[Assignment-7] add SGX sample code from VM

Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/enclave/enclave.config.xml

@@ -0,0 +1,12 @@
+<!-- Please refer to User's Guide for the explanation of each field -->
+<EnclaveConfiguration>
+  <ProdID>0</ProdID>
+  <ISVSVN>0</ISVSVN>
+  <StackMaxSize>0x40000</StackMaxSize>
+  <HeapMaxSize>0x100000</HeapMaxSize>
+  <TCSNum>10</TCSNum>
+  <TCSPolicy>1</TCSPolicy>
+  <DisableDebug>0</DisableDebug>
+  <MiscSelect>0</MiscSelect>
+  <MiscMask>0xFFFFFFFF</MiscMask>
+</EnclaveConfiguration>

Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/enclave/enclave.cpp

@@ -0,0 +1,403 @@
+#include "enclave_t.h"
+#include "string.h"
+
+#include "enclave.h"
+#include "wallet.h"
+
+#include "sgx_tseal.h"
+#include "sealing/sealing.h"
+
+int ecall_create_wallet(const char* master_password) {
+
+	//
+	// OVERVIEW: 
+	//	1. check password policy
+	//	2. [ocall] abort if wallet already exist
+	//	3. create wallet 
+	//	4. seal wallet
+	//	5. [ocall] save wallet
+	//	6. exit enclave
+	//
+	//
+	sgx_status_t ocall_status, sealing_status;
+	int ocall_ret;
+
+
+	// 1. check passaword policy
+	if (strlen(master_password) < 8 || strlen(master_password)+1 > MAX_ITEM_SIZE) {
+		return ERR_PASSWORD_OUT_OF_RANGE;
+	}
+
+
+	// 2. abort if wallet already exist
+	ocall_status = ocall_is_wallet(&ocall_ret);
+	if (ocall_ret != 0) {
+		return ERR_WALLET_ALREADY_EXISTS;
+	}
+
+
+	// 3. create new wallet
+	wallet_t* wallet = (wallet_t*)malloc(sizeof(wallet_t));
+	wallet->size = 0;
+	strncpy(wallet->master_password, master_password, strlen(master_password)+1); 
+
+
+	// 4. seal wallet
+	size_t sealed_size = sizeof(sgx_sealed_data_t) + sizeof(wallet_t);
+	uint8_t* sealed_data = (uint8_t*)malloc(sealed_size);
+    sealing_status = seal_wallet(wallet, (sgx_sealed_data_t*)sealed_data, sealed_size);
+    free(wallet);
+    if (sealing_status != SGX_SUCCESS) {
+		free(sealed_data);
+		return ERR_FAIL_SEAL;
+    }
+    
+
+	// 5. save wallet
+	ocall_status = ocall_save_wallet(&ocall_ret, sealed_data, sealed_size); 
+	free(sealed_data);
+	if (ocall_ret != 0 || ocall_status != SGX_SUCCESS) {
+		return ERR_CANNOT_SAVE_WALLET;
+	}
+
+
+	// 6. exit enclave
+	return RET_SUCCESS;
+}
+
+
+/**
+ * @brief      Provides the wallet content. The sizes/length of 
+ *             pointers need to be specified, otherwise SGX will
+ *             assume a count of 1 for all pointers.
+ *
+ */
+int ecall_show_wallet(const char* master_password, wallet_t* wallet, size_t wallet_size) {
+
+	//
+	// OVERVIEW: 
+	//	1. [ocall] load wallet
+	// 	2. unseal wallet
+	//	3. verify master-password
+	//	4. return wallet to app
+	//	5. exit enclave
+	//
+	//
+	sgx_status_t ocall_status, sealing_status;
+	int ocall_ret;
+
+
+
+	// 1. load wallet
+	size_t sealed_size = sizeof(sgx_sealed_data_t) + sizeof(wallet_t);
+	uint8_t* sealed_data = (uint8_t*)malloc(sealed_size);
+	ocall_status = ocall_load_wallet(&ocall_ret, sealed_data, sealed_size);
+	if (ocall_ret != 0 || ocall_status != SGX_SUCCESS) {
+		free(sealed_data);
+		return ERR_CANNOT_LOAD_WALLET;
+	}
+
+
+	// 2. unseal loaded wallet
+	uint32_t plaintext_size = sizeof(wallet_t);
+    wallet_t* unsealed_wallet = (wallet_t*)malloc(plaintext_size);
+    sealing_status = unseal_wallet((sgx_sealed_data_t*)sealed_data, unsealed_wallet, plaintext_size);
+    free(sealed_data);
+    if (sealing_status != SGX_SUCCESS) {
+		free(unsealed_wallet);
+		return ERR_FAIL_UNSEAL;
+    }
+    
+    
+	// 3. verify master-password
+	if (strcmp(unsealed_wallet->master_password, master_password) != 0) {
+		free(unsealed_wallet);
+		return ERR_WRONG_MASTER_PASSWORD;
+	}
+
+
+	// 4. return wallet to app
+	(* wallet) = *unsealed_wallet;
+	free(unsealed_wallet);
+
+
+	// 5. exit enclave
+	return RET_SUCCESS;
+}
+
+
+/**
+ * @brief      Changes the wallet's master-password.
+ *
+ */
+int ecall_change_master_password(const char* old_password, const char* new_password) {
+
+	//
+	// OVERVIEW: 
+	//	1. check password policy
+	//	2. [ocall] load wallet
+	// 	3. unseal wallet
+	//	4. verify old password
+	//	5. update password
+	//	6. seal wallet
+	// 	7. [ocall] save sealed wallet
+	//	8. exit enclave
+	//
+	//
+	sgx_status_t ocall_status, sealing_status;
+	int ocall_ret;
+
+
+
+	// 1. check passaword policy
+	if (strlen(new_password) < 8 || strlen(new_password)+1 > MAX_ITEM_SIZE) {
+		return ERR_PASSWORD_OUT_OF_RANGE;
+	}
+
+
+	// 2. load wallet
+	size_t sealed_size = sizeof(sgx_sealed_data_t) + sizeof(wallet_t);
+	uint8_t* sealed_data = (uint8_t*)malloc(sealed_size);
+	ocall_status = ocall_load_wallet(&ocall_ret, sealed_data, sealed_size);
+	if (ocall_ret != 0 || ocall_status != SGX_SUCCESS) {
+		free(sealed_data);
+		return ERR_CANNOT_LOAD_WALLET;
+	}
+
+
+	// 3. unseal wallet
+	uint32_t plaintext_size = sizeof(wallet_t);
+    wallet_t* wallet = (wallet_t*)malloc(plaintext_size);
+    sealing_status = unseal_wallet((sgx_sealed_data_t*)sealed_data, wallet, plaintext_size);
+    free(sealed_data);
+    if (sealing_status != SGX_SUCCESS) {
+    	free(wallet);
+		return ERR_FAIL_UNSEAL;
+    }
+
+
+	// 4. verify master-password
+	if (strcmp(wallet->master_password, old_password) != 0) {
+		free(wallet);
+		return ERR_WRONG_MASTER_PASSWORD;
+	}
+
+
+	// 5. update password
+	strncpy(wallet->master_password, new_password, strlen(new_password)+1); 
+
+
+	// 6. seal wallet
+	sealed_data = (uint8_t*)malloc(sealed_size);
+    sealing_status = seal_wallet(wallet, (sgx_sealed_data_t*)sealed_data, sealed_size);
+    free(wallet);
+    if (sealing_status != SGX_SUCCESS) {
+    	free(wallet);
+		free(sealed_data);
+		return ERR_FAIL_SEAL;
+    }
+
+
+	// 7. save wallet
+	ocall_status = ocall_save_wallet(&ocall_ret, sealed_data, sealed_size); 
+	free(sealed_data); 
+	if (ocall_ret != 0 || ocall_status != SGX_SUCCESS) {
+		return ERR_CANNOT_SAVE_WALLET;
+	}
+
+
+	// 6. exit enclave
+	return RET_SUCCESS;
+}
+
+
+/**
+ * @brief      Adds an item to the wallet. The sizes/length of 
+ *             pointers need to be specified, otherwise SGX will
+ *             assume a count of 1 for all pointers.
+ *
+ */
+int ecall_add_item(const char* master_password, const item_t* item, const size_t item_size) {
+
+	//
+	// OVERVIEW: 
+	//	1. [ocall] load wallet
+	//	2. unseal wallet
+	//	3. verify master-password
+	//	4. check input length
+	//	5. add item to the wallet
+	//	6. seal wallet
+	//	7. [ocall] save sealed wallet
+	//	8. exit enclave
+	//
+	//
+	sgx_status_t ocall_status, sealing_status;
+	int ocall_ret;
+
+
+
+	// 2. load wallet
+	size_t sealed_size = sizeof(sgx_sealed_data_t) + sizeof(wallet_t);
+	uint8_t* sealed_data = (uint8_t*)malloc(sealed_size);
+	ocall_status = ocall_load_wallet(&ocall_ret, sealed_data, sealed_size);
+	if (ocall_ret != 0 || ocall_status != SGX_SUCCESS) {
+		free(sealed_data);
+		return ERR_CANNOT_LOAD_WALLET;
+	}
+
+
+	// 3. unseal wallet
+	uint32_t plaintext_size = sizeof(wallet_t);
+    wallet_t* wallet = (wallet_t*)malloc(plaintext_size);
+    sealing_status = unseal_wallet((sgx_sealed_data_t*)sealed_data, wallet, plaintext_size);
+    free(sealed_data);
+    if (sealing_status != SGX_SUCCESS) {
+    	free(wallet);
+		return ERR_FAIL_UNSEAL;
+    }
+
+
+	// 3. verify master-password
+	if (strcmp(wallet->master_password, master_password) != 0) {
+		free(wallet);
+		return ERR_WRONG_MASTER_PASSWORD;
+	}
+
+
+	// 4. check input length
+	if (strlen(item->title)+1 > MAX_ITEM_SIZE ||
+		strlen(item->username)+1 > MAX_ITEM_SIZE ||
+		strlen(item->password)+1 > MAX_ITEM_SIZE
+	) {
+		free(wallet);
+		return ERR_ITEM_TOO_LONG; 
+    }
+
+
+	// 5. add item to the wallet
+	size_t wallet_size = wallet->size;
+	if (wallet_size >= MAX_ITEMS) {
+		free(wallet);
+		return ERR_WALLET_FULL;
+	}
+	wallet->items[wallet_size] = *item;
+	++wallet->size;
+
+
+	// 6. seal wallet
+	sealed_data = (uint8_t*)malloc(sealed_size);
+    sealing_status = seal_wallet(wallet, (sgx_sealed_data_t*)sealed_data, sealed_size);
+    free(wallet);
+    if (sealing_status != SGX_SUCCESS) {
+    	free(wallet);
+		free(sealed_data);
+		return ERR_FAIL_SEAL;
+    }
+
+
+	// 7. save wallet
+	ocall_status = ocall_save_wallet(&ocall_ret, sealed_data, sealed_size);  
+	free(sealed_data);
+	if (ocall_ret != 0 || ocall_status != SGX_SUCCESS) {
+		return ERR_CANNOT_SAVE_WALLET;
+	}
+
+
+	// 8. exit enclave
+	return RET_SUCCESS;
+}
+
+
+/**
+ * @brief      Removes an item from the wallet. The sizes/length of 
+ *             pointers need to be specified, otherwise SGX will
+ *             assume a count of 1 for all pointers.
+ *
+ */
+int ecall_remove_item(const char* master_password, const int index) {
+
+	//
+	// OVERVIEW: 
+	//	1. check index bounds
+	//	2. [ocall] load wallet
+	//	3. unseal wallet
+	//	4. verify master-password
+	//	5. remove item from the wallet
+	//	6. seal wallet
+	//	7. [ocall] save sealed wallet
+	//	8. exit enclave
+	//
+	//
+	sgx_status_t ocall_status, sealing_status;
+	int ocall_ret;
+
+
+
+	// 1. check index bounds
+	if (index < 0 || index >= MAX_ITEMS) {
+		return ERR_ITEM_DOES_NOT_EXIST;
+	}
+
+
+	// 2. load wallet
+	size_t sealed_size = sizeof(sgx_sealed_data_t) + sizeof(wallet_t);
+	uint8_t* sealed_data = (uint8_t*)malloc(sealed_size);
+	ocall_status = ocall_load_wallet(&ocall_ret, sealed_data, sealed_size);
+	if (ocall_ret != 0 || ocall_status != SGX_SUCCESS) {
+		free(sealed_data);
+		return ERR_CANNOT_LOAD_WALLET;
+	}
+
+
+	// 3. unseal wallet
+	uint32_t plaintext_size = sizeof(wallet_t);
+    wallet_t* wallet = (wallet_t*)malloc(plaintext_size);
+    sealing_status = unseal_wallet((sgx_sealed_data_t*)sealed_data, wallet, plaintext_size);
+    free(sealed_data);
+    if (sealing_status != SGX_SUCCESS) {
+    	free(wallet);
+		return ERR_FAIL_UNSEAL;
+    }
+
+
+	// 4. verify master-password
+	if (strcmp(wallet->master_password, master_password) != 0) {
+		free(wallet);
+		return ERR_WRONG_MASTER_PASSWORD;
+	}
+
+
+	// 5. remove item from the wallet
+	size_t wallet_size = wallet->size;
+	if (index >= wallet_size) {
+		free(wallet);
+		return ERR_ITEM_DOES_NOT_EXIST;
+	}
+	for (int i = index; i < wallet_size-1; ++i) {
+		wallet->items[i] = wallet->items[i+1];
+	}
+	--wallet->size;
+
+
+	// 6. seal wallet
+	sealed_data = (uint8_t*)malloc(sealed_size);
+    sealing_status = seal_wallet(wallet, (sgx_sealed_data_t*)sealed_data, sealed_size);
+    free(wallet);
+    if (sealing_status != SGX_SUCCESS) {
+		free(sealed_data);
+		return ERR_FAIL_SEAL;
+    }
+
+
+	// 7. save wallet
+	ocall_status = ocall_save_wallet(&ocall_ret, sealed_data, sealed_size);  
+	free(sealed_data);
+	if (ocall_ret != 0 || ocall_status != SGX_SUCCESS) {
+		return ERR_CANNOT_SAVE_WALLET;
+	}
+
+
+	// 8. exit enclave
+	return RET_SUCCESS;
+}
+

Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/enclave/enclave.edl

@@ -0,0 +1,53 @@
+enclave {
+
+    // includes
+    include "wallet.h"
+
+
+    // define ECALLs
+    trusted {
+
+        public int ecall_create_wallet(
+            [in, string]const char* master_password
+        );
+
+        public int ecall_show_wallet(
+            [in, string]const char* master_password, 
+            [out, size=wallet_size] wallet_t* wallet,
+            size_t wallet_size
+        );
+
+        public int ecall_change_master_password(
+            [in, string]const char* old_password, 
+            [in, string]const char* new_password
+        );
+
+        public int ecall_add_item(
+            [in, string]const char* master_password, 
+            [in, size=item_size]const item_t* item,
+            size_t item_size
+        );
+
+        public int ecall_remove_item(
+            [in, string]const char* master_password, 
+            int index
+        );
+    };
+
+
+    // define OCALLs
+    untrusted {
+    
+        int ocall_save_wallet(
+            [in, size=sealed_size]const uint8_t* sealed_data, 
+            size_t sealed_size
+        );
+
+        int ocall_load_wallet(
+            [out, size=sealed_size]uint8_t* sealed_data, 
+            size_t sealed_size
+        );
+
+        int ocall_is_wallet(void);
+    };
+};

Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/enclave/enclave_private.pem

@@ -0,0 +1,39 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIG4gIBAAKCAYEAroOogvsj/fZDZY8XFdkl6dJmky0lRvnWMmpeH41Bla6U1qLZ
+AmZuyIF+mQC/cgojIsrBMzBxb1kKqzATF4+XwPwgKz7fmiddmHyYz2WDJfAjIveJ
+ZjdMjM4+EytGlkkJ52T8V8ds0/L2qKexJ+NBLxkeQLfV8n1mIk7zX7jguwbCG1Pr
+nEMdJ3Sew20vnje+RsngAzdPChoJpVsWi/K7cettX/tbnre1DL02GXc5qJoQYk7b
+3zkmhz31TgFrd9VVtmUGyFXAysuSAb3EN+5VnHGr0xKkeg8utErea2FNtNIgua8H
+ONfm9Eiyaav1SVKzPHlyqLtcdxH3I8Wg7yqMsaprZ1n5A1v/levxnL8+It02KseD
+5HqV4rf/cImSlCt3lpRg8U5E1pyFQ2IVEC/XTDMiI3c+AR+w2jSRB3Bwn9zJtFlW
+KHG3m1xGI4ck+Lci1JvWWLXQagQSPtZTsubxTQNx1gsgZhgv1JHVZMdbVlAbbRMC
+1nSuJNl7KPAS/VfzAgEDAoIBgHRXxaynbVP5gkO0ug6Qw/E27wzIw4SmjsxG6Wpe
+K7kfDeRskKxESdsA/xCrKkwGwhcx1iIgS5+Qscd1Yg+1D9X9asd/P7waPmWoZd+Z
+AhlKwhdPsO7PiF3e1AzHhGQwsUTt/Y/aSI1MpHBvy2/s1h9mFCslOUxTmWw0oj/Q
+ldIEgWeNR72CE2+jFIJIyml6ftnb6qzPiga8Bm48ubKh0kvySOqnkmnPzgh+JBD6
+JnBmtZbfPT97bwTT+N6rnPqOOApvfHPf15kWI8yDbprG1l4OCUaIUH1AszxLd826
+5IPM+8gINLRDP1MA6azECPjTyHXhtnSIBZCyWSVkc05vYmNXYUNiXWMajcxW9M02
+wKzFELO8NCEAkaTPxwo4SCyIjUxiK1LbQ9h8PSy4c1+gGP4LAMR8xqP4QKg6zdu9
+osUGG/xRe/uufgTBFkcjqBHtK5L5VI0jeNIUAgW/6iNbYXjBMJ0GfauLs+g1VsOm
+WfdgXzsb9DYdMa0OXXHypmV4GwKBwQDUwQj8RKJ6c8cT4vcWCoJvJF00+RFL+P3i
+Gx2DLERxRrDa8AVGfqaCjsR+3vLgG8V/py+z+dxZYSqeB80Qeo6PDITcRKoeAYh9
+xlT3LJOS+k1cJcEmlbbO2IjLkTmzSwa80fWexKu8/Xv6vv15gpqYl1ngYoqJM3pd
+vzmTIOi7MKSZ0WmEQavrZj8zK4endE3v0eAEeQ55j1GImbypSf7Idh7wOXtjZ7WD
+Dg6yWDrri+AP/L3gClMj8wsAxMV4ZR8CgcEA0fzDHkFa6raVOxWnObmRoDhAtE0a
+cjUj976NM5yyfdf2MrKy4/RhdTiPZ6b08/lBC/+xRfV3xKVGzacm6QjqjZrUpgHC
+0LKiZaMtccCJjLtPwQd0jGQEnKfMFaPsnhOc5y8qVkCzVOSthY5qhz0XNotHHFmJ
+gffVgB0iqrMTvSL7IA2yqqpOqNRlhaYhNl8TiFP3gIeMtVa9rZy31JPgT2uJ+kfo
+gV7sdTPEjPWZd7OshGxWpT6QfVDj/T9T7L6tAoHBAI3WBf2DFvxNL2KXT2QHAZ9t
+k3imC4f7U+wSE6zILaDZyzygA4RUbwG0gv8/TJVn2P/Eynf76DuWHGlaiLWnCbSz
+Az2DHBQBBaku409zDQym3j1ugMRjzzSQWzJg0SIyBH3hTmnYcn3+Uqcp/lEBvGW6
+O+rsXFt3pukqJmIV8HzLGGaLm62BHUeZf3dyWm+i3p/hQAL7Xvu04QW70xuGqdr5
+afV7p5eaeQIJXyGQJ0eylV/90+qxjMKiB1XYg6WYvwKBwQCL/ddpgOdHJGN8uRom
+e7Zq0Csi3hGheMKlKbN3vcxT5U7MdyHtTZZOJbTvxKNNUNYH/8uD+PqDGNneb29G
+BfGzvI3EASyLIcGZF3OhKwZd0jUrWk2y7Vhob91jwp2+t73vdMbkKyI4mHOuXvGv
+fg95si9oO7EBT+Oqvhccd2J+F1IVXncccYnF4u5ZGWt5lLewN/pVr7MjjykeaHqN
+t+rfnQam2psA6fL4zS2zTmZPzR2tnY8Y1GBTi0Ko1OKd1HMCgcAb5cB/7/AQlhP9
+yQa04PLH9ygQkKKptZp7dy5WcWRx0K/hAHRoi2aw1wZqfm7VBNu2SLcs90kCCCxp
+6C5sfJi6b8NpNbIPC+sc9wsFr7pGo9SFzQ78UlcWYK2Gu2FxlMjonhka5hvo4zvg
+WxlpXKEkaFt3gLd92m/dMqBrHfafH7VwOJY2zT3WIpjwuk0ZzmRg5p0pG/svVQEH
+NZmwRwlopysbR69B/n1nefJ84UO50fLh5s5Zr3gBRwbWNZyzhXk=
+-----END RSA PRIVATE KEY-----

Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/enclave/sealing/sealing.cpp

@@ -0,0 +1,15 @@
+#include "enclave_t.h"
+#include "sgx_trts.h"
+#include "sgx_tseal.h"
+
+#include "wallet.h"
+#include "sealing.h"
+
+sgx_status_t seal_wallet(const wallet_t* wallet, sgx_sealed_data_t* sealed_data, size_t sealed_size) {
+    return sgx_seal_data(0, NULL, sizeof(wallet_t), (uint8_t*)wallet, sealed_size, sealed_data);
+}
+
+sgx_status_t unseal_wallet(const sgx_sealed_data_t* sealed_data, wallet_t* plaintext, uint32_t plaintext_size) {
+    return sgx_unseal_data(sealed_data, NULL, NULL, (uint8_t*)plaintext, &plaintext_size);
+}
+

Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/enclave/sealing/sealing.h

@@ -0,0 +1,16 @@
+#ifndef SEALING_H_
+#define SEALING_H_
+
+#include "sgx_trts.h"
+#include "sgx_tseal.h"
+
+#include "wallet.h"
+
+sgx_status_t seal_wallet(const wallet_t* plaintext, sgx_sealed_data_t* sealed_data, size_t sealed_size);
+
+sgx_status_t unseal_wallet(const sgx_sealed_data_t* sealed_data, wallet_t* plaintext, uint32_t plaintext_size);
+
+
+#endif // SEALING_H_
+
+