd9, 0x50, 0xe2, 0x57, 0x7b,
0x26, 0xee, 0xb7, 0x41, 0xe7, 0xc6, 0x14, 0xe2,
0x24, 0xb7, 0xbd, 0xc9, 0x03, 0xf2, 0x9a, 0x28,
0xa8, 0x3c, 0xc8, 0x10, 0x11, 0x14, 0x5e, 0x06
}
};
#ifdef SUPPLIED_KEY_DERIVATION
#pragma message ("Supplied key derivation function is used.")
typedef struct _hash_buffer_t {
uint8_t counter[4];
sgx_ec256_dh_shared_t shared_secret;
uint8_t algorithm_id[4];
} hash_buffer_t;
const char ID_U[] = "SGXRAENCLAVE";
const char ID_V[] = "SGXRASERVER";
// Derive two keys from shared key and key id.
bool derive_key(
const sgx_ec256_dh_shared_t *p_shared_key,
uint8_t key_id,
sgx_ec_key_128bit_t *first_derived_key,
sgx_ec_key_128bit_t *second_derived_key) {
sgx_status_t sgx_ret = SGX_SUCCESS;
hash_buffer_t hash_buffer;
sgx_sha_state_handle_t sha_context;
sgx_sha256_hash_t key_material;
memset(&hash_buffer, 0, sizeof(hash_buffer_t));
/* counter in big endian */
hash_buffer.counter[3] = key_id;
/*convert from little endian to big endian */
for (size_t i = 0; i < sizeof(sgx_ec256_dh_shared_t); i++) {
hash_buffer.shared_secret.s[i] = p_shared_key->s[sizeof(p_shared_key->s)-1 - i];
}
sgx_ret = sgx_sha256_init(&sha_context);
if (sgx_ret != SGX_SUCCESS) {
return false;
}
sgx_ret = sgx_sha256_update((uint8_t*)&hash_buffer, sizeof(hash_buffer_t), sha_context);
if (sgx_ret != SGX_SUCCESS) {
sgx_sha256_close(sha_context);
return false;
}
sgx_ret = sgx_sha256_update((uint8_t*)&ID_U, sizeof(ID_U), sha_context);
if (sgx_ret != SGX_SUCCESS) {
sgx_sha256_close(sha_context);
return false;
}
sgx_ret = sgx_sha256_update((uint8_t*)&ID_V, sizeof(ID_V), sha_context);
if (sgx_ret != SGX_SUCCESS) {
sgx_sha256_close(sha_context);
return false;
}
sgx_ret = sgx_sha256_get_hash(sha_context, &key_material);
if (sgx_ret != SGX_SUCCESS) {
sgx_sha256_close(sha_context);
return false;
}
sgx_ret = sgx_sha256_close(sha_context);
assert(sizeof(sgx_ec_key_128bit_t)* 2 == sizeof(sgx_sha256_hash_t));
memcpy(first_derived_key, &key_material, sizeof(sgx_ec_key_128bit_t));
memcpy(second_derived_key, (uint8_t*)&key_material + sizeof(sgx_ec_key_128bit_t), sizeof(sgx_ec_key_128bit_t));
// memset here can be optimized away by compiler, so please use memset_s on
// windows for production code and similar functions on other OSes.
memset(&key_material, 0, sizeof(sgx_sha256_hash_t));
return true;
}
//isv defined key derivation function id
#define ISV_KDF_ID 2
typedef enum _derive_key_type_t {
DERIVE_KEY_SMK_SK = 0,
DERIVE_KEY_MK_VK,
} derive_key_type_t;
sgx_status_t key_derivation(const sgx_ec256_dh_shared_t* shared_key,
uint16_t kdf_id,
sgx_ec_key_128bit_t* smk_key,
sgx_ec_key_128bit_t* sk_key,
sgx_ec_key_128bit_t* mk_key,
sgx_ec_key_128bit_t* vk_key) {
bool derive_ret = false;
if (NULL == shared_key) {
return SGX_ERROR_INVALID_PARAMETER;
}
if (ISV_KDF_ID != kdf_id) {
//fprintf(stderr, "\nError, key derivation id mismatch in [%s].", __FUNCTION__);
return SGX_ERROR_KDF_MISMATCH;
}
derive_ret = derive_key(shared_key, DERIVE_KEY_SMK_SK,
smk_key, sk_key);
if (derive_ret != true) {
//fprintf(stderr, "\nError, derive key fail in [%s].", __FUNCTION__);
return SGX_ERROR_UNEXPECTED;
}
derive_ret = derive_key(shared_key, DERIVE_KEY_MK_VK,
mk_key, vk_key);
if (derive_ret != true) {
//fprintf(stderr, "\nError, derive key fail in [%s].", __FUNCTION__);
return SGX_ERROR_UNEXPECTED;
}
return SGX_SUCCESS;
}
#else
#pragma message ("Default key derivation function is used.")
#endif
// This ecall is a wrapper of sgx_ra_init to create the trusted
// KE exchange key context needed for the remote attestation
// SIGMA API's. Input pointers aren't checked since the trusted stubs
// copy them into EPC memory.
//
// @param b_pse Indicates whether the ISV app is using the
// platform services.
// @param p_context Pointer to the location where the returned
// key context is to be copied.
//
// @return Any error return from the create PSE session if b_pse
// is true.
// @return Any error returned from the trusted key exchange API
// for creating a key context.
sgx_status_t enclave_init_ra(
int b_pse,
sgx_ra_context_t *p_context) {
// isv enclave call to trusted key exchange library.
sgx_status_t ret;
if(b_pse) {
int busy_retry_times = 2;
do {
ret = sgx_create_pse_session();
} while (ret == SGX_ERROR_BUSY && busy_retry_times--);
if (ret != SGX_SUCCESS)
return ret;
}
#ifdef SUPPLIED_KEY_DERIVATION
ret = sgx_ra_init_ex(&g_sp_pub_key, b_pse, key_derivation, p_context);
#else
ret = sgx_ra_init(&g_sp_pub_key, b_pse, p_context);
#endif
if(b_pse) {
sgx_close_pse_session();
return ret;
}
return ret;
}
// Closes the tKE key context used during the SIGMA key
// exchange.
//
// @param context The trusted KE library key context.
//
// @return Return value from the key context close API
sgx_status_t SGXAPI enclave_ra_close(
sgx_ra_context_t context) {
sgx_status_t ret;
ret = sgx_ra_close(context);
return ret;
}
// Verify the mac sent in att_result_msg from the SP using the
// MK key. Input pointers aren't checked since the trusted stubs
// copy them into EPC memory.
//
//
// @param context The trusted KE library key context.
// @param p_message Pointer to the message used to produce MAC
// @param message_size Size in bytes of the message.
// @param p_mac Pointer to the MAC to compare to.
// @param mac_size Size in bytes of the MAC
//
// @return SGX_ERROR_INVALID_PARAMETER - MAC size is incorrect.
// @return Any error produced by tKE API to get SK key.
// @return Any error produced by the AESCMAC function.
// @return SGX_ERROR_MAC_MISMATCH - MAC compare fails.
sgx_status_t verify_att_result_mac(sgx_ra_context_t context,
uint8_t* p_message,
size_t message_size,
uint8_t* p_mac,
size_t mac_size) {
sgx_status_t ret;
sgx_ec_key_128bit_t mk_key;
if(mac_size != sizeof(sgx_mac_t)) {
ret = SGX_ERROR_INVALID_PARAMETER;
return ret;
}
if(message_size > UINT32_MAX) {
ret = SGX_ERROR_INVALID_PARAMETER;
return ret;
}
do {
uint8_t mac[SGX_CMAC_MAC_SIZE] = {0};
ret = sgx_ra_get_keys(context, SGX_RA_KEY_MK, &mk_key);
if(SGX_SUCCESS != ret) {
break;
}
ret = sgx_rijndael128_cmac_msg(&mk_key,
p_message,
(uint32_t)message_size,
&mac);
if(SGX_SUCCESS != ret) {
break;
}
if(0 == consttime_memequal(p_mac, mac, sizeof(mac))) {
ret = SGX_ERROR_MAC_MISMATCH;
break;
}
} while(0);
return ret;
}
sgx_status_t verify_secret_data (
sgx_ra_context_t context,
uint8_t *p_secret,
uint32_t secret_size,
uint8_t *p_gcm_mac,
uint32_t max_verification_length,
uint8_t *p_ret) {
sgx_status_t ret = SGX_SUCCESS;
sgx_ec_key_128bit_t sk_key;
do {
ret = sgx_ra_get_keys(context, SGX_RA_KEY_SK, &sk_key);
if (SGX_SUCCESS != ret) {
break;
}
uint8_t *decrypted = (uint8_t*) malloc(sizeof(uint8_t) * secret_size);
uint8_t aes_gcm_iv[12] = {0};
ret = sgx_rijndael128GCM_decrypt(&sk_key,
p_secret,
secret_size,
decrypted,
&aes_gcm_iv[0],
12,
NULL,
0,
(const sgx_aes_gcm_128bit_tag_t *) (p_gcm_mac));
if (SGX_SUCCESS == ret) {
if (decrypted[0] == 0) {
if (decrypted[1] != 1) {
ret = SGX_ERROR_INVALID_SIGNATURE;
}
} else {
ret = SGX_ERROR_UNEXPECTED;
}
}
} while(0);
return ret;
}

38
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Application/isv_enclave/isv_enclave.edl
View file

@ -1,38 +0,0 @@
enclave {
from "sgx_tkey_exchange.edl" import *;
include "sgx_key_exchange.h"
include "sgx_trts.h"
trusted {
public sgx_status_t enclave_init_ra(int b_pse, [out] sgx_ra_context_t *p_context);
public sgx_status_t enclave_ra_close(sgx_ra_context_t context);
public sgx_status_t verify_att_result_mac(sgx_ra_context_t context,
[in,size=message_size] uint8_t* message,
size_t message_size,
[in,size=mac_size] uint8_t* mac,
size_t mac_size);
public sgx_status_t verify_secret_data(sgx_ra_context_t context,
[in,size=secret_size] uint8_t* p_secret,
uint32_t secret_size,
[in,count=16] uint8_t* gcm_mac,
uint32_t max_verification_length,
[out, count=16] uint8_t *p_ret);
};
};

8
Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Application/isv_enclave/isv_enclave.lds
View file

@ -1,8 +0,0 @@
enclave.so {
global:
g_global_data_sim;
g_global_data;
enclave_entry;
local:
*;
};

Some files were not shown because too many files have changed in this diff Show more