From 25a5ca3e2d49c9a5acc15ae8368dd5cf94dc07fd Mon Sep 17 00:00:00 2001 From: Paul Zinselmeyer Date: Wed, 3 Jul 2024 16:16:24 +0200 Subject: [PATCH] [Assignment-7] Flake + App base - Add Assignment-7 to flake.nix - Implement basic framework of app - Implement proxy subcommand (mostly) - Implement basics of intermediary subcommand --- .../.gitkeep | 0 .../Makefile | 2 +- 7-SGX_Hands-on/flake.lock | 27 ++ 7-SGX_Hands-on/flake.nix | 47 ++++ 7-SGX_Hands-on/src/app/intermediary.c | 153 ++++++++++++ 7-SGX_Hands-on/src/app/intermediary.h | 23 ++ 7-SGX_Hands-on/src/app/main.c | 24 ++ 7-SGX_Hands-on/src/app/proxy.c | 235 ++++++++++++++++++ 7-SGX_Hands-on/src/app/proxy.h | 23 ++ 7-SGX_Hands-on/src/app/test.c | 3 + 7-SGX_Hands-on/src/app/util.c | 23 ++ 7-SGX_Hands-on/src/app/util.h | 13 + .../src/enclave/enclave.c | 2 +- .../src/enclave/enclave.config.xml | 0 .../src/enclave/enclave.edl | 0 .../src/enclave/enclave.h | 0 .../test/framework_test.c | 0 .../test/framework_test.h | 0 .../test/main.c | 0 .../test/mini_test.c | 0 .../test/mini_test.h | 0 Assignment 7 - SGX Hands-on/src/app/main.c | 7 - flake.nix | 43 +++- 23 files changed, 615 insertions(+), 10 deletions(-) rename {Assignment 7 - SGX Hands-on => 7-SGX_Hands-on}/.gitkeep (100%) rename {Assignment 7 - SGX Hands-on => 7-SGX_Hands-on}/Makefile (96%) create mode 100644 7-SGX_Hands-on/flake.lock create mode 100644 7-SGX_Hands-on/flake.nix create mode 100644 7-SGX_Hands-on/src/app/intermediary.c create mode 100644 7-SGX_Hands-on/src/app/intermediary.h create mode 100644 7-SGX_Hands-on/src/app/main.c create mode 100644 7-SGX_Hands-on/src/app/proxy.c create mode 100644 7-SGX_Hands-on/src/app/proxy.h create mode 100644 7-SGX_Hands-on/src/app/test.c create mode 100644 7-SGX_Hands-on/src/app/util.c create mode 100644 7-SGX_Hands-on/src/app/util.h rename {Assignment 7 - SGX Hands-on => 7-SGX_Hands-on}/src/enclave/enclave.c (99%) rename {Assignment 7 - SGX Hands-on => 7-SGX_Hands-on}/src/enclave/enclave.config.xml (100%) rename {Assignment 7 - SGX Hands-on => 7-SGX_Hands-on}/src/enclave/enclave.edl (100%) rename {Assignment 7 - SGX Hands-on => 7-SGX_Hands-on}/src/enclave/enclave.h (100%) rename {Assignment 7 - SGX Hands-on => 7-SGX_Hands-on}/test/framework_test.c (100%) rename {Assignment 7 - SGX Hands-on => 7-SGX_Hands-on}/test/framework_test.h (100%) rename {Assignment 7 - SGX Hands-on => 7-SGX_Hands-on}/test/main.c (100%) rename {Assignment 7 - SGX Hands-on => 7-SGX_Hands-on}/test/mini_test.c (100%) rename {Assignment 7 - SGX Hands-on => 7-SGX_Hands-on}/test/mini_test.h (100%) delete mode 100644 Assignment 7 - SGX Hands-on/src/app/main.c diff --git a/Assignment 7 - SGX Hands-on/.gitkeep b/7-SGX_Hands-on/.gitkeep similarity index 100% rename from Assignment 7 - SGX Hands-on/.gitkeep rename to 7-SGX_Hands-on/.gitkeep diff --git a/Assignment 7 - SGX Hands-on/Makefile b/7-SGX_Hands-on/Makefile similarity index 96% rename from Assignment 7 - SGX Hands-on/Makefile rename to 7-SGX_Hands-on/Makefile index c037498..560a1c0 100644 --- a/Assignment 7 - SGX Hands-on/Makefile +++ b/7-SGX_Hands-on/Makefile @@ -8,7 +8,7 @@ # Compiler CC = clang -CFLAGS = -Wall -Wextra -Werror +CFLAGS = -Wall -Wextra -Werror -I$(ENCLAVE_DIR) -I$(APP_DIR) LDFLAGS = # Directories diff --git a/7-SGX_Hands-on/flake.lock b/7-SGX_Hands-on/flake.lock new file mode 100644 index 0000000..8716e61 --- /dev/null +++ b/7-SGX_Hands-on/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1719838683, + "narHash": "sha256-Zw9rQjHz1ilNIimEXFeVa1ERNRBF8DoXDhLAZq5B4pE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d032c1a6dfad4eedec7e35e91986becc699d7d69", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/7-SGX_Hands-on/flake.nix b/7-SGX_Hands-on/flake.nix new file mode 100644 index 0000000..c863322 --- /dev/null +++ b/7-SGX_Hands-on/flake.nix @@ -0,0 +1,47 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; + }; + + outputs = { self, nixpkgs, ... }: + let + lastModifiedDate = self.lastModifiedDate or self.lastModified or "19700101"; + version = builtins.substring 0 8 lastModifiedDate; + + nixpkgsFor = system: import nixpkgs { inherit system; overlays = [ self.overlay ]; }; + in + { + overlay = final: prev: with final; { + signatureProxy = stdenv.mkDerivation { + pname = "SignatureProxy"; + inherit version; + + buildScript = '' + make + ''; + + installScript = '' + mkdir -p $out/bin + cp app $out/bin + cp enclave.so $out/bin + ''; + + nativeBuildInputs = with pkgs; [ + clang + glibc + sgx-sdk + gmp.dev + openssl.dev + pkg-config + ]; + + env = { + SGX_SDK = pkgs.sgx-sdk; + SGX_MODE = "SIM"; + }; + }; + }; + + defaultPackage."x86_64-linux" = (nixpkgsFor "x86_64-linux").signatureProxy; + }; +} diff --git a/7-SGX_Hands-on/src/app/intermediary.c b/7-SGX_Hands-on/src/app/intermediary.c new file mode 100644 index 0000000..01387ac --- /dev/null +++ b/7-SGX_Hands-on/src/app/intermediary.c @@ -0,0 +1,153 @@ +#include +#include +#include +#include +#include +#include + +#include "enclave.h" +#include "intermediary.h" +#include "util.h" + +#define HASH_BYTES 32 +#define HASH_CHUNK_BYTES 32 +#define KEY_BYTES 32 + +struct IntermediaryArgs { + char* firmware_path; + char* key_path; + char* output_path; +}; + +char* intermediary_syntax(void) { + return + "intermediary mock up implementation of the employee binary\n" + " -f file path to Firmware file\n" + " -k key file path\n" + " -o output file path\n"; +} + +int handle_intermediary(int argc, char** argv) { + struct IntermediaryArgs args = { + NULL, + NULL, + NULL + }; + FILE* firmware_file; + FILE* key_file; + FILE* output_file; + //uint8_t firmware_hash[HASH_BYTES]; + uint8_t firmware_chunk[HASH_CHUNK_BYTES]; + uint8_t key[KEY_BYTES]; + //EVP_MD_CTX *mdctx; + //const EVP_MD *md; + //unsigned char md_value[EVP_MAX_MD_SIZE]; + //unsigned int md_len; + + int i = 0; + while(i < argc) { + if(strcmp(argv[i], "-f")==0 && argc-i >=2){ + args.firmware_path = argv[i+1]; + i += 2; + }else if(strcmp(argv[i], "-k")==0 && argc-i >=2){ + args.key_path = argv[i+1]; + i += 2; + }else if(strcmp(argv[i], "-o")==0 && argc-i >=2){ + args.output_path = argv[i+1]; + i += 2; + }else + syntax_exit(); + } + + if(args.firmware_path == NULL || args.key_path == NULL || args.output_path == NULL) + syntax_exit(); + + firmware_file = fopen(args.firmware_path, "r"); + if(firmware_file == NULL){ + perror("Error opening firmware file"); + exit(1); + } + + /* + md = EVP_sha3_256(); + mdctx = EVP_MD_CTX_new(); + if (!EVP_DigestSignInit(mdctx, NULL, md, NULL, key)) { + fprintf(stderr, "Message digest initialization failed.\n"); + EVP_MD_CTX_free(mdctx); + exit(1); + } + */ + + size_t chunk_len = HASH_CHUNK_BYTES; + while(chunk_len==HASH_CHUNK_BYTES) { + chunk_len = fread(&firmware_chunk, HASH_CHUNK_BYTES, 1, firmware_file); + if(chunk_len!=HASH_CHUNK_BYTES&&ferror(firmware_file)!=0){ + perror("Failed to read firmware file"); + exit(1); + } + + /* + if (!EVP_DigestSignUpdate(mdctx, firmware_chunk, chunk_len)) { + printf("Message digest update failed.\n"); + EVP_MD_CTX_free(mdctx); + exit(1); + } + */ + } + + /* + if (!EVP_DigestSignFinal_ex(mdctx, md_value, &md_len)) { + printf("Message digest finalization failed.\n"); + EVP_MD_CTX_free(mdctx); + exit(1); + } + EVP_MD_CTX_free(mdctx); + + printf("Digest is: "); + for (i = 0; i < md_len; i++) + printf("%02x", md_value[i]); + printf("\n"); + */ + + key_file = fopen(args.key_path, "r"); + if(key_file == NULL){ + perror("Error opening key file"); + exit(1); + } + + size_t key_len = fread(&key, 1, KEY_BYTES, key_file); + if(ferror(key_file)!=0){ + perror("Failed to read key"); + exit(1); + } + if(key_len != KEY_BYTES){ + fprintf(stderr, "invalid key length\n"); + exit(1); + } + + //eckey = EC_KEY_new_by_curve_name(NID_secp256r1); + //if(eckey == NULL) { + // fprintf(stderr, "failed to initialize SECP256R1 key\n"); + // exit(1); + //} + + //if (!EC_KEY_generate_key(eckey)) { + // fprintf(stderr, "failed to generate key\n"); + // exit(1); + //} + + //sig = ECDSA_do_sign(md_value, md_len, eckey); + //if (sig == NULL){ + // fprintf(stderr, "failed to sign firmware hash\n"); + // exit(1); + //} + + output_file = fopen(args.output_path, "w"); + if(output_file == NULL){ + perror("Error opening output file"); + exit(1); + } + + printf("intermediary %s %s %s", args.firmware_path, args.key_path, args.output_path); + exit(0); +} diff --git a/7-SGX_Hands-on/src/app/intermediary.h b/7-SGX_Hands-on/src/app/intermediary.h new file mode 100644 index 0000000..695fdeb --- /dev/null +++ b/7-SGX_Hands-on/src/app/intermediary.h @@ -0,0 +1,23 @@ +#ifndef _APP_INTERMEDIARY_H_ +#define _APP_INTERMEDIARY_H_ + + +/* + * @brief getter for intermediary subcommand syntax string + * + * @returns null-terminated syntax string + */ +char* intermediary_syntax(void); + +/* + * @brief CLI implementation for the "intermediary" subcommand + * + * @param argc number of arguments with command and subcommand stripped + * @param argv arguments with command and subcommand stripped + * + * @returns 0 on success, else error with output on stderr + */ +int handle_intermediary(int argc, char** argv); + + +#endif diff --git a/7-SGX_Hands-on/src/app/main.c b/7-SGX_Hands-on/src/app/main.c new file mode 100644 index 0000000..3daa211 --- /dev/null +++ b/7-SGX_Hands-on/src/app/main.c @@ -0,0 +1,24 @@ +#include +#include + +#include "intermediary.h" +#include "proxy.h" +#include "util.h" + + +int main(int argc, char** argv) { + if(argc < 1) + syntax_exit(); + BIN_NAME = argv[0]; + if(argc < 2) + syntax_exit(); + + char* command = argv[1]; + + if(strcmp(command, "intermediary")==0) + handle_intermediary(argc-2, argv+2); + else if (strcmp(command, "proxy")==0) + handle_proxy(argc-2, argv+2); + else + syntax_exit(); +} diff --git a/7-SGX_Hands-on/src/app/proxy.c b/7-SGX_Hands-on/src/app/proxy.c new file mode 100644 index 0000000..7a529b2 --- /dev/null +++ b/7-SGX_Hands-on/src/app/proxy.c @@ -0,0 +1,235 @@ +#include +#include +#include +#include +#include + +#include "enclave.h" +#include "proxy.h" +#include "util.h" + +sgx_enclave_id_t global_eid = 0; + +struct ProxyArgs { + char* input_path; + char* output_path; + char* sealed_key_file_path; + char* sgx_token_path; +}; + +typedef struct _sgx_errlist_t { + sgx_status_t err; + const char *msg; + const char *sug; /* Suggestion */ +} sgx_errlist_t; + +/* Error code returned by sgx_create_enclave */ +static sgx_errlist_t sgx_errlist[] = { + { + SGX_ERROR_UNEXPECTED, + "Unexpected error occurred.", + NULL + }, + { + SGX_ERROR_INVALID_PARAMETER, + "Invalid parameter.", + NULL + }, + { + SGX_ERROR_OUT_OF_MEMORY, + "Out of memory.", + NULL + }, + { + SGX_ERROR_ENCLAVE_LOST, + "Power transition occurred.", + "Please refer to the sample \"PowerTransition\" for details." + }, + { + SGX_ERROR_INVALID_ENCLAVE, + "Invalid enclave image.", + NULL + }, + { + SGX_ERROR_INVALID_ENCLAVE_ID, + "Invalid enclave identification.", + NULL + }, + { + SGX_ERROR_INVALID_SIGNATURE, + "Invalid enclave signature.", + NULL + }, + { + SGX_ERROR_OUT_OF_EPC, + "Out of EPC memory.", + NULL + }, + { + SGX_ERROR_NO_DEVICE, + "Invalid SGX device.", + "Please make sure SGX module is enabled in the BIOS, and install SGX driver afterwards." + }, + { + SGX_ERROR_MEMORY_MAP_CONFLICT, + "Memory map conflicted.", + NULL + }, + { + SGX_ERROR_INVALID_METADATA, + "Invalid enclave metadata.", + NULL + }, + { + SGX_ERROR_DEVICE_BUSY, + "SGX device was busy.", + NULL + }, + { + SGX_ERROR_INVALID_VERSION, + "Enclave version was invalid.", + NULL + }, + { + SGX_ERROR_INVALID_ATTRIBUTE, + "Enclave was not authorized.", + NULL + }, + { + SGX_ERROR_ENCLAVE_FILE_ACCESS, + "Can't open enclave file.", + NULL + }, +}; + +/* Check error conditions for loading enclave */ +static void print_error_message(sgx_status_t ret) +{ + size_t idx = 0; + size_t ttl = sizeof sgx_errlist/sizeof sgx_errlist[0]; + + for (idx = 0; idx < ttl; idx++) { + if(ret == sgx_errlist[idx].err) { + if(NULL != sgx_errlist[idx].sug) + printf("Info: %s\n", sgx_errlist[idx].sug); + printf("Error: %s\n", sgx_errlist[idx].msg); + break; + } + } + + if (idx == ttl) + printf("Error code is 0x%X. Please refer to the \"Intel SGX SDK Developer Reference\" for more details.\n", ret); +} + +static int initialize_enclave(char* token_path) { + FILE* sgx_token_file; + sgx_launch_token_t token = {0}; + sgx_status_t ret; + int updated = 0; + + sgx_token_file = fopen(token_path, "r"); + if(sgx_token_file == NULL){ + perror("Error opening sgx token file"); + exit(1); + } + + size_t read_num = fread(token, 1, sizeof(sgx_launch_token_t), sgx_token_file); + if (read_num != 0 && read_num != sizeof(sgx_launch_token_t)) { + fprintf(stderr, "sgx token file is corrupted"); + return (1); + } + + ret = sgx_create_enclave("enclave.so", SGX_DEBUG_FLAG, &token, &updated, &global_eid, NULL); + if (ret != SGX_SUCCESS) { + print_error_message(ret); + return (1); + } + + if (updated) { + sgx_token_file = freopen(token_path, "w", sgx_token_file); + if(sgx_token_file == NULL){ + perror("Error opening sgx token file"); + return (1); + } + size_t write_num = fwrite(token, 1, sizeof(sgx_launch_token_t), sgx_token_file); + if (write_num != sizeof(sgx_launch_token_t)){ + fprintf(stderr,"Warning: Failed to save launch token to \"%s\".\n", token_path); + return (1); + } + } + return (0); +} + +char* proxy_syntax(void) { + return + "proxy implementation of the enclave-powered SignatureProxy\n" + " -i file path to the intermediary output(signature of firmware)\n" + " -o output path of the signature\n" + " -s file path of the sealed proxy key\n" + " -t file path of the sgx token\n"; +} + +int handle_proxy(int argc, char** argv) { + struct ProxyArgs args = { + NULL, + NULL, + NULL, + NULL + }; + FILE* input_file; + FILE* output_file; + FILE* sealed_key_file; + + int i = 0; + while(i < argc) { + if(strcmp(argv[i], "-i")==0 && argc-i >=2){ + args.input_path = argv[i+1]; + i += 2; + }else if(strcmp(argv[i], "-o")==0 && argc-i >=2){ + args.output_path = argv[i+1]; + i += 2; + }else if(strcmp(argv[i], "-s")==0 && argc-i >=2){ + args.sealed_key_file_path = argv[i+1]; + i += 2; + }else if(strcmp(argv[i], "-t")==0 && argc-i >=2){ + args.sgx_token_path = argv[i+1]; + i += 2; + }else + syntax_exit(); + } + + if(args.input_path == NULL || args.output_path == NULL || args.sealed_key_file_path == NULL || args.sgx_token_path == NULL) + syntax_exit(); + + input_file = fopen(args.input_path, "r"); + if(input_file == NULL){ + perror("Error opening input file"); + exit(1); + } + + output_file = fopen(args.output_path, "w"); + if(output_file == NULL){ + perror("Error opening output file"); + exit(1); + } + + //TODO read input -> calculate size of input (ECDSA of SHA3-256 of Firmware File, generated by intermediary) + //TODO read sealed key -> calculate size or dynamic alloc + + sealed_key_file = fopen(args.sealed_key_file_path, "w"); + if(sealed_key_file == NULL){ + perror("Error opening sealed_key_file file"); + exit(1); + } + + if (initialize_enclave(args.sgx_token_path) != 0) + exit(1); + + //TODO call enclave -> refactor interface to do verify and sign in one call to avoid trip through "untrusted" land. + + //TODO store sealed key if changed + //TODO write output + + printf("proxy %s %s", args.input_path, args.output_path); + exit(0); +} diff --git a/7-SGX_Hands-on/src/app/proxy.h b/7-SGX_Hands-on/src/app/proxy.h new file mode 100644 index 0000000..37b0072 --- /dev/null +++ b/7-SGX_Hands-on/src/app/proxy.h @@ -0,0 +1,23 @@ +#ifndef _APP_PROXY_H_ +#define _APP_PROXY_H_ + + +/* + * @brief getter for proxy subcommand syntax string + * + * @returns null-terminated syntax string + */ +char* proxy_syntax(void); + +/* + * @brief CLI implementation for the "proxy" subcommand + * + * @param argc number of arguments with command and subcommand stripped + * @param argv arguments with command and subcommand stripped + * + * @returns 0 on success, else error with output on stderr + */ +int handle_proxy(int argc, char** argv); + + +#endif diff --git a/7-SGX_Hands-on/src/app/test.c b/7-SGX_Hands-on/src/app/test.c new file mode 100644 index 0000000..5aedd11 --- /dev/null +++ b/7-SGX_Hands-on/src/app/test.c @@ -0,0 +1,3 @@ +int main() { + return (0); +} diff --git a/7-SGX_Hands-on/src/app/util.c b/7-SGX_Hands-on/src/app/util.c new file mode 100644 index 0000000..8d483a0 --- /dev/null +++ b/7-SGX_Hands-on/src/app/util.c @@ -0,0 +1,23 @@ +#include +#include + +#include "util.h" +#include "proxy.h" +#include "intermediary.h" + + +char* BIN_NAME = "SignatureProxy"; + +void syntax_exit(void) { + char* syntax = + "SignatureProxy Version 0.0.0\n" + "Syntax: %s \n" + "\n" + "Commands:\n" + "%s" + "\n" + "%s"; + + printf(syntax, BIN_NAME, intermediary_syntax(), proxy_syntax()); + exit(1); +} diff --git a/7-SGX_Hands-on/src/app/util.h b/7-SGX_Hands-on/src/app/util.h new file mode 100644 index 0000000..c447800 --- /dev/null +++ b/7-SGX_Hands-on/src/app/util.h @@ -0,0 +1,13 @@ +#ifndef _APP_UTIL_H_ +#define _APP_UTIL_H_ + + +char* BIN_NAME; + +/* + * @brief prints the command syntax and exits with EXIT_FAILURE + */ +void syntax_exit(void); + + +#endif diff --git a/Assignment 7 - SGX Hands-on/src/enclave/enclave.c b/7-SGX_Hands-on/src/enclave/enclave.c similarity index 99% rename from Assignment 7 - SGX Hands-on/src/enclave/enclave.c rename to 7-SGX_Hands-on/src/enclave/enclave.c index 9fd9d9f..14f6a8a 100644 --- a/Assignment 7 - SGX Hands-on/src/enclave/enclave.c +++ b/7-SGX_Hands-on/src/enclave/enclave.c @@ -263,4 +263,4 @@ sgx_status_t verify_firmware(const uint8_t *data, uint32_t data_size, const uint // close handle and return result sgx_ecc256_close_context(ecc_handle); return result; -} \ No newline at end of file +} diff --git a/Assignment 7 - SGX Hands-on/src/enclave/enclave.config.xml b/7-SGX_Hands-on/src/enclave/enclave.config.xml similarity index 100% rename from Assignment 7 - SGX Hands-on/src/enclave/enclave.config.xml rename to 7-SGX_Hands-on/src/enclave/enclave.config.xml diff --git a/Assignment 7 - SGX Hands-on/src/enclave/enclave.edl b/7-SGX_Hands-on/src/enclave/enclave.edl similarity index 100% rename from Assignment 7 - SGX Hands-on/src/enclave/enclave.edl rename to 7-SGX_Hands-on/src/enclave/enclave.edl diff --git a/Assignment 7 - SGX Hands-on/src/enclave/enclave.h b/7-SGX_Hands-on/src/enclave/enclave.h similarity index 100% rename from Assignment 7 - SGX Hands-on/src/enclave/enclave.h rename to 7-SGX_Hands-on/src/enclave/enclave.h diff --git a/Assignment 7 - SGX Hands-on/test/framework_test.c b/7-SGX_Hands-on/test/framework_test.c similarity index 100% rename from Assignment 7 - SGX Hands-on/test/framework_test.c rename to 7-SGX_Hands-on/test/framework_test.c diff --git a/Assignment 7 - SGX Hands-on/test/framework_test.h b/7-SGX_Hands-on/test/framework_test.h similarity index 100% rename from Assignment 7 - SGX Hands-on/test/framework_test.h rename to 7-SGX_Hands-on/test/framework_test.h diff --git a/Assignment 7 - SGX Hands-on/test/main.c b/7-SGX_Hands-on/test/main.c similarity index 100% rename from Assignment 7 - SGX Hands-on/test/main.c rename to 7-SGX_Hands-on/test/main.c diff --git a/Assignment 7 - SGX Hands-on/test/mini_test.c b/7-SGX_Hands-on/test/mini_test.c similarity index 100% rename from Assignment 7 - SGX Hands-on/test/mini_test.c rename to 7-SGX_Hands-on/test/mini_test.c diff --git a/Assignment 7 - SGX Hands-on/test/mini_test.h b/7-SGX_Hands-on/test/mini_test.h similarity index 100% rename from Assignment 7 - SGX Hands-on/test/mini_test.h rename to 7-SGX_Hands-on/test/mini_test.h diff --git a/Assignment 7 - SGX Hands-on/src/app/main.c b/Assignment 7 - SGX Hands-on/src/app/main.c deleted file mode 100644 index 68334fa..0000000 --- a/Assignment 7 - SGX Hands-on/src/app/main.c +++ /dev/null @@ -1,7 +0,0 @@ - -#include - -int main() { - printf("Hello World"); -} - diff --git a/flake.nix b/flake.nix index 77c3752..25c393d 100644 --- a/flake.nix +++ b/flake.nix @@ -25,6 +25,11 @@ texPackages = pkgs: pkgs.texlive.combine { inherit (pkgs.texlive) scheme-full latex-bin latexmk; }; + + lastModifiedDate = self.lastModifiedDate or self.lastModified or "19700101"; + version = builtins.substring 0 8 lastModifiedDate; + + nixpkgsFor = system: import nixpkgs { inherit system; overlays = [ self.overlay ]; }; in rec { packages = forAllSystems({system, pkgs}: forAllAssignments(assignment: let tex = texPackages pkgs; @@ -48,7 +53,9 @@ }; in document) // { default = packages.${system}.${pkgs.lib.last assignments}; - }); + }) // { + "x86_64-linux"."Assignment 7" = (nixpkgsFor "x86_64-linux").signatureProxy; + }; devShells = forAllSystems({pkgs, ...}: let tex = texPackages pkgs; @@ -58,7 +65,41 @@ }; }); + overlay = final: prev: with final; { + signatureProxy = stdenv.mkDerivation { + pname = "SignatureProxy"; + inherit version; + + src = ./7-SGX_Hands-on; + + buildScript = '' + make + ''; + + installScript = '' + mkdir -p $out/bin + cp app $out/bin + cp enclave.so $out/bin + ''; + + nativeBuildInputs = with pkgs; [ + clang + glibc + sgx-sdk + gmp.dev + openssl.dev + pkg-config + ]; + + env = { + SGX_SDK = pkgs.sgx-sdk; + SGX_MODE = "SIM"; + }; + }; + }; + hydraJobs = packages; }; + }