Compare commits
71 commits
Assignment
...
master
Author | SHA1 | Date | |
---|---|---|---|
|
2343da8d1e | ||
9acbc8be3e | |||
|
005d529757 | ||
f9258b4e55 | |||
|
ea22e2fb99 | ||
65ce338921 | |||
|
18cc163954 | ||
|
e8ad2e0abb | ||
|
d2f1a1e04b | ||
|
f9b49a2119 | ||
445e42f4d3 | |||
|
f54a8e5567 | ||
|
9879feb09b | ||
|
97f1ecfe9f | ||
|
fc0438e5dd | ||
|
ff8779256c | ||
|
f088d661af | ||
|
c9b6e749a7 | ||
|
00b8bf74af | ||
|
c1b780e41f | ||
|
10a1119eb4 | ||
|
3c3671a579 | ||
04fda7586f | |||
2829fdad19 | |||
c3c1de2811 | |||
|
1b83c83a4f | ||
b901e63f99 | |||
|
6a1ee981e1 | ||
|
83d943940c | ||
c1bdc5b079 | |||
|
90ea867646 | ||
|
a4303acdf6 | ||
36ce364e2d | |||
feb0bd1b73 | |||
|
9cd7ef8703 | ||
|
c99556a595 | ||
|
05ea23459f | ||
f573b0c28a | |||
|
bb11ef02e4 | ||
355e8560f6 | |||
|
e3daea6279 | ||
|
f865836630 | ||
|
3b2b203415 | ||
|
04e2894de0 | ||
|
c1351d4853 | ||
|
20529e2768 | ||
6d966e0b94 | |||
|
b41976a5ff | ||
|
79dbf59cee | ||
|
7dfa8b9e37 | ||
|
59e6be83c7 | ||
|
fd31523ce5 | ||
|
9364000b83 | ||
|
9cd8b37cc5 | ||
6779eb608e | |||
25a5ca3e2d | |||
|
0d6b13fafa | ||
|
7a592dc225 | ||
|
8da66bea12 | ||
|
3ea3076945 | ||
|
97dfb2b82e | ||
|
83ad706ad7 | ||
|
6aaaa3de9a | ||
|
cb380685a8 | ||
|
5e0d13b84e | ||
|
7ef4e42ef9 | ||
|
07254a8036 | ||
|
76d8d4a2f4 | ||
|
4a5261f6ec | ||
|
0023864b0a | ||
|
01182627e0 |
199 changed files with 2859 additions and 24221 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -24,7 +24,6 @@ dist/
|
||||||
downloads/
|
downloads/
|
||||||
eggs/
|
eggs/
|
||||||
.eggs/
|
.eggs/
|
||||||
lib/
|
|
||||||
lib64/
|
lib64/
|
||||||
parts/
|
parts/
|
||||||
sdist/
|
sdist/
|
||||||
|
|
674
Assignment 7 - SGX Hands-on/LICENSE
Normal file
674
Assignment 7 - SGX Hands-on/LICENSE
Normal file
|
@ -0,0 +1,674 @@
|
||||||
|
GNU GENERAL PUBLIC LICENSE
|
||||||
|
Version 3, 29 June 2007
|
||||||
|
|
||||||
|
Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
|
||||||
|
Everyone is permitted to copy and distribute verbatim copies
|
||||||
|
of this license document, but changing it is not allowed.
|
||||||
|
|
||||||
|
Preamble
|
||||||
|
|
||||||
|
The GNU General Public License is a free, copyleft license for
|
||||||
|
software and other kinds of works.
|
||||||
|
|
||||||
|
The licenses for most software and other practical works are designed
|
||||||
|
to take away your freedom to share and change the works. By contrast,
|
||||||
|
the GNU General Public License is intended to guarantee your freedom to
|
||||||
|
share and change all versions of a program--to make sure it remains free
|
||||||
|
software for all its users. We, the Free Software Foundation, use the
|
||||||
|
GNU General Public License for most of our software; it applies also to
|
||||||
|
any other work released this way by its authors. You can apply it to
|
||||||
|
your programs, too.
|
||||||
|
|
||||||
|
When we speak of free software, we are referring to freedom, not
|
||||||
|
price. Our General Public Licenses are designed to make sure that you
|
||||||
|
have the freedom to distribute copies of free software (and charge for
|
||||||
|
them if you wish), that you receive source code or can get it if you
|
||||||
|
want it, that you can change the software or use pieces of it in new
|
||||||
|
free programs, and that you know you can do these things.
|
||||||
|
|
||||||
|
To protect your rights, we need to prevent others from denying you
|
||||||
|
these rights or asking you to surrender the rights. Therefore, you have
|
||||||
|
certain responsibilities if you distribute copies of the software, or if
|
||||||
|
you modify it: responsibilities to respect the freedom of others.
|
||||||
|
|
||||||
|
For example, if you distribute copies of such a program, whether
|
||||||
|
gratis or for a fee, you must pass on to the recipients the same
|
||||||
|
freedoms that you received. You must make sure that they, too, receive
|
||||||
|
or can get the source code. And you must show them these terms so they
|
||||||
|
know their rights.
|
||||||
|
|
||||||
|
Developers that use the GNU GPL protect your rights with two steps:
|
||||||
|
(1) assert copyright on the software, and (2) offer you this License
|
||||||
|
giving you legal permission to copy, distribute and/or modify it.
|
||||||
|
|
||||||
|
For the developers' and authors' protection, the GPL clearly explains
|
||||||
|
that there is no warranty for this free software. For both users' and
|
||||||
|
authors' sake, the GPL requires that modified versions be marked as
|
||||||
|
changed, so that their problems will not be attributed erroneously to
|
||||||
|
authors of previous versions.
|
||||||
|
|
||||||
|
Some devices are designed to deny users access to install or run
|
||||||
|
modified versions of the software inside them, although the manufacturer
|
||||||
|
can do so. This is fundamentally incompatible with the aim of
|
||||||
|
protecting users' freedom to change the software. The systematic
|
||||||
|
pattern of such abuse occurs in the area of products for individuals to
|
||||||
|
use, which is precisely where it is most unacceptable. Therefore, we
|
||||||
|
have designed this version of the GPL to prohibit the practice for those
|
||||||
|
products. If such problems arise substantially in other domains, we
|
||||||
|
stand ready to extend this provision to those domains in future versions
|
||||||
|
of the GPL, as needed to protect the freedom of users.
|
||||||
|
|
||||||
|
Finally, every program is threatened constantly by software patents.
|
||||||
|
States should not allow patents to restrict development and use of
|
||||||
|
software on general-purpose computers, but in those that do, we wish to
|
||||||
|
avoid the special danger that patents applied to a free program could
|
||||||
|
make it effectively proprietary. To prevent this, the GPL assures that
|
||||||
|
patents cannot be used to render the program non-free.
|
||||||
|
|
||||||
|
The precise terms and conditions for copying, distribution and
|
||||||
|
modification follow.
|
||||||
|
|
||||||
|
TERMS AND CONDITIONS
|
||||||
|
|
||||||
|
0. Definitions.
|
||||||
|
|
||||||
|
"This License" refers to version 3 of the GNU General Public License.
|
||||||
|
|
||||||
|
"Copyright" also means copyright-like laws that apply to other kinds of
|
||||||
|
works, such as semiconductor masks.
|
||||||
|
|
||||||
|
"The Program" refers to any copyrightable work licensed under this
|
||||||
|
License. Each licensee is addressed as "you". "Licensees" and
|
||||||
|
"recipients" may be individuals or organizations.
|
||||||
|
|
||||||
|
To "modify" a work means to copy from or adapt all or part of the work
|
||||||
|
in a fashion requiring copyright permission, other than the making of an
|
||||||
|
exact copy. The resulting work is called a "modified version" of the
|
||||||
|
earlier work or a work "based on" the earlier work.
|
||||||
|
|
||||||
|
A "covered work" means either the unmodified Program or a work based
|
||||||
|
on the Program.
|
||||||
|
|
||||||
|
To "propagate" a work means to do anything with it that, without
|
||||||
|
permission, would make you directly or secondarily liable for
|
||||||
|
infringement under applicable copyright law, except executing it on a
|
||||||
|
computer or modifying a private copy. Propagation includes copying,
|
||||||
|
distribution (with or without modification), making available to the
|
||||||
|
public, and in some countries other activities as well.
|
||||||
|
|
||||||
|
To "convey" a work means any kind of propagation that enables other
|
||||||
|
parties to make or receive copies. Mere interaction with a user through
|
||||||
|
a computer network, with no transfer of a copy, is not conveying.
|
||||||
|
|
||||||
|
An interactive user interface displays "Appropriate Legal Notices"
|
||||||
|
to the extent that it includes a convenient and prominently visible
|
||||||
|
feature that (1) displays an appropriate copyright notice, and (2)
|
||||||
|
tells the user that there is no warranty for the work (except to the
|
||||||
|
extent that warranties are provided), that licensees may convey the
|
||||||
|
work under this License, and how to view a copy of this License. If
|
||||||
|
the interface presents a list of user commands or options, such as a
|
||||||
|
menu, a prominent item in the list meets this criterion.
|
||||||
|
|
||||||
|
1. Source Code.
|
||||||
|
|
||||||
|
The "source code" for a work means the preferred form of the work
|
||||||
|
for making modifications to it. "Object code" means any non-source
|
||||||
|
form of a work.
|
||||||
|
|
||||||
|
A "Standard Interface" means an interface that either is an official
|
||||||
|
standard defined by a recognized standards body, or, in the case of
|
||||||
|
interfaces specified for a particular programming language, one that
|
||||||
|
is widely used among developers working in that language.
|
||||||
|
|
||||||
|
The "System Libraries" of an executable work include anything, other
|
||||||
|
than the work as a whole, that (a) is included in the normal form of
|
||||||
|
packaging a Major Component, but which is not part of that Major
|
||||||
|
Component, and (b) serves only to enable use of the work with that
|
||||||
|
Major Component, or to implement a Standard Interface for which an
|
||||||
|
implementation is available to the public in source code form. A
|
||||||
|
"Major Component", in this context, means a major essential component
|
||||||
|
(kernel, window system, and so on) of the specific operating system
|
||||||
|
(if any) on which the executable work runs, or a compiler used to
|
||||||
|
produce the work, or an object code interpreter used to run it.
|
||||||
|
|
||||||
|
The "Corresponding Source" for a work in object code form means all
|
||||||
|
the source code needed to generate, install, and (for an executable
|
||||||
|
work) run the object code and to modify the work, including scripts to
|
||||||
|
control those activities. However, it does not include the work's
|
||||||
|
System Libraries, or general-purpose tools or generally available free
|
||||||
|
programs which are used unmodified in performing those activities but
|
||||||
|
which are not part of the work. For example, Corresponding Source
|
||||||
|
includes interface definition files associated with source files for
|
||||||
|
the work, and the source code for shared libraries and dynamically
|
||||||
|
linked subprograms that the work is specifically designed to require,
|
||||||
|
such as by intimate data communication or control flow between those
|
||||||
|
subprograms and other parts of the work.
|
||||||
|
|
||||||
|
The Corresponding Source need not include anything that users
|
||||||
|
can regenerate automatically from other parts of the Corresponding
|
||||||
|
Source.
|
||||||
|
|
||||||
|
The Corresponding Source for a work in source code form is that
|
||||||
|
same work.
|
||||||
|
|
||||||
|
2. Basic Permissions.
|
||||||
|
|
||||||
|
All rights granted under this License are granted for the term of
|
||||||
|
copyright on the Program, and are irrevocable provided the stated
|
||||||
|
conditions are met. This License explicitly affirms your unlimited
|
||||||
|
permission to run the unmodified Program. The output from running a
|
||||||
|
covered work is covered by this License only if the output, given its
|
||||||
|
content, constitutes a covered work. This License acknowledges your
|
||||||
|
rights of fair use or other equivalent, as provided by copyright law.
|
||||||
|
|
||||||
|
You may make, run and propagate covered works that you do not
|
||||||
|
convey, without conditions so long as your license otherwise remains
|
||||||
|
in force. You may convey covered works to others for the sole purpose
|
||||||
|
of having them make modifications exclusively for you, or provide you
|
||||||
|
with facilities for running those works, provided that you comply with
|
||||||
|
the terms of this License in conveying all material for which you do
|
||||||
|
not control copyright. Those thus making or running the covered works
|
||||||
|
for you must do so exclusively on your behalf, under your direction
|
||||||
|
and control, on terms that prohibit them from making any copies of
|
||||||
|
your copyrighted material outside their relationship with you.
|
||||||
|
|
||||||
|
Conveying under any other circumstances is permitted solely under
|
||||||
|
the conditions stated below. Sublicensing is not allowed; section 10
|
||||||
|
makes it unnecessary.
|
||||||
|
|
||||||
|
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
|
||||||
|
|
||||||
|
No covered work shall be deemed part of an effective technological
|
||||||
|
measure under any applicable law fulfilling obligations under article
|
||||||
|
11 of the WIPO copyright treaty adopted on 20 December 1996, or
|
||||||
|
similar laws prohibiting or restricting circumvention of such
|
||||||
|
measures.
|
||||||
|
|
||||||
|
When you convey a covered work, you waive any legal power to forbid
|
||||||
|
circumvention of technological measures to the extent such circumvention
|
||||||
|
is effected by exercising rights under this License with respect to
|
||||||
|
the covered work, and you disclaim any intention to limit operation or
|
||||||
|
modification of the work as a means of enforcing, against the work's
|
||||||
|
users, your or third parties' legal rights to forbid circumvention of
|
||||||
|
technological measures.
|
||||||
|
|
||||||
|
4. Conveying Verbatim Copies.
|
||||||
|
|
||||||
|
You may convey verbatim copies of the Program's source code as you
|
||||||
|
receive it, in any medium, provided that you conspicuously and
|
||||||
|
appropriately publish on each copy an appropriate copyright notice;
|
||||||
|
keep intact all notices stating that this License and any
|
||||||
|
non-permissive terms added in accord with section 7 apply to the code;
|
||||||
|
keep intact all notices of the absence of any warranty; and give all
|
||||||
|
recipients a copy of this License along with the Program.
|
||||||
|
|
||||||
|
You may charge any price or no price for each copy that you convey,
|
||||||
|
and you may offer support or warranty protection for a fee.
|
||||||
|
|
||||||
|
5. Conveying Modified Source Versions.
|
||||||
|
|
||||||
|
You may convey a work based on the Program, or the modifications to
|
||||||
|
produce it from the Program, in the form of source code under the
|
||||||
|
terms of section 4, provided that you also meet all of these conditions:
|
||||||
|
|
||||||
|
a) The work must carry prominent notices stating that you modified
|
||||||
|
it, and giving a relevant date.
|
||||||
|
|
||||||
|
b) The work must carry prominent notices stating that it is
|
||||||
|
released under this License and any conditions added under section
|
||||||
|
7. This requirement modifies the requirement in section 4 to
|
||||||
|
"keep intact all notices".
|
||||||
|
|
||||||
|
c) You must license the entire work, as a whole, under this
|
||||||
|
License to anyone who comes into possession of a copy. This
|
||||||
|
License will therefore apply, along with any applicable section 7
|
||||||
|
additional terms, to the whole of the work, and all its parts,
|
||||||
|
regardless of how they are packaged. This License gives no
|
||||||
|
permission to license the work in any other way, but it does not
|
||||||
|
invalidate such permission if you have separately received it.
|
||||||
|
|
||||||
|
d) If the work has interactive user interfaces, each must display
|
||||||
|
Appropriate Legal Notices; however, if the Program has interactive
|
||||||
|
interfaces that do not display Appropriate Legal Notices, your
|
||||||
|
work need not make them do so.
|
||||||
|
|
||||||
|
A compilation of a covered work with other separate and independent
|
||||||
|
works, which are not by their nature extensions of the covered work,
|
||||||
|
and which are not combined with it such as to form a larger program,
|
||||||
|
in or on a volume of a storage or distribution medium, is called an
|
||||||
|
"aggregate" if the compilation and its resulting copyright are not
|
||||||
|
used to limit the access or legal rights of the compilation's users
|
||||||
|
beyond what the individual works permit. Inclusion of a covered work
|
||||||
|
in an aggregate does not cause this License to apply to the other
|
||||||
|
parts of the aggregate.
|
||||||
|
|
||||||
|
6. Conveying Non-Source Forms.
|
||||||
|
|
||||||
|
You may convey a covered work in object code form under the terms
|
||||||
|
of sections 4 and 5, provided that you also convey the
|
||||||
|
machine-readable Corresponding Source under the terms of this License,
|
||||||
|
in one of these ways:
|
||||||
|
|
||||||
|
a) Convey the object code in, or embodied in, a physical product
|
||||||
|
(including a physical distribution medium), accompanied by the
|
||||||
|
Corresponding Source fixed on a durable physical medium
|
||||||
|
customarily used for software interchange.
|
||||||
|
|
||||||
|
b) Convey the object code in, or embodied in, a physical product
|
||||||
|
(including a physical distribution medium), accompanied by a
|
||||||
|
written offer, valid for at least three years and valid for as
|
||||||
|
long as you offer spare parts or customer support for that product
|
||||||
|
model, to give anyone who possesses the object code either (1) a
|
||||||
|
copy of the Corresponding Source for all the software in the
|
||||||
|
product that is covered by this License, on a durable physical
|
||||||
|
medium customarily used for software interchange, for a price no
|
||||||
|
more than your reasonable cost of physically performing this
|
||||||
|
conveying of source, or (2) access to copy the
|
||||||
|
Corresponding Source from a network server at no charge.
|
||||||
|
|
||||||
|
c) Convey individual copies of the object code with a copy of the
|
||||||
|
written offer to provide the Corresponding Source. This
|
||||||
|
alternative is allowed only occasionally and noncommercially, and
|
||||||
|
only if you received the object code with such an offer, in accord
|
||||||
|
with subsection 6b.
|
||||||
|
|
||||||
|
d) Convey the object code by offering access from a designated
|
||||||
|
place (gratis or for a charge), and offer equivalent access to the
|
||||||
|
Corresponding Source in the same way through the same place at no
|
||||||
|
further charge. You need not require recipients to copy the
|
||||||
|
Corresponding Source along with the object code. If the place to
|
||||||
|
copy the object code is a network server, the Corresponding Source
|
||||||
|
may be on a different server (operated by you or a third party)
|
||||||
|
that supports equivalent copying facilities, provided you maintain
|
||||||
|
clear directions next to the object code saying where to find the
|
||||||
|
Corresponding Source. Regardless of what server hosts the
|
||||||
|
Corresponding Source, you remain obligated to ensure that it is
|
||||||
|
available for as long as needed to satisfy these requirements.
|
||||||
|
|
||||||
|
e) Convey the object code using peer-to-peer transmission, provided
|
||||||
|
you inform other peers where the object code and Corresponding
|
||||||
|
Source of the work are being offered to the general public at no
|
||||||
|
charge under subsection 6d.
|
||||||
|
|
||||||
|
A separable portion of the object code, whose source code is excluded
|
||||||
|
from the Corresponding Source as a System Library, need not be
|
||||||
|
included in conveying the object code work.
|
||||||
|
|
||||||
|
A "User Product" is either (1) a "consumer product", which means any
|
||||||
|
tangible personal property which is normally used for personal, family,
|
||||||
|
or household purposes, or (2) anything designed or sold for incorporation
|
||||||
|
into a dwelling. In determining whether a product is a consumer product,
|
||||||
|
doubtful cases shall be resolved in favor of coverage. For a particular
|
||||||
|
product received by a particular user, "normally used" refers to a
|
||||||
|
typical or common use of that class of product, regardless of the status
|
||||||
|
of the particular user or of the way in which the particular user
|
||||||
|
actually uses, or expects or is expected to use, the product. A product
|
||||||
|
is a consumer product regardless of whether the product has substantial
|
||||||
|
commercial, industrial or non-consumer uses, unless such uses represent
|
||||||
|
the only significant mode of use of the product.
|
||||||
|
|
||||||
|
"Installation Information" for a User Product means any methods,
|
||||||
|
procedures, authorization keys, or other information required to install
|
||||||
|
and execute modified versions of a covered work in that User Product from
|
||||||
|
a modified version of its Corresponding Source. The information must
|
||||||
|
suffice to ensure that the continued functioning of the modified object
|
||||||
|
code is in no case prevented or interfered with solely because
|
||||||
|
modification has been made.
|
||||||
|
|
||||||
|
If you convey an object code work under this section in, or with, or
|
||||||
|
specifically for use in, a User Product, and the conveying occurs as
|
||||||
|
part of a transaction in which the right of possession and use of the
|
||||||
|
User Product is transferred to the recipient in perpetuity or for a
|
||||||
|
fixed term (regardless of how the transaction is characterized), the
|
||||||
|
Corresponding Source conveyed under this section must be accompanied
|
||||||
|
by the Installation Information. But this requirement does not apply
|
||||||
|
if neither you nor any third party retains the ability to install
|
||||||
|
modified object code on the User Product (for example, the work has
|
||||||
|
been installed in ROM).
|
||||||
|
|
||||||
|
The requirement to provide Installation Information does not include a
|
||||||
|
requirement to continue to provide support service, warranty, or updates
|
||||||
|
for a work that has been modified or installed by the recipient, or for
|
||||||
|
the User Product in which it has been modified or installed. Access to a
|
||||||
|
network may be denied when the modification itself materially and
|
||||||
|
adversely affects the operation of the network or violates the rules and
|
||||||
|
protocols for communication across the network.
|
||||||
|
|
||||||
|
Corresponding Source conveyed, and Installation Information provided,
|
||||||
|
in accord with this section must be in a format that is publicly
|
||||||
|
documented (and with an implementation available to the public in
|
||||||
|
source code form), and must require no special password or key for
|
||||||
|
unpacking, reading or copying.
|
||||||
|
|
||||||
|
7. Additional Terms.
|
||||||
|
|
||||||
|
"Additional permissions" are terms that supplement the terms of this
|
||||||
|
License by making exceptions from one or more of its conditions.
|
||||||
|
Additional permissions that are applicable to the entire Program shall
|
||||||
|
be treated as though they were included in this License, to the extent
|
||||||
|
that they are valid under applicable law. If additional permissions
|
||||||
|
apply only to part of the Program, that part may be used separately
|
||||||
|
under those permissions, but the entire Program remains governed by
|
||||||
|
this License without regard to the additional permissions.
|
||||||
|
|
||||||
|
When you convey a copy of a covered work, you may at your option
|
||||||
|
remove any additional permissions from that copy, or from any part of
|
||||||
|
it. (Additional permissions may be written to require their own
|
||||||
|
removal in certain cases when you modify the work.) You may place
|
||||||
|
additional permissions on material, added by you to a covered work,
|
||||||
|
for which you have or can give appropriate copyright permission.
|
||||||
|
|
||||||
|
Notwithstanding any other provision of this License, for material you
|
||||||
|
add to a covered work, you may (if authorized by the copyright holders of
|
||||||
|
that material) supplement the terms of this License with terms:
|
||||||
|
|
||||||
|
a) Disclaiming warranty or limiting liability differently from the
|
||||||
|
terms of sections 15 and 16 of this License; or
|
||||||
|
|
||||||
|
b) Requiring preservation of specified reasonable legal notices or
|
||||||
|
author attributions in that material or in the Appropriate Legal
|
||||||
|
Notices displayed by works containing it; or
|
||||||
|
|
||||||
|
c) Prohibiting misrepresentation of the origin of that material, or
|
||||||
|
requiring that modified versions of such material be marked in
|
||||||
|
reasonable ways as different from the original version; or
|
||||||
|
|
||||||
|
d) Limiting the use for publicity purposes of names of licensors or
|
||||||
|
authors of the material; or
|
||||||
|
|
||||||
|
e) Declining to grant rights under trademark law for use of some
|
||||||
|
trade names, trademarks, or service marks; or
|
||||||
|
|
||||||
|
f) Requiring indemnification of licensors and authors of that
|
||||||
|
material by anyone who conveys the material (or modified versions of
|
||||||
|
it) with contractual assumptions of liability to the recipient, for
|
||||||
|
any liability that these contractual assumptions directly impose on
|
||||||
|
those licensors and authors.
|
||||||
|
|
||||||
|
All other non-permissive additional terms are considered "further
|
||||||
|
restrictions" within the meaning of section 10. If the Program as you
|
||||||
|
received it, or any part of it, contains a notice stating that it is
|
||||||
|
governed by this License along with a term that is a further
|
||||||
|
restriction, you may remove that term. If a license document contains
|
||||||
|
a further restriction but permits relicensing or conveying under this
|
||||||
|
License, you may add to a covered work material governed by the terms
|
||||||
|
of that license document, provided that the further restriction does
|
||||||
|
not survive such relicensing or conveying.
|
||||||
|
|
||||||
|
If you add terms to a covered work in accord with this section, you
|
||||||
|
must place, in the relevant source files, a statement of the
|
||||||
|
additional terms that apply to those files, or a notice indicating
|
||||||
|
where to find the applicable terms.
|
||||||
|
|
||||||
|
Additional terms, permissive or non-permissive, may be stated in the
|
||||||
|
form of a separately written license, or stated as exceptions;
|
||||||
|
the above requirements apply either way.
|
||||||
|
|
||||||
|
8. Termination.
|
||||||
|
|
||||||
|
You may not propagate or modify a covered work except as expressly
|
||||||
|
provided under this License. Any attempt otherwise to propagate or
|
||||||
|
modify it is void, and will automatically terminate your rights under
|
||||||
|
this License (including any patent licenses granted under the third
|
||||||
|
paragraph of section 11).
|
||||||
|
|
||||||
|
However, if you cease all violation of this License, then your
|
||||||
|
license from a particular copyright holder is reinstated (a)
|
||||||
|
provisionally, unless and until the copyright holder explicitly and
|
||||||
|
finally terminates your license, and (b) permanently, if the copyright
|
||||||
|
holder fails to notify you of the violation by some reasonable means
|
||||||
|
prior to 60 days after the cessation.
|
||||||
|
|
||||||
|
Moreover, your license from a particular copyright holder is
|
||||||
|
reinstated permanently if the copyright holder notifies you of the
|
||||||
|
violation by some reasonable means, this is the first time you have
|
||||||
|
received notice of violation of this License (for any work) from that
|
||||||
|
copyright holder, and you cure the violation prior to 30 days after
|
||||||
|
your receipt of the notice.
|
||||||
|
|
||||||
|
Termination of your rights under this section does not terminate the
|
||||||
|
licenses of parties who have received copies or rights from you under
|
||||||
|
this License. If your rights have been terminated and not permanently
|
||||||
|
reinstated, you do not qualify to receive new licenses for the same
|
||||||
|
material under section 10.
|
||||||
|
|
||||||
|
9. Acceptance Not Required for Having Copies.
|
||||||
|
|
||||||
|
You are not required to accept this License in order to receive or
|
||||||
|
run a copy of the Program. Ancillary propagation of a covered work
|
||||||
|
occurring solely as a consequence of using peer-to-peer transmission
|
||||||
|
to receive a copy likewise does not require acceptance. However,
|
||||||
|
nothing other than this License grants you permission to propagate or
|
||||||
|
modify any covered work. These actions infringe copyright if you do
|
||||||
|
not accept this License. Therefore, by modifying or propagating a
|
||||||
|
covered work, you indicate your acceptance of this License to do so.
|
||||||
|
|
||||||
|
10. Automatic Licensing of Downstream Recipients.
|
||||||
|
|
||||||
|
Each time you convey a covered work, the recipient automatically
|
||||||
|
receives a license from the original licensors, to run, modify and
|
||||||
|
propagate that work, subject to this License. You are not responsible
|
||||||
|
for enforcing compliance by third parties with this License.
|
||||||
|
|
||||||
|
An "entity transaction" is a transaction transferring control of an
|
||||||
|
organization, or substantially all assets of one, or subdividing an
|
||||||
|
organization, or merging organizations. If propagation of a covered
|
||||||
|
work results from an entity transaction, each party to that
|
||||||
|
transaction who receives a copy of the work also receives whatever
|
||||||
|
licenses to the work the party's predecessor in interest had or could
|
||||||
|
give under the previous paragraph, plus a right to possession of the
|
||||||
|
Corresponding Source of the work from the predecessor in interest, if
|
||||||
|
the predecessor has it or can get it with reasonable efforts.
|
||||||
|
|
||||||
|
You may not impose any further restrictions on the exercise of the
|
||||||
|
rights granted or affirmed under this License. For example, you may
|
||||||
|
not impose a license fee, royalty, or other charge for exercise of
|
||||||
|
rights granted under this License, and you may not initiate litigation
|
||||||
|
(including a cross-claim or counterclaim in a lawsuit) alleging that
|
||||||
|
any patent claim is infringed by making, using, selling, offering for
|
||||||
|
sale, or importing the Program or any portion of it.
|
||||||
|
|
||||||
|
11. Patents.
|
||||||
|
|
||||||
|
A "contributor" is a copyright holder who authorizes use under this
|
||||||
|
License of the Program or a work on which the Program is based. The
|
||||||
|
work thus licensed is called the contributor's "contributor version".
|
||||||
|
|
||||||
|
A contributor's "essential patent claims" are all patent claims
|
||||||
|
owned or controlled by the contributor, whether already acquired or
|
||||||
|
hereafter acquired, that would be infringed by some manner, permitted
|
||||||
|
by this License, of making, using, or selling its contributor version,
|
||||||
|
but do not include claims that would be infringed only as a
|
||||||
|
consequence of further modification of the contributor version. For
|
||||||
|
purposes of this definition, "control" includes the right to grant
|
||||||
|
patent sublicenses in a manner consistent with the requirements of
|
||||||
|
this License.
|
||||||
|
|
||||||
|
Each contributor grants you a non-exclusive, worldwide, royalty-free
|
||||||
|
patent license under the contributor's essential patent claims, to
|
||||||
|
make, use, sell, offer for sale, import and otherwise run, modify and
|
||||||
|
propagate the contents of its contributor version.
|
||||||
|
|
||||||
|
In the following three paragraphs, a "patent license" is any express
|
||||||
|
agreement or commitment, however denominated, not to enforce a patent
|
||||||
|
(such as an express permission to practice a patent or covenant not to
|
||||||
|
sue for patent infringement). To "grant" such a patent license to a
|
||||||
|
party means to make such an agreement or commitment not to enforce a
|
||||||
|
patent against the party.
|
||||||
|
|
||||||
|
If you convey a covered work, knowingly relying on a patent license,
|
||||||
|
and the Corresponding Source of the work is not available for anyone
|
||||||
|
to copy, free of charge and under the terms of this License, through a
|
||||||
|
publicly available network server or other readily accessible means,
|
||||||
|
then you must either (1) cause the Corresponding Source to be so
|
||||||
|
available, or (2) arrange to deprive yourself of the benefit of the
|
||||||
|
patent license for this particular work, or (3) arrange, in a manner
|
||||||
|
consistent with the requirements of this License, to extend the patent
|
||||||
|
license to downstream recipients. "Knowingly relying" means you have
|
||||||
|
actual knowledge that, but for the patent license, your conveying the
|
||||||
|
covered work in a country, or your recipient's use of the covered work
|
||||||
|
in a country, would infringe one or more identifiable patents in that
|
||||||
|
country that you have reason to believe are valid.
|
||||||
|
|
||||||
|
If, pursuant to or in connection with a single transaction or
|
||||||
|
arrangement, you convey, or propagate by procuring conveyance of, a
|
||||||
|
covered work, and grant a patent license to some of the parties
|
||||||
|
receiving the covered work authorizing them to use, propagate, modify
|
||||||
|
or convey a specific copy of the covered work, then the patent license
|
||||||
|
you grant is automatically extended to all recipients of the covered
|
||||||
|
work and works based on it.
|
||||||
|
|
||||||
|
A patent license is "discriminatory" if it does not include within
|
||||||
|
the scope of its coverage, prohibits the exercise of, or is
|
||||||
|
conditioned on the non-exercise of one or more of the rights that are
|
||||||
|
specifically granted under this License. You may not convey a covered
|
||||||
|
work if you are a party to an arrangement with a third party that is
|
||||||
|
in the business of distributing software, under which you make payment
|
||||||
|
to the third party based on the extent of your activity of conveying
|
||||||
|
the work, and under which the third party grants, to any of the
|
||||||
|
parties who would receive the covered work from you, a discriminatory
|
||||||
|
patent license (a) in connection with copies of the covered work
|
||||||
|
conveyed by you (or copies made from those copies), or (b) primarily
|
||||||
|
for and in connection with specific products or compilations that
|
||||||
|
contain the covered work, unless you entered into that arrangement,
|
||||||
|
or that patent license was granted, prior to 28 March 2007.
|
||||||
|
|
||||||
|
Nothing in this License shall be construed as excluding or limiting
|
||||||
|
any implied license or other defenses to infringement that may
|
||||||
|
otherwise be available to you under applicable patent law.
|
||||||
|
|
||||||
|
12. No Surrender of Others' Freedom.
|
||||||
|
|
||||||
|
If conditions are imposed on you (whether by court order, agreement or
|
||||||
|
otherwise) that contradict the conditions of this License, they do not
|
||||||
|
excuse you from the conditions of this License. If you cannot convey a
|
||||||
|
covered work so as to satisfy simultaneously your obligations under this
|
||||||
|
License and any other pertinent obligations, then as a consequence you may
|
||||||
|
not convey it at all. For example, if you agree to terms that obligate you
|
||||||
|
to collect a royalty for further conveying from those to whom you convey
|
||||||
|
the Program, the only way you could satisfy both those terms and this
|
||||||
|
License would be to refrain entirely from conveying the Program.
|
||||||
|
|
||||||
|
13. Use with the GNU Affero General Public License.
|
||||||
|
|
||||||
|
Notwithstanding any other provision of this License, you have
|
||||||
|
permission to link or combine any covered work with a work licensed
|
||||||
|
under version 3 of the GNU Affero General Public License into a single
|
||||||
|
combined work, and to convey the resulting work. The terms of this
|
||||||
|
License will continue to apply to the part which is the covered work,
|
||||||
|
but the special requirements of the GNU Affero General Public License,
|
||||||
|
section 13, concerning interaction through a network will apply to the
|
||||||
|
combination as such.
|
||||||
|
|
||||||
|
14. Revised Versions of this License.
|
||||||
|
|
||||||
|
The Free Software Foundation may publish revised and/or new versions of
|
||||||
|
the GNU General Public License from time to time. Such new versions will
|
||||||
|
be similar in spirit to the present version, but may differ in detail to
|
||||||
|
address new problems or concerns.
|
||||||
|
|
||||||
|
Each version is given a distinguishing version number. If the
|
||||||
|
Program specifies that a certain numbered version of the GNU General
|
||||||
|
Public License "or any later version" applies to it, you have the
|
||||||
|
option of following the terms and conditions either of that numbered
|
||||||
|
version or of any later version published by the Free Software
|
||||||
|
Foundation. If the Program does not specify a version number of the
|
||||||
|
GNU General Public License, you may choose any version ever published
|
||||||
|
by the Free Software Foundation.
|
||||||
|
|
||||||
|
If the Program specifies that a proxy can decide which future
|
||||||
|
versions of the GNU General Public License can be used, that proxy's
|
||||||
|
public statement of acceptance of a version permanently authorizes you
|
||||||
|
to choose that version for the Program.
|
||||||
|
|
||||||
|
Later license versions may give you additional or different
|
||||||
|
permissions. However, no additional obligations are imposed on any
|
||||||
|
author or copyright holder as a result of your choosing to follow a
|
||||||
|
later version.
|
||||||
|
|
||||||
|
15. Disclaimer of Warranty.
|
||||||
|
|
||||||
|
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
|
||||||
|
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
|
||||||
|
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
|
||||||
|
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
|
||||||
|
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||||
|
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
|
||||||
|
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
|
||||||
|
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
|
||||||
|
|
||||||
|
16. Limitation of Liability.
|
||||||
|
|
||||||
|
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
|
||||||
|
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
|
||||||
|
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
|
||||||
|
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
|
||||||
|
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
|
||||||
|
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
|
||||||
|
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
|
||||||
|
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
|
||||||
|
SUCH DAMAGES.
|
||||||
|
|
||||||
|
17. Interpretation of Sections 15 and 16.
|
||||||
|
|
||||||
|
If the disclaimer of warranty and limitation of liability provided
|
||||||
|
above cannot be given local legal effect according to their terms,
|
||||||
|
reviewing courts shall apply local law that most closely approximates
|
||||||
|
an absolute waiver of all civil liability in connection with the
|
||||||
|
Program, unless a warranty or assumption of liability accompanies a
|
||||||
|
copy of the Program in return for a fee.
|
||||||
|
|
||||||
|
END OF TERMS AND CONDITIONS
|
||||||
|
|
||||||
|
How to Apply These Terms to Your New Programs
|
||||||
|
|
||||||
|
If you develop a new program, and you want it to be of the greatest
|
||||||
|
possible use to the public, the best way to achieve this is to make it
|
||||||
|
free software which everyone can redistribute and change under these terms.
|
||||||
|
|
||||||
|
To do so, attach the following notices to the program. It is safest
|
||||||
|
to attach them to the start of each source file to most effectively
|
||||||
|
state the exclusion of warranty; and each file should have at least
|
||||||
|
the "copyright" line and a pointer to where the full notice is found.
|
||||||
|
|
||||||
|
<one line to give the program's name and a brief idea of what it does.>
|
||||||
|
Copyright (C) <year> <name of author>
|
||||||
|
|
||||||
|
This program is free software: you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation, either version 3 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
Also add information on how to contact you by electronic and paper mail.
|
||||||
|
|
||||||
|
If the program does terminal interaction, make it output a short
|
||||||
|
notice like this when it starts in an interactive mode:
|
||||||
|
|
||||||
|
<program> Copyright (C) <year> <name of author>
|
||||||
|
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
|
||||||
|
This is free software, and you are welcome to redistribute it
|
||||||
|
under certain conditions; type `show c' for details.
|
||||||
|
|
||||||
|
The hypothetical commands `show w' and `show c' should show the appropriate
|
||||||
|
parts of the General Public License. Of course, your program's commands
|
||||||
|
might be different; for a GUI interface, you would use an "about box".
|
||||||
|
|
||||||
|
You should also get your employer (if you work as a programmer) or school,
|
||||||
|
if any, to sign a "copyright disclaimer" for the program, if necessary.
|
||||||
|
For more information on this, and how to apply and follow the GNU GPL, see
|
||||||
|
<https://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
|
The GNU General Public License does not permit incorporating your program
|
||||||
|
into proprietary programs. If your program is a subroutine library, you
|
||||||
|
may consider it more useful to permit linking proprietary applications with
|
||||||
|
the library. If this is what you want to do, use the GNU Lesser General
|
||||||
|
Public License instead of this License. But first, please read
|
||||||
|
<https://www.gnu.org/licenses/why-not-lgpl.html>.
|
75
Assignment 7 - SGX Hands-on/README.md
Normal file
75
Assignment 7 - SGX Hands-on/README.md
Normal file
|
@ -0,0 +1,75 @@
|
||||||
|
# Signature Relay for firmware
|
||||||
|
|
||||||
|
Documentation of the Assignment 7 in Systems Security at Ruhr-Universität Bochum.
|
||||||
|
This is a program, that uses a TEE to build a signature relay to sign firmware with a master key.
|
||||||
|
For more informationm, read the [project description](doc/abgabe.pdf).
|
||||||
|
|
||||||
|
We recommend viewing the [repository](https://git.pfzetto.de/RubNoobs/Systemsicherheit/src/branch/master/Assignment%207%20-%20SGX%20Hands-on) we worked on together at.
|
||||||
|
|
||||||
|
## Requirements
|
||||||
|
|
||||||
|
You will need the latest version of OpenSSL.
|
||||||
|
Execute the following command inside the src directory to automatically meet all requirements.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
$ ./setup
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
## Compiling
|
||||||
|
|
||||||
|
This project can be compiled for simulation environments or directly on the hardware.
|
||||||
|
|
||||||
|
1. **Simulated environment**
|
||||||
|
|
||||||
|
In the src directory type the command
|
||||||
|
|
||||||
|
```bash
|
||||||
|
$ make SGX_MODE=SIM
|
||||||
|
```
|
||||||
|
|
||||||
|
2. **Hardware**
|
||||||
|
|
||||||
|
In the src directory type the command
|
||||||
|
|
||||||
|
```bash
|
||||||
|
$ make
|
||||||
|
```
|
||||||
|
|
||||||
|
That creates all the necessary objects and binaries to execute.
|
||||||
|
The executable binary will be `src/signatureproxy`.
|
||||||
|
|
||||||
|
## Running
|
||||||
|
|
||||||
|
## Running story
|
||||||
|
|
||||||
|
To execute an example usage of the project, execute `./simulate` in src directory.
|
||||||
|
Note, that this will only work, if you sucessfully compiled the project.
|
||||||
|
|
||||||
|
## Manual Usage
|
||||||
|
|
||||||
|
### Setup
|
||||||
|
|
||||||
|
Go to the `src` directory.
|
||||||
|
|
||||||
|
Initialize the Enclave keypair by executing:
|
||||||
|
`./signatureproxy proxysetup -pkey <sealed_proxy_key.bin> > <proxy_public_key.pem>`
|
||||||
|
|
||||||
|
### Sign
|
||||||
|
1. Create employee signature using `./signatureproxy employee -firm <firmware.bin> -ekey <employee_privat_key.pem> > <employee_signature.der>`
|
||||||
|
This step can also be done using OpenSSL: `openssl dgst -sha256 -sign <employee_private_key.pem> -out <employee_signature.der> -in <firmware.bin>`
|
||||||
|
2. Use the signature proxy to resign the firmware using `./signatureproxy proxy -pkey <sealed_proxy_key.bin> -epub <employee_public_key.der> -firm <firmware.bin> > <proxy_signature.der>`
|
||||||
|
The enclave verifies the employee signature and signs the firmware if the signature is valid.
|
||||||
|
3. Verify signature using `cat <proxy_signature.der> | ./signatureproxy embedded -firm <firmware.bin> -ppub <proxy_public_key.pem>`
|
||||||
|
This step can also be done using OpenSSL: `openssl dgst -sha256 -verify <proxy_public_key.pem> -signature <proxy-signature.der> <firmware.bin>`
|
||||||
|
|
||||||
|
|
||||||
|
## License
|
||||||
|
|
||||||
|
Everything we did ourselves is licensed under the [GNU GPLv3 License](./LICENSE)
|
||||||
|
|
||||||
|
## Contributors
|
||||||
|
|
||||||
|
- Benjamin Haschka
|
||||||
|
- Sascha Tommasone
|
||||||
|
- Paul Zinselmeyer
|
|
@ -1,252 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <assert.h>
|
|
||||||
|
|
||||||
# include <unistd.h>
|
|
||||||
# include <pwd.h>
|
|
||||||
# define MAX_PATH FILENAME_MAX
|
|
||||||
|
|
||||||
#include "sgx_urts.h"
|
|
||||||
#include "App.h"
|
|
||||||
#include "Enclave_u.h"
|
|
||||||
|
|
||||||
/* Global EID shared by multiple threads */
|
|
||||||
sgx_enclave_id_t global_eid = 0;
|
|
||||||
|
|
||||||
typedef struct _sgx_errlist_t {
|
|
||||||
sgx_status_t err;
|
|
||||||
const char *msg;
|
|
||||||
const char *sug; /* Suggestion */
|
|
||||||
} sgx_errlist_t;
|
|
||||||
|
|
||||||
/* Error code returned by sgx_create_enclave */
|
|
||||||
static sgx_errlist_t sgx_errlist[] = {
|
|
||||||
{
|
|
||||||
SGX_ERROR_UNEXPECTED,
|
|
||||||
"Unexpected error occurred.",
|
|
||||||
NULL
|
|
||||||
},
|
|
||||||
{
|
|
||||||
SGX_ERROR_INVALID_PARAMETER,
|
|
||||||
"Invalid parameter.",
|
|
||||||
NULL
|
|
||||||
},
|
|
||||||
{
|
|
||||||
SGX_ERROR_OUT_OF_MEMORY,
|
|
||||||
"Out of memory.",
|
|
||||||
NULL
|
|
||||||
},
|
|
||||||
{
|
|
||||||
SGX_ERROR_ENCLAVE_LOST,
|
|
||||||
"Power transition occurred.",
|
|
||||||
"Please refer to the sample \"PowerTransition\" for details."
|
|
||||||
},
|
|
||||||
{
|
|
||||||
SGX_ERROR_INVALID_ENCLAVE,
|
|
||||||
"Invalid enclave image.",
|
|
||||||
NULL
|
|
||||||
},
|
|
||||||
{
|
|
||||||
SGX_ERROR_INVALID_ENCLAVE_ID,
|
|
||||||
"Invalid enclave identification.",
|
|
||||||
NULL
|
|
||||||
},
|
|
||||||
{
|
|
||||||
SGX_ERROR_INVALID_SIGNATURE,
|
|
||||||
"Invalid enclave signature.",
|
|
||||||
NULL
|
|
||||||
},
|
|
||||||
{
|
|
||||||
SGX_ERROR_OUT_OF_EPC,
|
|
||||||
"Out of EPC memory.",
|
|
||||||
NULL
|
|
||||||
},
|
|
||||||
{
|
|
||||||
SGX_ERROR_NO_DEVICE,
|
|
||||||
"Invalid SGX device.",
|
|
||||||
"Please make sure SGX module is enabled in the BIOS, and install SGX driver afterwards."
|
|
||||||
},
|
|
||||||
{
|
|
||||||
SGX_ERROR_MEMORY_MAP_CONFLICT,
|
|
||||||
"Memory map conflicted.",
|
|
||||||
NULL
|
|
||||||
},
|
|
||||||
{
|
|
||||||
SGX_ERROR_INVALID_METADATA,
|
|
||||||
"Invalid enclave metadata.",
|
|
||||||
NULL
|
|
||||||
},
|
|
||||||
{
|
|
||||||
SGX_ERROR_DEVICE_BUSY,
|
|
||||||
"SGX device was busy.",
|
|
||||||
NULL
|
|
||||||
},
|
|
||||||
{
|
|
||||||
SGX_ERROR_INVALID_VERSION,
|
|
||||||
"Enclave version was invalid.",
|
|
||||||
NULL
|
|
||||||
},
|
|
||||||
{
|
|
||||||
SGX_ERROR_INVALID_ATTRIBUTE,
|
|
||||||
"Enclave was not authorized.",
|
|
||||||
NULL
|
|
||||||
},
|
|
||||||
{
|
|
||||||
SGX_ERROR_ENCLAVE_FILE_ACCESS,
|
|
||||||
"Can't open enclave file.",
|
|
||||||
NULL
|
|
||||||
},
|
|
||||||
};
|
|
||||||
|
|
||||||
/* Check error conditions for loading enclave */
|
|
||||||
void print_error_message(sgx_status_t ret)
|
|
||||||
{
|
|
||||||
size_t idx = 0;
|
|
||||||
size_t ttl = sizeof sgx_errlist/sizeof sgx_errlist[0];
|
|
||||||
|
|
||||||
for (idx = 0; idx < ttl; idx++) {
|
|
||||||
if(ret == sgx_errlist[idx].err) {
|
|
||||||
if(NULL != sgx_errlist[idx].sug)
|
|
||||||
printf("Info: %s\n", sgx_errlist[idx].sug);
|
|
||||||
printf("Error: %s\n", sgx_errlist[idx].msg);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (idx == ttl)
|
|
||||||
printf("Error code is 0x%X. Please refer to the \"Intel SGX SDK Developer Reference\" for more details.\n", ret);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Initialize the enclave:
|
|
||||||
* Step 1: try to retrieve the launch token saved by last transaction
|
|
||||||
* Step 2: call sgx_create_enclave to initialize an enclave instance
|
|
||||||
* Step 3: save the launch token if it is updated
|
|
||||||
*/
|
|
||||||
int initialize_enclave(void)
|
|
||||||
{
|
|
||||||
char token_path[MAX_PATH] = {'\0'};
|
|
||||||
sgx_launch_token_t token = {0};
|
|
||||||
sgx_status_t ret = SGX_ERROR_UNEXPECTED;
|
|
||||||
int updated = 0;
|
|
||||||
|
|
||||||
/* Step 1: try to retrieve the launch token saved by last transaction
|
|
||||||
* if there is no token, then create a new one.
|
|
||||||
*/
|
|
||||||
/* try to get the token saved in $HOME */
|
|
||||||
const char *home_dir = getpwuid(getuid())->pw_dir;
|
|
||||||
|
|
||||||
if (home_dir != NULL &&
|
|
||||||
(strlen(home_dir)+strlen("/")+sizeof(TOKEN_FILENAME)+1) <= MAX_PATH) {
|
|
||||||
/* compose the token path */
|
|
||||||
strncpy(token_path, home_dir, strlen(home_dir));
|
|
||||||
strncat(token_path, "/", strlen("/"));
|
|
||||||
strncat(token_path, TOKEN_FILENAME, sizeof(TOKEN_FILENAME)+1);
|
|
||||||
} else {
|
|
||||||
/* if token path is too long or $HOME is NULL */
|
|
||||||
strncpy(token_path, TOKEN_FILENAME, sizeof(TOKEN_FILENAME));
|
|
||||||
}
|
|
||||||
|
|
||||||
FILE *fp = fopen(token_path, "rb");
|
|
||||||
if (fp == NULL && (fp = fopen(token_path, "wb")) == NULL) {
|
|
||||||
printf("Warning: Failed to create/open the launch token file \"%s\".\n", token_path);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (fp != NULL) {
|
|
||||||
/* read the token from saved file */
|
|
||||||
size_t read_num = fread(token, 1, sizeof(sgx_launch_token_t), fp);
|
|
||||||
if (read_num != 0 && read_num != sizeof(sgx_launch_token_t)) {
|
|
||||||
/* if token is invalid, clear the buffer */
|
|
||||||
memset(&token, 0x0, sizeof(sgx_launch_token_t));
|
|
||||||
printf("Warning: Invalid launch token read from \"%s\".\n", token_path);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
/* Step 2: call sgx_create_enclave to initialize an enclave instance */
|
|
||||||
/* Debug Support: set 2nd parameter to 1 */
|
|
||||||
ret = sgx_create_enclave(ENCLAVE_FILENAME, SGX_DEBUG_FLAG, &token, &updated, &global_eid, NULL);
|
|
||||||
if (ret != SGX_SUCCESS) {
|
|
||||||
print_error_message(ret);
|
|
||||||
if (fp != NULL) fclose(fp);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Step 3: save the launch token if it is updated */
|
|
||||||
if (updated == FALSE || fp == NULL) {
|
|
||||||
/* if the token is not updated, or file handler is invalid, do not perform saving */
|
|
||||||
if (fp != NULL) fclose(fp);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* reopen the file with write capablity */
|
|
||||||
fp = freopen(token_path, "wb", fp);
|
|
||||||
if (fp == NULL) return 0;
|
|
||||||
size_t write_num = fwrite(token, 1, sizeof(sgx_launch_token_t), fp);
|
|
||||||
if (write_num != sizeof(sgx_launch_token_t))
|
|
||||||
printf("Warning: Failed to save launch token to \"%s\".\n", token_path);
|
|
||||||
fclose(fp);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* OCall functions */
|
|
||||||
void ocall_print_string(const char *str)
|
|
||||||
{
|
|
||||||
/* Proxy/Bridge will check the length and null-terminate
|
|
||||||
* the input string to prevent buffer overflow.
|
|
||||||
*/
|
|
||||||
printf("%s", str);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/* Application entry */
|
|
||||||
int SGX_CDECL main(int argc, char *argv[])
|
|
||||||
{
|
|
||||||
(void)(argc);
|
|
||||||
(void)(argv);
|
|
||||||
|
|
||||||
|
|
||||||
/* Initialize the enclave */
|
|
||||||
if(initialize_enclave() < 0){
|
|
||||||
printf("Enter a character before exit ...\n");
|
|
||||||
getchar();
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
printf_helloworld(global_eid);
|
|
||||||
|
|
||||||
/* Destroy the enclave */
|
|
||||||
sgx_destroy_enclave(global_eid);
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,65 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
#ifndef _APP_H_
|
|
||||||
#define _APP_H_
|
|
||||||
|
|
||||||
#include <assert.h>
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <stdarg.h>
|
|
||||||
|
|
||||||
#include "sgx_error.h" /* sgx_status_t */
|
|
||||||
#include "sgx_eid.h" /* sgx_enclave_id_t */
|
|
||||||
|
|
||||||
#ifndef TRUE
|
|
||||||
# define TRUE 1
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifndef FALSE
|
|
||||||
# define FALSE 0
|
|
||||||
#endif
|
|
||||||
|
|
||||||
# define TOKEN_FILENAME "enclave.token"
|
|
||||||
# define ENCLAVE_FILENAME "enclave.signed.so"
|
|
||||||
|
|
||||||
extern sgx_enclave_id_t global_eid; /* global enclave id */
|
|
||||||
|
|
||||||
#if defined(__cplusplus)
|
|
||||||
extern "C" {
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(__cplusplus)
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#endif /* !_APP_H_ */
|
|
|
@ -1,57 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
#include <stdarg.h>
|
|
||||||
#include <stdio.h> /* vsnprintf */
|
|
||||||
|
|
||||||
#include "Enclave.h"
|
|
||||||
#include "Enclave_t.h" /* print_string */
|
|
||||||
|
|
||||||
/*
|
|
||||||
* printf:
|
|
||||||
* Invokes OCALL to display the enclave buffer to the terminal.
|
|
||||||
*/
|
|
||||||
void printf(const char *fmt, ...)
|
|
||||||
{
|
|
||||||
char buf[BUFSIZ] = {'\0'};
|
|
||||||
va_list ap;
|
|
||||||
va_start(ap, fmt);
|
|
||||||
vsnprintf(buf, BUFSIZ, fmt, ap);
|
|
||||||
va_end(ap);
|
|
||||||
ocall_print_string(buf);
|
|
||||||
}
|
|
||||||
|
|
||||||
void printf_helloworld()
|
|
||||||
{
|
|
||||||
printf("Hello World\n");
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,50 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
#ifndef _ENCLAVE_H_
|
|
||||||
#define _ENCLAVE_H_
|
|
||||||
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <assert.h>
|
|
||||||
|
|
||||||
#if defined(__cplusplus)
|
|
||||||
extern "C" {
|
|
||||||
#endif
|
|
||||||
|
|
||||||
void printf(const char *fmt, ...);
|
|
||||||
void printf_helloworld();
|
|
||||||
|
|
||||||
#if defined(__cplusplus)
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#endif /* !_ENCLAVE_H_ */
|
|
|
@ -1,39 +0,0 @@
|
||||||
-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIIG4gIBAAKCAYEAroOogvsj/fZDZY8XFdkl6dJmky0lRvnWMmpeH41Bla6U1qLZ
|
|
||||||
AmZuyIF+mQC/cgojIsrBMzBxb1kKqzATF4+XwPwgKz7fmiddmHyYz2WDJfAjIveJ
|
|
||||||
ZjdMjM4+EytGlkkJ52T8V8ds0/L2qKexJ+NBLxkeQLfV8n1mIk7zX7jguwbCG1Pr
|
|
||||||
nEMdJ3Sew20vnje+RsngAzdPChoJpVsWi/K7cettX/tbnre1DL02GXc5qJoQYk7b
|
|
||||||
3zkmhz31TgFrd9VVtmUGyFXAysuSAb3EN+5VnHGr0xKkeg8utErea2FNtNIgua8H
|
|
||||||
ONfm9Eiyaav1SVKzPHlyqLtcdxH3I8Wg7yqMsaprZ1n5A1v/levxnL8+It02KseD
|
|
||||||
5HqV4rf/cImSlCt3lpRg8U5E1pyFQ2IVEC/XTDMiI3c+AR+w2jSRB3Bwn9zJtFlW
|
|
||||||
KHG3m1xGI4ck+Lci1JvWWLXQagQSPtZTsubxTQNx1gsgZhgv1JHVZMdbVlAbbRMC
|
|
||||||
1nSuJNl7KPAS/VfzAgEDAoIBgHRXxaynbVP5gkO0ug6Qw/E27wzIw4SmjsxG6Wpe
|
|
||||||
K7kfDeRskKxESdsA/xCrKkwGwhcx1iIgS5+Qscd1Yg+1D9X9asd/P7waPmWoZd+Z
|
|
||||||
AhlKwhdPsO7PiF3e1AzHhGQwsUTt/Y/aSI1MpHBvy2/s1h9mFCslOUxTmWw0oj/Q
|
|
||||||
ldIEgWeNR72CE2+jFIJIyml6ftnb6qzPiga8Bm48ubKh0kvySOqnkmnPzgh+JBD6
|
|
||||||
JnBmtZbfPT97bwTT+N6rnPqOOApvfHPf15kWI8yDbprG1l4OCUaIUH1AszxLd826
|
|
||||||
5IPM+8gINLRDP1MA6azECPjTyHXhtnSIBZCyWSVkc05vYmNXYUNiXWMajcxW9M02
|
|
||||||
wKzFELO8NCEAkaTPxwo4SCyIjUxiK1LbQ9h8PSy4c1+gGP4LAMR8xqP4QKg6zdu9
|
|
||||||
osUGG/xRe/uufgTBFkcjqBHtK5L5VI0jeNIUAgW/6iNbYXjBMJ0GfauLs+g1VsOm
|
|
||||||
WfdgXzsb9DYdMa0OXXHypmV4GwKBwQDUwQj8RKJ6c8cT4vcWCoJvJF00+RFL+P3i
|
|
||||||
Gx2DLERxRrDa8AVGfqaCjsR+3vLgG8V/py+z+dxZYSqeB80Qeo6PDITcRKoeAYh9
|
|
||||||
xlT3LJOS+k1cJcEmlbbO2IjLkTmzSwa80fWexKu8/Xv6vv15gpqYl1ngYoqJM3pd
|
|
||||||
vzmTIOi7MKSZ0WmEQavrZj8zK4endE3v0eAEeQ55j1GImbypSf7Idh7wOXtjZ7WD
|
|
||||||
Dg6yWDrri+AP/L3gClMj8wsAxMV4ZR8CgcEA0fzDHkFa6raVOxWnObmRoDhAtE0a
|
|
||||||
cjUj976NM5yyfdf2MrKy4/RhdTiPZ6b08/lBC/+xRfV3xKVGzacm6QjqjZrUpgHC
|
|
||||||
0LKiZaMtccCJjLtPwQd0jGQEnKfMFaPsnhOc5y8qVkCzVOSthY5qhz0XNotHHFmJ
|
|
||||||
gffVgB0iqrMTvSL7IA2yqqpOqNRlhaYhNl8TiFP3gIeMtVa9rZy31JPgT2uJ+kfo
|
|
||||||
gV7sdTPEjPWZd7OshGxWpT6QfVDj/T9T7L6tAoHBAI3WBf2DFvxNL2KXT2QHAZ9t
|
|
||||||
k3imC4f7U+wSE6zILaDZyzygA4RUbwG0gv8/TJVn2P/Eynf76DuWHGlaiLWnCbSz
|
|
||||||
Az2DHBQBBaku409zDQym3j1ugMRjzzSQWzJg0SIyBH3hTmnYcn3+Uqcp/lEBvGW6
|
|
||||||
O+rsXFt3pukqJmIV8HzLGGaLm62BHUeZf3dyWm+i3p/hQAL7Xvu04QW70xuGqdr5
|
|
||||||
afV7p5eaeQIJXyGQJ0eylV/90+qxjMKiB1XYg6WYvwKBwQCL/ddpgOdHJGN8uRom
|
|
||||||
e7Zq0Csi3hGheMKlKbN3vcxT5U7MdyHtTZZOJbTvxKNNUNYH/8uD+PqDGNneb29G
|
|
||||||
BfGzvI3EASyLIcGZF3OhKwZd0jUrWk2y7Vhob91jwp2+t73vdMbkKyI4mHOuXvGv
|
|
||||||
fg95si9oO7EBT+Oqvhccd2J+F1IVXncccYnF4u5ZGWt5lLewN/pVr7MjjykeaHqN
|
|
||||||
t+rfnQam2psA6fL4zS2zTmZPzR2tnY8Y1GBTi0Ko1OKd1HMCgcAb5cB/7/AQlhP9
|
|
||||||
yQa04PLH9ygQkKKptZp7dy5WcWRx0K/hAHRoi2aw1wZqfm7VBNu2SLcs90kCCCxp
|
|
||||||
6C5sfJi6b8NpNbIPC+sc9wsFr7pGo9SFzQ78UlcWYK2Gu2FxlMjonhka5hvo4zvg
|
|
||||||
WxlpXKEkaFt3gLd92m/dMqBrHfafH7VwOJY2zT3WIpjwuk0ZzmRg5p0pG/svVQEH
|
|
||||||
NZmwRwlopysbR69B/n1nefJ84UO50fLh5s5Zr3gBRwbWNZyzhXk=
|
|
||||||
-----END RSA PRIVATE KEY-----
|
|
|
@ -1,55 +0,0 @@
|
||||||
# Prerequisites
|
|
||||||
*.d
|
|
||||||
|
|
||||||
# Object files
|
|
||||||
*.o
|
|
||||||
*.ko
|
|
||||||
*.obj
|
|
||||||
*.elf
|
|
||||||
|
|
||||||
# Linker output
|
|
||||||
*.ilk
|
|
||||||
*.map
|
|
||||||
*.exp
|
|
||||||
|
|
||||||
# Precompiled Headers
|
|
||||||
*.gch
|
|
||||||
*.pch
|
|
||||||
|
|
||||||
# Libraries
|
|
||||||
*.lib
|
|
||||||
*.a
|
|
||||||
*.la
|
|
||||||
*.lo
|
|
||||||
|
|
||||||
# Shared objects (inc. Windows DLLs)
|
|
||||||
*.dll
|
|
||||||
*.so
|
|
||||||
*.so.*
|
|
||||||
*.dylib
|
|
||||||
|
|
||||||
# Executables
|
|
||||||
*.exe
|
|
||||||
*.out
|
|
||||||
*.app
|
|
||||||
*.i*86
|
|
||||||
*.x86_64
|
|
||||||
*.hex
|
|
||||||
|
|
||||||
# Debug files
|
|
||||||
*.dSYM/
|
|
||||||
*.su
|
|
||||||
*.idb
|
|
||||||
*.pdb
|
|
||||||
|
|
||||||
# Kernel Module Compile Results
|
|
||||||
*.mod*
|
|
||||||
*.cmd
|
|
||||||
.tmp_versions/
|
|
||||||
modules.order
|
|
||||||
Module.symvers
|
|
||||||
Mkfile.old
|
|
||||||
dkms.conf
|
|
||||||
|
|
||||||
# Apple .DS_Store files
|
|
||||||
.DS_Store
|
|
|
@ -1,209 +0,0 @@
|
||||||
#
|
|
||||||
# Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
|
|
||||||
#
|
|
||||||
# Redistribution and use in source and binary forms, with or without
|
|
||||||
# modification, are permitted provided that the following conditions
|
|
||||||
# are met:
|
|
||||||
#
|
|
||||||
# * Redistributions of source code must retain the above copyright
|
|
||||||
# notice, this list of conditions and the following disclaimer.
|
|
||||||
# * Redistributions in binary form must reproduce the above copyright
|
|
||||||
# notice, this list of conditions and the following disclaimer in
|
|
||||||
# the documentation and/or other materials provided with the
|
|
||||||
# distribution.
|
|
||||||
# * Neither the name of Intel Corporation nor the names of its
|
|
||||||
# contributors may be used to endorse or promote products derived
|
|
||||||
# from this software without specific prior written permission.
|
|
||||||
#
|
|
||||||
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
#
|
|
||||||
#
|
|
||||||
|
|
||||||
######## SGX SDK Settings ########
|
|
||||||
|
|
||||||
SGX_SDK ?= /opt/intel/sgxsdk
|
|
||||||
SGX_MODE ?= SIM
|
|
||||||
SGX_ARCH ?= x64
|
|
||||||
|
|
||||||
ifeq ($(shell getconf LONG_BIT), 32)
|
|
||||||
SGX_ARCH := x86
|
|
||||||
else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32)
|
|
||||||
SGX_ARCH := x86
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifeq ($(SGX_ARCH), x86)
|
|
||||||
SGX_COMMON_CFLAGS := -m32
|
|
||||||
SGX_LIBRARY_PATH := $(SGX_SDK)/lib
|
|
||||||
SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign
|
|
||||||
SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r
|
|
||||||
else
|
|
||||||
SGX_COMMON_CFLAGS := -m64
|
|
||||||
SGX_LIBRARY_PATH := $(SGX_SDK)/lib64
|
|
||||||
SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign
|
|
||||||
SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifeq ($(SGX_DEBUG), 1)
|
|
||||||
ifeq ($(SGX_PRERELEASE), 1)
|
|
||||||
$(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!)
|
|
||||||
endif
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifeq ($(SGX_DEBUG), 1)
|
|
||||||
SGX_COMMON_CFLAGS += -O0 -g
|
|
||||||
else
|
|
||||||
SGX_COMMON_CFLAGS += -O2
|
|
||||||
endif
|
|
||||||
|
|
||||||
######## App Settings ########
|
|
||||||
|
|
||||||
ifneq ($(SGX_MODE), HW)
|
|
||||||
Urts_Library_Name := sgx_urts_sim
|
|
||||||
else
|
|
||||||
Urts_Library_Name := sgx_urts
|
|
||||||
endif
|
|
||||||
|
|
||||||
App_Cpp_Files := app/app.cpp app/utils.cpp
|
|
||||||
App_Include_Paths := -Iapp -I$(SGX_SDK)/include -Iinclude -Itest
|
|
||||||
|
|
||||||
App_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths)
|
|
||||||
|
|
||||||
# Three configuration modes - Debug, prerelease, release
|
|
||||||
# Debug - Macro DEBUG enabled.
|
|
||||||
# Prerelease - Macro NDEBUG and EDEBUG enabled.
|
|
||||||
# Release - Macro NDEBUG enabled.
|
|
||||||
ifeq ($(SGX_DEBUG), 1)
|
|
||||||
App_C_Flags += -DDEBUG -UNDEBUG -UEDEBUG
|
|
||||||
else ifeq ($(SGX_PRERELEASE), 1)
|
|
||||||
App_C_Flags += -DNDEBUG -DEDEBUG -UDEBUG
|
|
||||||
else
|
|
||||||
App_C_Flags += -DNDEBUG -UEDEBUG -UDEBUG
|
|
||||||
endif
|
|
||||||
|
|
||||||
App_Cpp_Flags := $(App_C_Flags) -std=c++11
|
|
||||||
App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -lpthread
|
|
||||||
|
|
||||||
ifneq ($(SGX_MODE), HW)
|
|
||||||
App_Link_Flags += -lsgx_uae_service_sim
|
|
||||||
else
|
|
||||||
App_Link_Flags += -lsgx_uae_service
|
|
||||||
endif
|
|
||||||
|
|
||||||
App_Cpp_Objects := $(App_Cpp_Files:.cpp=.o)
|
|
||||||
|
|
||||||
App_Name := sgx-wallet
|
|
||||||
|
|
||||||
######## Enclave Settings ########
|
|
||||||
|
|
||||||
ifneq ($(SGX_MODE), HW)
|
|
||||||
Trts_Library_Name := sgx_trts_sim
|
|
||||||
Service_Library_Name := sgx_tservice_sim
|
|
||||||
else
|
|
||||||
Trts_Library_Name := sgx_trts
|
|
||||||
Service_Library_Name := sgx_tservice
|
|
||||||
endif
|
|
||||||
Crypto_Library_Name := sgx_tcrypto
|
|
||||||
|
|
||||||
Enclave_Cpp_Files := enclave/enclave.cpp enclave/sealing/sealing.cpp
|
|
||||||
Enclave_Include_Paths := -Ienclave -Iinclude -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/stlport
|
|
||||||
|
|
||||||
Enclave_C_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector $(Enclave_Include_Paths)
|
|
||||||
Enclave_Cpp_Flags := $(Enclave_C_Flags) -std=c++03 -nostdinc++
|
|
||||||
Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \
|
|
||||||
-Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
|
|
||||||
-Wl,--start-group -lsgx_tstdc -lsgx_tstdcxx -l$(Crypto_Library_Name) -l$(Service_Library_Name) -Wl,--end-group \
|
|
||||||
-Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
|
|
||||||
-Wl,-pie,-eenclave_entry -Wl,--export-dynamic \
|
|
||||||
-Wl,--defsym,__ImageBase=0
|
|
||||||
# -Wl,--version-script=Enclave/Enclave.lds
|
|
||||||
|
|
||||||
Enclave_Cpp_Objects := $(Enclave_Cpp_Files:.cpp=.o)
|
|
||||||
|
|
||||||
Enclave_Name := enclave.so
|
|
||||||
Signed_Enclave_Name := enclave.signed.so
|
|
||||||
Enclave_Config_File := enclave/enclave.config.xml
|
|
||||||
|
|
||||||
ifeq ($(SGX_MODE), HW)
|
|
||||||
ifneq ($(SGX_DEBUG), 1)
|
|
||||||
ifneq ($(SGX_PRERELEASE), 1)
|
|
||||||
Build_Mode = HW_RELEASE
|
|
||||||
endif
|
|
||||||
endif
|
|
||||||
endif
|
|
||||||
|
|
||||||
|
|
||||||
.PHONY: all run
|
|
||||||
|
|
||||||
ifeq ($(Build_Mode), HW_RELEASE)
|
|
||||||
all: $(App_Name) $(Enclave_Name)
|
|
||||||
@echo "The project has been built in release hardware mode."
|
|
||||||
@echo "Please sign the $(Enclave_Name) first with your signing key before you run the $(App_Name) to launch and access the enclave."
|
|
||||||
@echo "To sign the enclave use the command:"
|
|
||||||
@echo " $(SGX_ENCLAVE_SIGNER) sign -key <your key> -enclave $(Enclave_Name) -out <$(Signed_Enclave_Name)> -config $(Enclave_Config_File)"
|
|
||||||
@echo "You can also sign the enclave using an external signing tool. See User's Guide for more details."
|
|
||||||
@echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW."
|
|
||||||
else
|
|
||||||
all: $(App_Name) $(Signed_Enclave_Name)
|
|
||||||
endif
|
|
||||||
|
|
||||||
run: all
|
|
||||||
ifneq ($(Build_Mode), HW_RELEASE)
|
|
||||||
@$(CURDIR)/$(App_Name)
|
|
||||||
@echo "RUN => $(App_Name) [$(SGX_MODE)|$(SGX_ARCH), OK]"
|
|
||||||
endif
|
|
||||||
|
|
||||||
######## App Objects ########
|
|
||||||
|
|
||||||
app/enclave_u.c: $(SGX_EDGER8R) enclave/enclave.edl
|
|
||||||
@cd app && $(SGX_EDGER8R) --untrusted ../enclave/enclave.edl --search-path ../enclave --search-path $(SGX_SDK)/include
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
app/enclave_u.o: app/enclave_u.c
|
|
||||||
@$(CC) $(App_C_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
app/%.o: app/%.cpp
|
|
||||||
@$(CXX) $(App_Cpp_Flags) -c $< -o $@
|
|
||||||
@echo "CXX <= $<"
|
|
||||||
|
|
||||||
$(App_Name): app/enclave_u.o $(App_Cpp_Objects)
|
|
||||||
@$(CXX) $^ -o $@ $(App_Link_Flags)
|
|
||||||
@echo "LINK => $@"
|
|
||||||
|
|
||||||
|
|
||||||
######## Enclave Objects ########
|
|
||||||
|
|
||||||
enclave/enclave_t.c: $(SGX_EDGER8R) enclave/enclave.edl
|
|
||||||
@cd enclave && $(SGX_EDGER8R) --trusted ../enclave/enclave.edl --search-path ../enclave --search-path $(SGX_SDK)/include
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
enclave/enclave_t.o: enclave/enclave_t.c
|
|
||||||
@$(CC) $(Enclave_C_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
enclave/%.o: enclave/%.cpp
|
|
||||||
@$(CXX) $(Enclave_Cpp_Flags) -c $< -o $@
|
|
||||||
@echo "CXX <= $<"
|
|
||||||
|
|
||||||
$(Enclave_Name): enclave/enclave_t.o $(Enclave_Cpp_Objects)
|
|
||||||
@$(CXX) $^ -o $@ $(Enclave_Link_Flags)
|
|
||||||
@echo "LINK => $@"
|
|
||||||
|
|
||||||
$(Signed_Enclave_Name): $(Enclave_Name)
|
|
||||||
@$(SGX_ENCLAVE_SIGNER) sign -key enclave/enclave_private.pem -enclave $(Enclave_Name) -out $@ -config $(Enclave_Config_File)
|
|
||||||
@echo "SIGN => $@"
|
|
||||||
|
|
||||||
.PHONY: clean
|
|
||||||
|
|
||||||
clean:
|
|
||||||
@rm -f $(App_Name) $(Enclave_Name) $(Signed_Enclave_Name) $(App_Cpp_Objects) app/enclave_u.* $(Enclave_Cpp_Objects) enclave/enclave_t.*
|
|
|
@ -1,225 +0,0 @@
|
||||||
#include "enclave_u.h"
|
|
||||||
#include "sgx_urts.h"
|
|
||||||
|
|
||||||
#include <cstring>
|
|
||||||
#include <fstream>
|
|
||||||
#include <getopt.h>
|
|
||||||
|
|
||||||
#include "app.h"
|
|
||||||
#include "utils.h"
|
|
||||||
#include "wallet.h"
|
|
||||||
#include "enclave.h"
|
|
||||||
|
|
||||||
using namespace std;
|
|
||||||
|
|
||||||
|
|
||||||
// OCALLs implementation
|
|
||||||
int ocall_save_wallet(const uint8_t* sealed_data, const size_t sealed_size) {
|
|
||||||
ofstream file(WALLET_FILE, ios::out | ios::binary);
|
|
||||||
if (file.fail()) {return 1;}
|
|
||||||
file.write((const char*) sealed_data, sealed_size);
|
|
||||||
file.close();
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
int ocall_load_wallet(uint8_t* sealed_data, const size_t sealed_size) {
|
|
||||||
ifstream file(WALLET_FILE, ios::in | ios::binary);
|
|
||||||
if (file.fail()) {return 1;}
|
|
||||||
file.read((char*) sealed_data, sealed_size);
|
|
||||||
file.close();
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
int ocall_is_wallet(void) {
|
|
||||||
ifstream file(WALLET_FILE, ios::in | ios::binary);
|
|
||||||
if (file.fail()) {return 0;} // failure means no wallet found
|
|
||||||
file.close();
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
int main(int argc, char** argv) {
|
|
||||||
|
|
||||||
sgx_enclave_id_t eid = 0;
|
|
||||||
sgx_launch_token_t token = {0};
|
|
||||||
int updated, ret;
|
|
||||||
sgx_status_t ecall_status, enclave_status;
|
|
||||||
|
|
||||||
enclave_status = sgx_create_enclave(ENCLAVE_FILE, SGX_DEBUG_FLAG, &token, &updated, &eid, NULL);
|
|
||||||
if(enclave_status != SGX_SUCCESS) {
|
|
||||||
error_print("Fail to initialize enclave.");
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
info_print("Enclave successfully initilised.");
|
|
||||||
|
|
||||||
const char* options = "hvn:p:c:sax:y:z:r:";
|
|
||||||
opterr=0; // prevent 'getopt' from printing err messages
|
|
||||||
char err_message[100];
|
|
||||||
int opt, stop=0;
|
|
||||||
int h_flag=0, v_flag=0, s_flag=0, a_flag=0;
|
|
||||||
char * n_value=NULL, *p_value=NULL, *c_value=NULL, *x_value=NULL, *y_value=NULL, *z_value=NULL, *r_value=NULL;
|
|
||||||
|
|
||||||
// read user input
|
|
||||||
while ((opt = getopt(argc, argv, options)) != -1) {
|
|
||||||
switch (opt) {
|
|
||||||
// help
|
|
||||||
case 'h':
|
|
||||||
h_flag = 1;
|
|
||||||
break;
|
|
||||||
|
|
||||||
// create new wallet
|
|
||||||
case 'n':
|
|
||||||
n_value = optarg;
|
|
||||||
break;
|
|
||||||
|
|
||||||
// master-password
|
|
||||||
case 'p':
|
|
||||||
p_value = optarg;
|
|
||||||
break;
|
|
||||||
|
|
||||||
// change master-password
|
|
||||||
case 'c':
|
|
||||||
c_value = optarg;
|
|
||||||
break;
|
|
||||||
|
|
||||||
// show wallet
|
|
||||||
case 's':
|
|
||||||
s_flag = 1;
|
|
||||||
break;
|
|
||||||
|
|
||||||
// add item
|
|
||||||
case 'a': // add item flag
|
|
||||||
a_flag = 1;
|
|
||||||
break;
|
|
||||||
case 'x': // item's title
|
|
||||||
x_value = optarg;
|
|
||||||
break;
|
|
||||||
case 'y': // item's username
|
|
||||||
y_value = optarg;
|
|
||||||
break;
|
|
||||||
case 'z': // item's password
|
|
||||||
z_value = optarg;
|
|
||||||
break;
|
|
||||||
|
|
||||||
// remove item
|
|
||||||
case 'r':
|
|
||||||
r_value = optarg;
|
|
||||||
break;
|
|
||||||
|
|
||||||
// exceptions
|
|
||||||
case '?':
|
|
||||||
if (optopt == 'n' || optopt == 'p' || optopt == 'c' || optopt == 'r' ||
|
|
||||||
optopt == 'x' || optopt == 'y' || optopt == 'z'
|
|
||||||
) {
|
|
||||||
sprintf(err_message, "Option -%c requires an argument.", optopt);
|
|
||||||
}
|
|
||||||
else if (isprint(optopt)) {
|
|
||||||
sprintf(err_message, "Unknown option `-%c'.", optopt);
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
sprintf(err_message, "Unknown option character `\\x%x'.",optopt);
|
|
||||||
}
|
|
||||||
stop = 1;
|
|
||||||
error_print(err_message);
|
|
||||||
error_print("Program exiting.");
|
|
||||||
break;
|
|
||||||
|
|
||||||
default:
|
|
||||||
error_print("Unknown option.");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// perform actions
|
|
||||||
if (stop != 1) {
|
|
||||||
// show help
|
|
||||||
if (h_flag) {
|
|
||||||
show_help();
|
|
||||||
}
|
|
||||||
|
|
||||||
// create new wallet
|
|
||||||
else if(n_value!=NULL) {
|
|
||||||
ecall_status = ecall_create_wallet(eid, &ret, n_value);
|
|
||||||
if (ecall_status != SGX_SUCCESS || is_error(ret)) {
|
|
||||||
error_print("Fail to create new wallet.");
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
info_print("Wallet successfully created.");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// change master-password
|
|
||||||
else if (p_value!=NULL && c_value!=NULL) {
|
|
||||||
ecall_status = ecall_change_master_password(eid, &ret, p_value, c_value);
|
|
||||||
if (ecall_status != SGX_SUCCESS || is_error(ret)) {
|
|
||||||
error_print("Fail change master-password.");
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
info_print("Master-password successfully changed.");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// show wallet
|
|
||||||
else if(p_value!=NULL && s_flag) {
|
|
||||||
wallet_t* wallet = (wallet_t*)malloc(sizeof(wallet_t));
|
|
||||||
ecall_status = ecall_show_wallet(eid, &ret, p_value, wallet, sizeof(wallet_t));
|
|
||||||
if (ecall_status != SGX_SUCCESS || is_error(ret)) {
|
|
||||||
error_print("Fail to retrieve wallet.");
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
info_print("Wallet successfully retrieved.");
|
|
||||||
print_wallet(wallet);
|
|
||||||
}
|
|
||||||
free(wallet);
|
|
||||||
}
|
|
||||||
|
|
||||||
// add item
|
|
||||||
else if (p_value!=NULL && a_flag && x_value!=NULL && y_value!=NULL && z_value!=NULL) {
|
|
||||||
item_t* new_item = (item_t*)malloc(sizeof(item_t));
|
|
||||||
strcpy(new_item->title, x_value);
|
|
||||||
strcpy(new_item->username, y_value);
|
|
||||||
strcpy(new_item->password, z_value);
|
|
||||||
ecall_status = ecall_add_item(eid, &ret, p_value, new_item, sizeof(item_t));
|
|
||||||
if (ecall_status != SGX_SUCCESS || is_error(ret)) {
|
|
||||||
error_print("Fail to add new item to wallet.");
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
info_print("Item successfully added to the wallet.");
|
|
||||||
}
|
|
||||||
free(new_item);
|
|
||||||
}
|
|
||||||
|
|
||||||
// remove item
|
|
||||||
else if (p_value!=NULL && r_value!=NULL) {
|
|
||||||
char* p_end;
|
|
||||||
int index = (int)strtol(r_value, &p_end, 10);
|
|
||||||
if (r_value == p_end) {
|
|
||||||
error_print("Option -r requires an integer argument.");
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
ecall_status = ecall_remove_item(eid, &ret, p_value, index);
|
|
||||||
if (ecall_status != SGX_SUCCESS || is_error(ret)) {
|
|
||||||
error_print("Fail to remove item.");
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
info_print("Item successfully removed from the wallet.");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// display help
|
|
||||||
else {
|
|
||||||
error_print("Wrong inputs.");
|
|
||||||
show_help();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// destroy enclave
|
|
||||||
enclave_status = sgx_destroy_enclave(eid);
|
|
||||||
if(enclave_status != SGX_SUCCESS) {
|
|
||||||
error_print("Fail to destroy enclave.");
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
info_print("Enclave successfully destroyed.");
|
|
||||||
|
|
||||||
info_print("Program exit success.");
|
|
||||||
return 0;
|
|
||||||
}
|
|
|
@ -1,13 +0,0 @@
|
||||||
#ifndef APP_H_
|
|
||||||
#define APP_H_
|
|
||||||
|
|
||||||
|
|
||||||
/***************************************************
|
|
||||||
* config.
|
|
||||||
***************************************************/
|
|
||||||
#define APP_NAME "sgx-wallet"
|
|
||||||
#define ENCLAVE_FILE "enclave.signed.so"
|
|
||||||
#define WALLET_FILE "wallet.seal"
|
|
||||||
|
|
||||||
|
|
||||||
#endif // APP_H_
|
|
|
@ -1,101 +0,0 @@
|
||||||
#include <stdio.h>
|
|
||||||
#include <cstring>
|
|
||||||
|
|
||||||
#include "utils.h"
|
|
||||||
#include "app.h"
|
|
||||||
#include "wallet.h"
|
|
||||||
#include "enclave.h"
|
|
||||||
|
|
||||||
void info_print(const char* str) {
|
|
||||||
printf("[INFO] %s\n", str);
|
|
||||||
}
|
|
||||||
|
|
||||||
void warning_print(const char* str) {
|
|
||||||
printf("[WARNING] %s\n", str);
|
|
||||||
}
|
|
||||||
|
|
||||||
void error_print(const char* str) {
|
|
||||||
printf("[ERROR] %s\n", str);
|
|
||||||
}
|
|
||||||
|
|
||||||
void print_wallet(const wallet_t* wallet) {
|
|
||||||
printf("\n-----------------------------------------\n\n");
|
|
||||||
printf("Simple password wallet based on Intel SGX.\n\n");
|
|
||||||
printf("Number of items: %lu\n\n", wallet->size);
|
|
||||||
for (int i = 0; i < wallet->size; ++i) {
|
|
||||||
printf("#%d -- %s\n", i, wallet->items[i].title);
|
|
||||||
printf("[username:] %s\n", wallet->items[i].username);
|
|
||||||
printf("[password:] %s\n", wallet->items[i].password);
|
|
||||||
printf("\n");
|
|
||||||
}
|
|
||||||
printf("\n------------------------------------------\n\n");
|
|
||||||
}
|
|
||||||
|
|
||||||
int is_error(int error_code) {
|
|
||||||
char err_message[100];
|
|
||||||
|
|
||||||
// check error case
|
|
||||||
switch(error_code) {
|
|
||||||
case RET_SUCCESS:
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
case ERR_PASSWORD_OUT_OF_RANGE:
|
|
||||||
sprintf(err_message, "Password should be at least 8 characters long and at most %d.", MAX_ITEM_SIZE);
|
|
||||||
break;
|
|
||||||
|
|
||||||
case ERR_WALLET_ALREADY_EXISTS:
|
|
||||||
sprintf(err_message, "Wallet already exists: delete file '%s' first.", WALLET_FILE);
|
|
||||||
break;
|
|
||||||
|
|
||||||
case ERR_CANNOT_SAVE_WALLET:
|
|
||||||
strcpy(err_message, "Coud not save wallet.");
|
|
||||||
break;
|
|
||||||
|
|
||||||
case ERR_CANNOT_LOAD_WALLET:
|
|
||||||
strcpy(err_message, "Coud not load wallet.");
|
|
||||||
break;
|
|
||||||
|
|
||||||
case ERR_WRONG_MASTER_PASSWORD:
|
|
||||||
strcpy(err_message, "Wrong master password.");
|
|
||||||
break;
|
|
||||||
|
|
||||||
case ERR_WALLET_FULL:
|
|
||||||
sprintf(err_message, "Wallet full (maximum number of item: %d).", MAX_ITEMS);
|
|
||||||
break;
|
|
||||||
|
|
||||||
case ERR_ITEM_DOES_NOT_EXIST:
|
|
||||||
strcpy(err_message, "Item does not exist.");
|
|
||||||
break;
|
|
||||||
|
|
||||||
case ERR_ITEM_TOO_LONG:
|
|
||||||
sprintf(err_message, "Item too longth (maximum size: %d).", MAX_ITEM_SIZE);
|
|
||||||
break;
|
|
||||||
|
|
||||||
case ERR_FAIL_SEAL:
|
|
||||||
sprintf(err_message, "Fail to seal wallet.");
|
|
||||||
break;
|
|
||||||
|
|
||||||
case ERR_FAIL_UNSEAL:
|
|
||||||
sprintf(err_message, "Fail to unseal wallet.");
|
|
||||||
break;
|
|
||||||
|
|
||||||
default:
|
|
||||||
sprintf(err_message, "Unknown error.");
|
|
||||||
}
|
|
||||||
|
|
||||||
// print error message
|
|
||||||
error_print(err_message);
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
void show_help() {
|
|
||||||
const char* command = "[-h Show this screen] [-v Show version] [-s Show wallet] " \
|
|
||||||
"[-n master-password] [-p master-password -c new-master-password]" \
|
|
||||||
"[-p master-password -a -x items_title -y items_username -z toitems_password]" \
|
|
||||||
"[-p master-password -r items_index]";
|
|
||||||
printf("\nusage: %s %s\n\n", APP_NAME, command);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,21 +0,0 @@
|
||||||
#ifndef UTIL_H_
|
|
||||||
#define UTIL_H_
|
|
||||||
|
|
||||||
#include "wallet.h"
|
|
||||||
|
|
||||||
void info_print(const char* str);
|
|
||||||
|
|
||||||
void warning_print(const char* str);
|
|
||||||
|
|
||||||
void error_print(const char* str);
|
|
||||||
|
|
||||||
void print_wallet(const wallet_t* wallet);
|
|
||||||
|
|
||||||
int is_error(int error_code);
|
|
||||||
|
|
||||||
void show_help();
|
|
||||||
|
|
||||||
void show_version();
|
|
||||||
|
|
||||||
|
|
||||||
#endif // UTIL_H_
|
|
|
@ -1,12 +0,0 @@
|
||||||
<!-- Please refer to User's Guide for the explanation of each field -->
|
|
||||||
<EnclaveConfiguration>
|
|
||||||
<ProdID>0</ProdID>
|
|
||||||
<ISVSVN>0</ISVSVN>
|
|
||||||
<StackMaxSize>0x40000</StackMaxSize>
|
|
||||||
<HeapMaxSize>0x100000</HeapMaxSize>
|
|
||||||
<TCSNum>10</TCSNum>
|
|
||||||
<TCSPolicy>1</TCSPolicy>
|
|
||||||
<DisableDebug>0</DisableDebug>
|
|
||||||
<MiscSelect>0</MiscSelect>
|
|
||||||
<MiscMask>0xFFFFFFFF</MiscMask>
|
|
||||||
</EnclaveConfiguration>
|
|
|
@ -1,403 +0,0 @@
|
||||||
#include "enclave_t.h"
|
|
||||||
#include "string.h"
|
|
||||||
|
|
||||||
#include "enclave.h"
|
|
||||||
#include "wallet.h"
|
|
||||||
|
|
||||||
#include "sgx_tseal.h"
|
|
||||||
#include "sealing/sealing.h"
|
|
||||||
|
|
||||||
int ecall_create_wallet(const char* master_password) {
|
|
||||||
|
|
||||||
//
|
|
||||||
// OVERVIEW:
|
|
||||||
// 1. check password policy
|
|
||||||
// 2. [ocall] abort if wallet already exist
|
|
||||||
// 3. create wallet
|
|
||||||
// 4. seal wallet
|
|
||||||
// 5. [ocall] save wallet
|
|
||||||
// 6. exit enclave
|
|
||||||
//
|
|
||||||
//
|
|
||||||
sgx_status_t ocall_status, sealing_status;
|
|
||||||
int ocall_ret;
|
|
||||||
|
|
||||||
|
|
||||||
// 1. check passaword policy
|
|
||||||
if (strlen(master_password) < 8 || strlen(master_password)+1 > MAX_ITEM_SIZE) {
|
|
||||||
return ERR_PASSWORD_OUT_OF_RANGE;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 2. abort if wallet already exist
|
|
||||||
ocall_status = ocall_is_wallet(&ocall_ret);
|
|
||||||
if (ocall_ret != 0) {
|
|
||||||
return ERR_WALLET_ALREADY_EXISTS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 3. create new wallet
|
|
||||||
wallet_t* wallet = (wallet_t*)malloc(sizeof(wallet_t));
|
|
||||||
wallet->size = 0;
|
|
||||||
strncpy(wallet->master_password, master_password, strlen(master_password)+1);
|
|
||||||
|
|
||||||
|
|
||||||
// 4. seal wallet
|
|
||||||
size_t sealed_size = sizeof(sgx_sealed_data_t) + sizeof(wallet_t);
|
|
||||||
uint8_t* sealed_data = (uint8_t*)malloc(sealed_size);
|
|
||||||
sealing_status = seal_wallet(wallet, (sgx_sealed_data_t*)sealed_data, sealed_size);
|
|
||||||
free(wallet);
|
|
||||||
if (sealing_status != SGX_SUCCESS) {
|
|
||||||
free(sealed_data);
|
|
||||||
return ERR_FAIL_SEAL;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 5. save wallet
|
|
||||||
ocall_status = ocall_save_wallet(&ocall_ret, sealed_data, sealed_size);
|
|
||||||
free(sealed_data);
|
|
||||||
if (ocall_ret != 0 || ocall_status != SGX_SUCCESS) {
|
|
||||||
return ERR_CANNOT_SAVE_WALLET;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 6. exit enclave
|
|
||||||
return RET_SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @brief Provides the wallet content. The sizes/length of
|
|
||||||
* pointers need to be specified, otherwise SGX will
|
|
||||||
* assume a count of 1 for all pointers.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
int ecall_show_wallet(const char* master_password, wallet_t* wallet, size_t wallet_size) {
|
|
||||||
|
|
||||||
//
|
|
||||||
// OVERVIEW:
|
|
||||||
// 1. [ocall] load wallet
|
|
||||||
// 2. unseal wallet
|
|
||||||
// 3. verify master-password
|
|
||||||
// 4. return wallet to app
|
|
||||||
// 5. exit enclave
|
|
||||||
//
|
|
||||||
//
|
|
||||||
sgx_status_t ocall_status, sealing_status;
|
|
||||||
int ocall_ret;
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
// 1. load wallet
|
|
||||||
size_t sealed_size = sizeof(sgx_sealed_data_t) + sizeof(wallet_t);
|
|
||||||
uint8_t* sealed_data = (uint8_t*)malloc(sealed_size);
|
|
||||||
ocall_status = ocall_load_wallet(&ocall_ret, sealed_data, sealed_size);
|
|
||||||
if (ocall_ret != 0 || ocall_status != SGX_SUCCESS) {
|
|
||||||
free(sealed_data);
|
|
||||||
return ERR_CANNOT_LOAD_WALLET;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 2. unseal loaded wallet
|
|
||||||
uint32_t plaintext_size = sizeof(wallet_t);
|
|
||||||
wallet_t* unsealed_wallet = (wallet_t*)malloc(plaintext_size);
|
|
||||||
sealing_status = unseal_wallet((sgx_sealed_data_t*)sealed_data, unsealed_wallet, plaintext_size);
|
|
||||||
free(sealed_data);
|
|
||||||
if (sealing_status != SGX_SUCCESS) {
|
|
||||||
free(unsealed_wallet);
|
|
||||||
return ERR_FAIL_UNSEAL;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 3. verify master-password
|
|
||||||
if (strcmp(unsealed_wallet->master_password, master_password) != 0) {
|
|
||||||
free(unsealed_wallet);
|
|
||||||
return ERR_WRONG_MASTER_PASSWORD;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 4. return wallet to app
|
|
||||||
(* wallet) = *unsealed_wallet;
|
|
||||||
free(unsealed_wallet);
|
|
||||||
|
|
||||||
|
|
||||||
// 5. exit enclave
|
|
||||||
return RET_SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @brief Changes the wallet's master-password.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
int ecall_change_master_password(const char* old_password, const char* new_password) {
|
|
||||||
|
|
||||||
//
|
|
||||||
// OVERVIEW:
|
|
||||||
// 1. check password policy
|
|
||||||
// 2. [ocall] load wallet
|
|
||||||
// 3. unseal wallet
|
|
||||||
// 4. verify old password
|
|
||||||
// 5. update password
|
|
||||||
// 6. seal wallet
|
|
||||||
// 7. [ocall] save sealed wallet
|
|
||||||
// 8. exit enclave
|
|
||||||
//
|
|
||||||
//
|
|
||||||
sgx_status_t ocall_status, sealing_status;
|
|
||||||
int ocall_ret;
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
// 1. check passaword policy
|
|
||||||
if (strlen(new_password) < 8 || strlen(new_password)+1 > MAX_ITEM_SIZE) {
|
|
||||||
return ERR_PASSWORD_OUT_OF_RANGE;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 2. load wallet
|
|
||||||
size_t sealed_size = sizeof(sgx_sealed_data_t) + sizeof(wallet_t);
|
|
||||||
uint8_t* sealed_data = (uint8_t*)malloc(sealed_size);
|
|
||||||
ocall_status = ocall_load_wallet(&ocall_ret, sealed_data, sealed_size);
|
|
||||||
if (ocall_ret != 0 || ocall_status != SGX_SUCCESS) {
|
|
||||||
free(sealed_data);
|
|
||||||
return ERR_CANNOT_LOAD_WALLET;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 3. unseal wallet
|
|
||||||
uint32_t plaintext_size = sizeof(wallet_t);
|
|
||||||
wallet_t* wallet = (wallet_t*)malloc(plaintext_size);
|
|
||||||
sealing_status = unseal_wallet((sgx_sealed_data_t*)sealed_data, wallet, plaintext_size);
|
|
||||||
free(sealed_data);
|
|
||||||
if (sealing_status != SGX_SUCCESS) {
|
|
||||||
free(wallet);
|
|
||||||
return ERR_FAIL_UNSEAL;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 4. verify master-password
|
|
||||||
if (strcmp(wallet->master_password, old_password) != 0) {
|
|
||||||
free(wallet);
|
|
||||||
return ERR_WRONG_MASTER_PASSWORD;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 5. update password
|
|
||||||
strncpy(wallet->master_password, new_password, strlen(new_password)+1);
|
|
||||||
|
|
||||||
|
|
||||||
// 6. seal wallet
|
|
||||||
sealed_data = (uint8_t*)malloc(sealed_size);
|
|
||||||
sealing_status = seal_wallet(wallet, (sgx_sealed_data_t*)sealed_data, sealed_size);
|
|
||||||
free(wallet);
|
|
||||||
if (sealing_status != SGX_SUCCESS) {
|
|
||||||
free(wallet);
|
|
||||||
free(sealed_data);
|
|
||||||
return ERR_FAIL_SEAL;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 7. save wallet
|
|
||||||
ocall_status = ocall_save_wallet(&ocall_ret, sealed_data, sealed_size);
|
|
||||||
free(sealed_data);
|
|
||||||
if (ocall_ret != 0 || ocall_status != SGX_SUCCESS) {
|
|
||||||
return ERR_CANNOT_SAVE_WALLET;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 6. exit enclave
|
|
||||||
return RET_SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @brief Adds an item to the wallet. The sizes/length of
|
|
||||||
* pointers need to be specified, otherwise SGX will
|
|
||||||
* assume a count of 1 for all pointers.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
int ecall_add_item(const char* master_password, const item_t* item, const size_t item_size) {
|
|
||||||
|
|
||||||
//
|
|
||||||
// OVERVIEW:
|
|
||||||
// 1. [ocall] load wallet
|
|
||||||
// 2. unseal wallet
|
|
||||||
// 3. verify master-password
|
|
||||||
// 4. check input length
|
|
||||||
// 5. add item to the wallet
|
|
||||||
// 6. seal wallet
|
|
||||||
// 7. [ocall] save sealed wallet
|
|
||||||
// 8. exit enclave
|
|
||||||
//
|
|
||||||
//
|
|
||||||
sgx_status_t ocall_status, sealing_status;
|
|
||||||
int ocall_ret;
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
// 2. load wallet
|
|
||||||
size_t sealed_size = sizeof(sgx_sealed_data_t) + sizeof(wallet_t);
|
|
||||||
uint8_t* sealed_data = (uint8_t*)malloc(sealed_size);
|
|
||||||
ocall_status = ocall_load_wallet(&ocall_ret, sealed_data, sealed_size);
|
|
||||||
if (ocall_ret != 0 || ocall_status != SGX_SUCCESS) {
|
|
||||||
free(sealed_data);
|
|
||||||
return ERR_CANNOT_LOAD_WALLET;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 3. unseal wallet
|
|
||||||
uint32_t plaintext_size = sizeof(wallet_t);
|
|
||||||
wallet_t* wallet = (wallet_t*)malloc(plaintext_size);
|
|
||||||
sealing_status = unseal_wallet((sgx_sealed_data_t*)sealed_data, wallet, plaintext_size);
|
|
||||||
free(sealed_data);
|
|
||||||
if (sealing_status != SGX_SUCCESS) {
|
|
||||||
free(wallet);
|
|
||||||
return ERR_FAIL_UNSEAL;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 3. verify master-password
|
|
||||||
if (strcmp(wallet->master_password, master_password) != 0) {
|
|
||||||
free(wallet);
|
|
||||||
return ERR_WRONG_MASTER_PASSWORD;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 4. check input length
|
|
||||||
if (strlen(item->title)+1 > MAX_ITEM_SIZE ||
|
|
||||||
strlen(item->username)+1 > MAX_ITEM_SIZE ||
|
|
||||||
strlen(item->password)+1 > MAX_ITEM_SIZE
|
|
||||||
) {
|
|
||||||
free(wallet);
|
|
||||||
return ERR_ITEM_TOO_LONG;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 5. add item to the wallet
|
|
||||||
size_t wallet_size = wallet->size;
|
|
||||||
if (wallet_size >= MAX_ITEMS) {
|
|
||||||
free(wallet);
|
|
||||||
return ERR_WALLET_FULL;
|
|
||||||
}
|
|
||||||
wallet->items[wallet_size] = *item;
|
|
||||||
++wallet->size;
|
|
||||||
|
|
||||||
|
|
||||||
// 6. seal wallet
|
|
||||||
sealed_data = (uint8_t*)malloc(sealed_size);
|
|
||||||
sealing_status = seal_wallet(wallet, (sgx_sealed_data_t*)sealed_data, sealed_size);
|
|
||||||
free(wallet);
|
|
||||||
if (sealing_status != SGX_SUCCESS) {
|
|
||||||
free(wallet);
|
|
||||||
free(sealed_data);
|
|
||||||
return ERR_FAIL_SEAL;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 7. save wallet
|
|
||||||
ocall_status = ocall_save_wallet(&ocall_ret, sealed_data, sealed_size);
|
|
||||||
free(sealed_data);
|
|
||||||
if (ocall_ret != 0 || ocall_status != SGX_SUCCESS) {
|
|
||||||
return ERR_CANNOT_SAVE_WALLET;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 8. exit enclave
|
|
||||||
return RET_SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @brief Removes an item from the wallet. The sizes/length of
|
|
||||||
* pointers need to be specified, otherwise SGX will
|
|
||||||
* assume a count of 1 for all pointers.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
int ecall_remove_item(const char* master_password, const int index) {
|
|
||||||
|
|
||||||
//
|
|
||||||
// OVERVIEW:
|
|
||||||
// 1. check index bounds
|
|
||||||
// 2. [ocall] load wallet
|
|
||||||
// 3. unseal wallet
|
|
||||||
// 4. verify master-password
|
|
||||||
// 5. remove item from the wallet
|
|
||||||
// 6. seal wallet
|
|
||||||
// 7. [ocall] save sealed wallet
|
|
||||||
// 8. exit enclave
|
|
||||||
//
|
|
||||||
//
|
|
||||||
sgx_status_t ocall_status, sealing_status;
|
|
||||||
int ocall_ret;
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
// 1. check index bounds
|
|
||||||
if (index < 0 || index >= MAX_ITEMS) {
|
|
||||||
return ERR_ITEM_DOES_NOT_EXIST;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 2. load wallet
|
|
||||||
size_t sealed_size = sizeof(sgx_sealed_data_t) + sizeof(wallet_t);
|
|
||||||
uint8_t* sealed_data = (uint8_t*)malloc(sealed_size);
|
|
||||||
ocall_status = ocall_load_wallet(&ocall_ret, sealed_data, sealed_size);
|
|
||||||
if (ocall_ret != 0 || ocall_status != SGX_SUCCESS) {
|
|
||||||
free(sealed_data);
|
|
||||||
return ERR_CANNOT_LOAD_WALLET;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 3. unseal wallet
|
|
||||||
uint32_t plaintext_size = sizeof(wallet_t);
|
|
||||||
wallet_t* wallet = (wallet_t*)malloc(plaintext_size);
|
|
||||||
sealing_status = unseal_wallet((sgx_sealed_data_t*)sealed_data, wallet, plaintext_size);
|
|
||||||
free(sealed_data);
|
|
||||||
if (sealing_status != SGX_SUCCESS) {
|
|
||||||
free(wallet);
|
|
||||||
return ERR_FAIL_UNSEAL;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 4. verify master-password
|
|
||||||
if (strcmp(wallet->master_password, master_password) != 0) {
|
|
||||||
free(wallet);
|
|
||||||
return ERR_WRONG_MASTER_PASSWORD;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 5. remove item from the wallet
|
|
||||||
size_t wallet_size = wallet->size;
|
|
||||||
if (index >= wallet_size) {
|
|
||||||
free(wallet);
|
|
||||||
return ERR_ITEM_DOES_NOT_EXIST;
|
|
||||||
}
|
|
||||||
for (int i = index; i < wallet_size-1; ++i) {
|
|
||||||
wallet->items[i] = wallet->items[i+1];
|
|
||||||
}
|
|
||||||
--wallet->size;
|
|
||||||
|
|
||||||
|
|
||||||
// 6. seal wallet
|
|
||||||
sealed_data = (uint8_t*)malloc(sealed_size);
|
|
||||||
sealing_status = seal_wallet(wallet, (sgx_sealed_data_t*)sealed_data, sealed_size);
|
|
||||||
free(wallet);
|
|
||||||
if (sealing_status != SGX_SUCCESS) {
|
|
||||||
free(sealed_data);
|
|
||||||
return ERR_FAIL_SEAL;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 7. save wallet
|
|
||||||
ocall_status = ocall_save_wallet(&ocall_ret, sealed_data, sealed_size);
|
|
||||||
free(sealed_data);
|
|
||||||
if (ocall_ret != 0 || ocall_status != SGX_SUCCESS) {
|
|
||||||
return ERR_CANNOT_SAVE_WALLET;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 8. exit enclave
|
|
||||||
return RET_SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,53 +0,0 @@
|
||||||
enclave {
|
|
||||||
|
|
||||||
// includes
|
|
||||||
include "wallet.h"
|
|
||||||
|
|
||||||
|
|
||||||
// define ECALLs
|
|
||||||
trusted {
|
|
||||||
|
|
||||||
public int ecall_create_wallet(
|
|
||||||
[in, string]const char* master_password
|
|
||||||
);
|
|
||||||
|
|
||||||
public int ecall_show_wallet(
|
|
||||||
[in, string]const char* master_password,
|
|
||||||
[out, size=wallet_size] wallet_t* wallet,
|
|
||||||
size_t wallet_size
|
|
||||||
);
|
|
||||||
|
|
||||||
public int ecall_change_master_password(
|
|
||||||
[in, string]const char* old_password,
|
|
||||||
[in, string]const char* new_password
|
|
||||||
);
|
|
||||||
|
|
||||||
public int ecall_add_item(
|
|
||||||
[in, string]const char* master_password,
|
|
||||||
[in, size=item_size]const item_t* item,
|
|
||||||
size_t item_size
|
|
||||||
);
|
|
||||||
|
|
||||||
public int ecall_remove_item(
|
|
||||||
[in, string]const char* master_password,
|
|
||||||
int index
|
|
||||||
);
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
// define OCALLs
|
|
||||||
untrusted {
|
|
||||||
|
|
||||||
int ocall_save_wallet(
|
|
||||||
[in, size=sealed_size]const uint8_t* sealed_data,
|
|
||||||
size_t sealed_size
|
|
||||||
);
|
|
||||||
|
|
||||||
int ocall_load_wallet(
|
|
||||||
[out, size=sealed_size]uint8_t* sealed_data,
|
|
||||||
size_t sealed_size
|
|
||||||
);
|
|
||||||
|
|
||||||
int ocall_is_wallet(void);
|
|
||||||
};
|
|
||||||
};
|
|
|
@ -1,15 +0,0 @@
|
||||||
#include "enclave_t.h"
|
|
||||||
#include "sgx_trts.h"
|
|
||||||
#include "sgx_tseal.h"
|
|
||||||
|
|
||||||
#include "wallet.h"
|
|
||||||
#include "sealing.h"
|
|
||||||
|
|
||||||
sgx_status_t seal_wallet(const wallet_t* wallet, sgx_sealed_data_t* sealed_data, size_t sealed_size) {
|
|
||||||
return sgx_seal_data(0, NULL, sizeof(wallet_t), (uint8_t*)wallet, sealed_size, sealed_data);
|
|
||||||
}
|
|
||||||
|
|
||||||
sgx_status_t unseal_wallet(const sgx_sealed_data_t* sealed_data, wallet_t* plaintext, uint32_t plaintext_size) {
|
|
||||||
return sgx_unseal_data(sealed_data, NULL, NULL, (uint8_t*)plaintext, &plaintext_size);
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,16 +0,0 @@
|
||||||
#ifndef SEALING_H_
|
|
||||||
#define SEALING_H_
|
|
||||||
|
|
||||||
#include "sgx_trts.h"
|
|
||||||
#include "sgx_tseal.h"
|
|
||||||
|
|
||||||
#include "wallet.h"
|
|
||||||
|
|
||||||
sgx_status_t seal_wallet(const wallet_t* plaintext, sgx_sealed_data_t* sealed_data, size_t sealed_size);
|
|
||||||
|
|
||||||
sgx_status_t unseal_wallet(const sgx_sealed_data_t* sealed_data, wallet_t* plaintext, uint32_t plaintext_size);
|
|
||||||
|
|
||||||
|
|
||||||
#endif // SEALING_H_
|
|
||||||
|
|
||||||
|
|
|
@ -1,21 +0,0 @@
|
||||||
#ifndef ENCLAVE_H_
|
|
||||||
#define ENCLAVE_H_
|
|
||||||
|
|
||||||
|
|
||||||
/***************************************************
|
|
||||||
* Enclave return codes
|
|
||||||
***************************************************/
|
|
||||||
#define RET_SUCCESS 0
|
|
||||||
#define ERR_PASSWORD_OUT_OF_RANGE 1
|
|
||||||
#define ERR_WALLET_ALREADY_EXISTS 2
|
|
||||||
#define ERR_CANNOT_SAVE_WALLET 3
|
|
||||||
#define ERR_CANNOT_LOAD_WALLET 4
|
|
||||||
#define ERR_WRONG_MASTER_PASSWORD 5
|
|
||||||
#define ERR_WALLET_FULL 6
|
|
||||||
#define ERR_ITEM_DOES_NOT_EXIST 7
|
|
||||||
#define ERR_ITEM_TOO_LONG 8
|
|
||||||
#define ERR_FAIL_SEAL 9
|
|
||||||
#define ERR_FAIL_UNSEAL 10
|
|
||||||
|
|
||||||
|
|
||||||
#endif // ENCLAVE_H_
|
|
|
@ -1,25 +0,0 @@
|
||||||
#ifndef WALLET_H_
|
|
||||||
#define WALLET_H_
|
|
||||||
|
|
||||||
#define MAX_ITEMS 100
|
|
||||||
#define MAX_ITEM_SIZE 100
|
|
||||||
|
|
||||||
// item
|
|
||||||
struct Item {
|
|
||||||
char title[MAX_ITEM_SIZE];
|
|
||||||
char username[MAX_ITEM_SIZE];
|
|
||||||
char password[MAX_ITEM_SIZE];
|
|
||||||
};
|
|
||||||
typedef struct Item item_t;
|
|
||||||
|
|
||||||
// wallet
|
|
||||||
struct Wallet {
|
|
||||||
item_t items[MAX_ITEMS];
|
|
||||||
size_t size;
|
|
||||||
char master_password[MAX_ITEM_SIZE];
|
|
||||||
};
|
|
||||||
typedef struct Wallet wallet_t;
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
#endif // WALLET_H_
|
|
|
@ -1,216 +0,0 @@
|
||||||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
|
||||||
<?fileVersion 4.0.0?><cproject storage_type_id="org.eclipse.cdt.core.XmlProjectDescriptionStorage">
|
|
||||||
<storageModule moduleId="org.eclipse.cdt.core.settings">
|
|
||||||
<cconfiguration id="com.intel.sgx.configuration.Sim.Debug">
|
|
||||||
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.Sim.Debug" moduleId="org.eclipse.cdt.core.settings" name="Intel(R) SGX Simulation Debug">
|
|
||||||
<externalSettings/>
|
|
||||||
<extensions>
|
|
||||||
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
</extensions>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
|
|
||||||
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.Sim.Debug" name="Intel(R) SGX Simulation Debug" parent="com.intel.sgx.configuration.Sim.Debug">
|
|
||||||
<folderInfo id="com.intel.sgx.configuration.Sim.Debug.935873960" name="/" resourcePath="">
|
|
||||||
<toolChain id="com.intel.sgx.toolChain.Sim.Debug.2132595457" name="Intel(R) SGX" superClass="com.intel.sgx.toolChain.Sim.Debug">
|
|
||||||
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.1678491512" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
|
|
||||||
<builder arguments="SGX_DEBUG=1 SGX_MODE=SIM -f Makefile" command="make" id="com.intel.sgx.builder2.229166714" keepEnvironmentInBuildfile="false" name="Intel(R) Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder2"/>
|
|
||||||
<tool id="com.intel.sgx.compiler.81269967" name="Intel(R) SGX" superClass="com.intel.sgx.compiler">
|
|
||||||
<option id="com.intel.sgx.option.includePath.1694375039" superClass="com.intel.sgx.option.includePath" valueType="includePath">
|
|
||||||
<listOptionValue builtIn="false" value=""${SGX_SDK}/include""/>
|
|
||||||
</option>
|
|
||||||
<inputType id="com.intel.sgx.inputType.742388855" superClass="com.intel.sgx.inputType"/>
|
|
||||||
</tool>
|
|
||||||
</toolChain>
|
|
||||||
</folderInfo>
|
|
||||||
</configuration>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
|
|
||||||
</cconfiguration>
|
|
||||||
<cconfiguration id="com.intel.sgx.configuration.Sim.Release">
|
|
||||||
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.Sim.Release" moduleId="org.eclipse.cdt.core.settings" name="Intel(R) SGX Simulation">
|
|
||||||
<externalSettings/>
|
|
||||||
<extensions>
|
|
||||||
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
</extensions>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
|
|
||||||
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.Sim.Release" name="Intel(R) SGX Simulation" parent="com.intel.sgx.configuration.Sim.Release">
|
|
||||||
<folderInfo id="com.intel.sgx.configuration.Sim.Release.428839196" name="/" resourcePath="">
|
|
||||||
<toolChain id="com.intel.sgx.toolChain.Sim.Release.709775329" name="Intel(R) SGX" superClass="com.intel.sgx.toolChain.Sim.Release">
|
|
||||||
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.1866379479" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
|
|
||||||
<builder arguments="SGX_DEBUG=0 SGX_MODE=SIM -f Makefile" command="make" id="com.intel.sgx.builder3.1000705250" keepEnvironmentInBuildfile="false" name="Intel(R) Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder3"/>
|
|
||||||
<tool id="com.intel.sgx.compiler.301453474" name="Intel(R) SGX" superClass="com.intel.sgx.compiler">
|
|
||||||
<option id="com.intel.sgx.option.includePath.1312096753" superClass="com.intel.sgx.option.includePath" valueType="includePath">
|
|
||||||
<listOptionValue builtIn="false" value=""${SGX_SDK}/include""/>
|
|
||||||
</option>
|
|
||||||
<inputType id="com.intel.sgx.inputType.596141238" superClass="com.intel.sgx.inputType"/>
|
|
||||||
</tool>
|
|
||||||
</toolChain>
|
|
||||||
</folderInfo>
|
|
||||||
</configuration>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
|
|
||||||
</cconfiguration>
|
|
||||||
<cconfiguration id="com.intel.sgx.configuration.HW.Debug">
|
|
||||||
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.HW.Debug" moduleId="org.eclipse.cdt.core.settings" name="Intel(R) SGX Hardware Debug">
|
|
||||||
<externalSettings/>
|
|
||||||
<extensions>
|
|
||||||
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
</extensions>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
|
|
||||||
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.HW.Debug" name="Intel(R) SGX Hardware Debug" parent="com.intel.sgx.configuration.HW.Debug">
|
|
||||||
<folderInfo id="com.intel.sgx.configuration.HW.Debug.562917509" name="/" resourcePath="">
|
|
||||||
<toolChain id="com.intel.sgx.toolChain.HW.Debug.2046051538" name="Intel(R) SGX" superClass="com.intel.sgx.toolChain.HW.Debug">
|
|
||||||
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.999277922" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
|
|
||||||
<builder arguments="SGX_DEBUG=1 SGX_MODE=HW -f Makefile" command="make" id="com.intel.sgx.builder1.577701014" keepEnvironmentInBuildfile="false" name="Intel(R) Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder1"/>
|
|
||||||
<tool id="com.intel.sgx.compiler.1898704176" name="Intel(R) SGX" superClass="com.intel.sgx.compiler">
|
|
||||||
<option id="com.intel.sgx.option.includePath.1026657138" superClass="com.intel.sgx.option.includePath" valueType="includePath">
|
|
||||||
<listOptionValue builtIn="false" value=""${SGX_SDK}/include""/>
|
|
||||||
</option>
|
|
||||||
<inputType id="com.intel.sgx.inputType.393162412" superClass="com.intel.sgx.inputType"/>
|
|
||||||
</tool>
|
|
||||||
</toolChain>
|
|
||||||
</folderInfo>
|
|
||||||
</configuration>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
|
|
||||||
</cconfiguration>
|
|
||||||
<cconfiguration id="com.intel.sgx.configuration.HW.Prerelease">
|
|
||||||
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.HW.Prerelease" moduleId="org.eclipse.cdt.core.settings" name="Intel(R) SGX Hardware Prerelease">
|
|
||||||
<externalSettings/>
|
|
||||||
<extensions>
|
|
||||||
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
</extensions>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
|
|
||||||
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.HW.Prerelease" name="Intel(R) SGX Hardware Prerelease" parent="com.intel.sgx.configuration.HW.Prerelease">
|
|
||||||
<folderInfo id="com.intel.sgx.configuration.HW.Prerelease.2074448686" name="/" resourcePath="">
|
|
||||||
<toolChain id="com.intel.sgx.toolChain.HW.Prerelease.2016152654" name="Intel(R) SGX" superClass="com.intel.sgx.toolChain.HW.Prerelease">
|
|
||||||
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.1520324017" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
|
|
||||||
<builder arguments="SGX_PRERELEASE=1 SGX_MODE=HW -f Makefile" command="make" id="com.intel.sgx.builder5.293910513" keepEnvironmentInBuildfile="false" name="Intel(R) Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder5"/>
|
|
||||||
<tool id="com.intel.sgx.compiler.845441552" name="Intel(R) SGX" superClass="com.intel.sgx.compiler">
|
|
||||||
<option id="com.intel.sgx.option.includePath.199398937" superClass="com.intel.sgx.option.includePath" valueType="includePath">
|
|
||||||
<listOptionValue builtIn="false" value=""${SGX_SDK}/include""/>
|
|
||||||
</option>
|
|
||||||
<inputType id="com.intel.sgx.inputType.1555926498" superClass="com.intel.sgx.inputType"/>
|
|
||||||
</tool>
|
|
||||||
</toolChain>
|
|
||||||
</folderInfo>
|
|
||||||
</configuration>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
|
|
||||||
</cconfiguration>
|
|
||||||
<cconfiguration id="com.intel.sgx.configuration.HW.Release">
|
|
||||||
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.HW.Release" moduleId="org.eclipse.cdt.core.settings" name="Intel(R) SGX Hardware Release">
|
|
||||||
<externalSettings/>
|
|
||||||
<extensions>
|
|
||||||
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
</extensions>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
|
|
||||||
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.HW.Release" name="Intel(R) SGX Hardware Release" parent="com.intel.sgx.configuration.HW.Release">
|
|
||||||
<folderInfo id="com.intel.sgx.configuration.HW.Release.1347223665" name="/" resourcePath="">
|
|
||||||
<toolChain id="com.intel.sgx.toolChain.HW.Release.1050674831" name="Intel(R) SGX" superClass="com.intel.sgx.toolChain.HW.Release">
|
|
||||||
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.987781695" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
|
|
||||||
<builder arguments="SGX_DEBUG=0 SGX_MODE=HW -f Makefile" command="make" id="com.intel.sgx.builder6.484951388" keepEnvironmentInBuildfile="false" name="Intel(R) Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder6"/>
|
|
||||||
<tool id="com.intel.sgx.compiler.945246695" name="Intel(R) SGX" superClass="com.intel.sgx.compiler">
|
|
||||||
<option id="com.intel.sgx.option.includePath.119487102" superClass="com.intel.sgx.option.includePath" valueType="includePath">
|
|
||||||
<listOptionValue builtIn="false" value=""${SGX_SDK}/include""/>
|
|
||||||
</option>
|
|
||||||
<inputType id="com.intel.sgx.inputType.593431891" superClass="com.intel.sgx.inputType"/>
|
|
||||||
</tool>
|
|
||||||
</toolChain>
|
|
||||||
</folderInfo>
|
|
||||||
</configuration>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
|
|
||||||
</cconfiguration>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
|
|
||||||
<project id="LocalAttestation.cdt.managedbuild.target.gnu.exe.872917958" name="Executable" projectType="cdt.managedbuild.target.gnu.exe"/>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="org.eclipse.cdt.core.LanguageSettingsProviders"/>
|
|
||||||
<storageModule moduleId="refreshScope" versionNumber="2">
|
|
||||||
<configuration configurationName="Intel(R) SGX Hardware Debug">
|
|
||||||
<resource resourceType="PROJECT" workspacePath="/LocalAttestation"/>
|
|
||||||
</configuration>
|
|
||||||
<configuration configurationName="Intel(R) SGX Simulation Debug">
|
|
||||||
<resource resourceType="PROJECT" workspacePath="/LocalAttestation"/>
|
|
||||||
</configuration>
|
|
||||||
<configuration configurationName="Intel(R) SGX Hardware Prerelease">
|
|
||||||
<resource resourceType="PROJECT" workspacePath="/LocalAttestation"/>
|
|
||||||
</configuration>
|
|
||||||
<configuration configurationName="Intel(R) SGX Simulation">
|
|
||||||
<resource resourceType="PROJECT" workspacePath="/LocalAttestation"/>
|
|
||||||
</configuration>
|
|
||||||
<configuration configurationName="Intel(R) SGX Hardware Release">
|
|
||||||
<resource resourceType="PROJECT" workspacePath="/LocalAttestation"/>
|
|
||||||
</configuration>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="scannerConfiguration">
|
|
||||||
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
|
|
||||||
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.HW.Release;com.intel.sgx.configuration.HW.Release.1347223665;com.intel.sgx.compiler.945246695;com.intel.sgx.inputType.593431891">
|
|
||||||
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
|
|
||||||
</scannerConfigBuildInfo>
|
|
||||||
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.Sim.Debug;com.intel.sgx.configuration.Sim.Debug.935873960;com.intel.sgx.compiler.81269967;com.intel.sgx.inputType.742388855">
|
|
||||||
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
|
|
||||||
</scannerConfigBuildInfo>
|
|
||||||
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.Sim.Release;com.intel.sgx.configuration.Sim.Release.428839196;com.intel.sgx.compiler.301453474;com.intel.sgx.inputType.596141238">
|
|
||||||
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
|
|
||||||
</scannerConfigBuildInfo>
|
|
||||||
<scannerConfigBuildInfo instanceId="cdt.managedbuild.config.gnu.exe.debug.1609650460;cdt.managedbuild.config.gnu.exe.debug.1609650460.;cdt.managedbuild.tool.gnu.c.compiler.exe.debug.1644119147;cdt.managedbuild.tool.gnu.c.compiler.input.938348551">
|
|
||||||
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
|
|
||||||
</scannerConfigBuildInfo>
|
|
||||||
<scannerConfigBuildInfo instanceId="cdt.managedbuild.config.gnu.exe.release.1394873887;cdt.managedbuild.config.gnu.exe.release.1394873887.;cdt.managedbuild.tool.gnu.c.compiler.exe.release.2035356548;cdt.managedbuild.tool.gnu.c.compiler.input.793813290">
|
|
||||||
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
|
|
||||||
</scannerConfigBuildInfo>
|
|
||||||
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.HW.Debug;com.intel.sgx.configuration.HW.Debug.562917509;com.intel.sgx.compiler.1898704176;com.intel.sgx.inputType.393162412">
|
|
||||||
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
|
|
||||||
</scannerConfigBuildInfo>
|
|
||||||
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.HW.Prerelease;com.intel.sgx.configuration.HW.Prerelease.2074448686;com.intel.sgx.compiler.845441552;com.intel.sgx.inputType.1555926498">
|
|
||||||
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
|
|
||||||
</scannerConfigBuildInfo>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="org.eclipse.cdt.internal.ui.text.commentOwnerProjectMappings"/>
|
|
||||||
</cproject>
|
|
|
@ -1,28 +0,0 @@
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
|
||||||
<projectDescription>
|
|
||||||
<name>LocalAttestation</name>
|
|
||||||
<comment></comment>
|
|
||||||
<projects>
|
|
||||||
</projects>
|
|
||||||
<buildSpec>
|
|
||||||
<buildCommand>
|
|
||||||
<name>org.eclipse.cdt.managedbuilder.core.genmakebuilder</name>
|
|
||||||
<triggers>clean,full,incremental,</triggers>
|
|
||||||
<arguments>
|
|
||||||
</arguments>
|
|
||||||
</buildCommand>
|
|
||||||
<buildCommand>
|
|
||||||
<name>org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder</name>
|
|
||||||
<triggers>full,incremental,</triggers>
|
|
||||||
<arguments>
|
|
||||||
</arguments>
|
|
||||||
</buildCommand>
|
|
||||||
</buildSpec>
|
|
||||||
<natures>
|
|
||||||
<nature>org.eclipse.cdt.core.cnature</nature>
|
|
||||||
<nature>org.eclipse.cdt.managedbuilder.core.managedBuildNature</nature>
|
|
||||||
<nature>org.eclipse.cdt.managedbuilder.core.ScannerConfigNature</nature>
|
|
||||||
<nature>org.eclipse.cdt.core.ccnature</nature>
|
|
||||||
<nature>com.intel.sgx.sgxnature</nature>
|
|
||||||
</natures>
|
|
||||||
</projectDescription>
|
|
|
@ -1,73 +0,0 @@
|
||||||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
|
||||||
<project>
|
|
||||||
<configuration id="com.intel.sgx.configuration.Sim.Debug" name="Intel(R) SGX Simulation Debug">
|
|
||||||
<extension point="org.eclipse.cdt.core.LanguageSettingsProvider">
|
|
||||||
<provider class="org.eclipse.cdt.core.language.settings.providers.LanguageSettingsGenericProvider" id="org.eclipse.cdt.ui.UserLanguageSettingsProvider" name="CDT User Setting Entries" prefer-non-shared="true" store-entries-with-project="true">
|
|
||||||
<resource project-relative-path="">
|
|
||||||
<entry kind="includePath" name="${SGX_SDK}/include">
|
|
||||||
<flag value="LOCAL"/>
|
|
||||||
</entry>
|
|
||||||
</resource>
|
|
||||||
</provider>
|
|
||||||
<provider-reference id="org.eclipse.cdt.core.ReferencedProjectsLanguageSettingsProvider" ref="shared-provider"/>
|
|
||||||
<provider-reference id="org.eclipse.cdt.managedbuilder.core.MBSLanguageSettingsProvider" ref="shared-provider"/>
|
|
||||||
<provider-reference id="org.eclipse.cdt.managedbuilder.core.GCCBuiltinSpecsDetector" ref="shared-provider"/>
|
|
||||||
</extension>
|
|
||||||
</configuration>
|
|
||||||
<configuration id="com.intel.sgx.configuration.Sim.Release" name="Intel(R) SGX Simulation">
|
|
||||||
<extension point="org.eclipse.cdt.core.LanguageSettingsProvider">
|
|
||||||
<provider class="org.eclipse.cdt.core.language.settings.providers.LanguageSettingsGenericProvider" id="org.eclipse.cdt.ui.UserLanguageSettingsProvider" name="CDT User Setting Entries" prefer-non-shared="true" store-entries-with-project="true">
|
|
||||||
<resource project-relative-path="">
|
|
||||||
<entry kind="includePath" name="${SGX_SDK}/include">
|
|
||||||
<flag value="LOCAL"/>
|
|
||||||
</entry>
|
|
||||||
</resource>
|
|
||||||
</provider>
|
|
||||||
<provider-reference id="org.eclipse.cdt.core.ReferencedProjectsLanguageSettingsProvider" ref="shared-provider"/>
|
|
||||||
<provider-reference id="org.eclipse.cdt.managedbuilder.core.MBSLanguageSettingsProvider" ref="shared-provider"/>
|
|
||||||
<provider-reference id="org.eclipse.cdt.managedbuilder.core.GCCBuiltinSpecsDetector" ref="shared-provider"/>
|
|
||||||
</extension>
|
|
||||||
</configuration>
|
|
||||||
<configuration id="com.intel.sgx.configuration.HW.Debug" name="Intel(R) SGX Hardware Debug">
|
|
||||||
<extension point="org.eclipse.cdt.core.LanguageSettingsProvider">
|
|
||||||
<provider class="org.eclipse.cdt.core.language.settings.providers.LanguageSettingsGenericProvider" id="org.eclipse.cdt.ui.UserLanguageSettingsProvider" name="CDT User Setting Entries" prefer-non-shared="true" store-entries-with-project="true">
|
|
||||||
<resource project-relative-path="">
|
|
||||||
<entry kind="includePath" name="${SGX_SDK}/include">
|
|
||||||
<flag value="LOCAL"/>
|
|
||||||
</entry>
|
|
||||||
</resource>
|
|
||||||
</provider>
|
|
||||||
<provider-reference id="org.eclipse.cdt.core.ReferencedProjectsLanguageSettingsProvider" ref="shared-provider"/>
|
|
||||||
<provider-reference id="org.eclipse.cdt.managedbuilder.core.MBSLanguageSettingsProvider" ref="shared-provider"/>
|
|
||||||
<provider-reference id="org.eclipse.cdt.managedbuilder.core.GCCBuiltinSpecsDetector" ref="shared-provider"/>
|
|
||||||
</extension>
|
|
||||||
</configuration>
|
|
||||||
<configuration id="com.intel.sgx.configuration.HW.Prerelease" name="Intel(R) SGX Hardware Prerelease">
|
|
||||||
<extension point="org.eclipse.cdt.core.LanguageSettingsProvider">
|
|
||||||
<provider class="org.eclipse.cdt.core.language.settings.providers.LanguageSettingsGenericProvider" id="org.eclipse.cdt.ui.UserLanguageSettingsProvider" name="CDT User Setting Entries" prefer-non-shared="true" store-entries-with-project="true">
|
|
||||||
<resource project-relative-path="">
|
|
||||||
<entry kind="includePath" name="${SGX_SDK}/include">
|
|
||||||
<flag value="LOCAL"/>
|
|
||||||
</entry>
|
|
||||||
</resource>
|
|
||||||
</provider>
|
|
||||||
<provider-reference id="org.eclipse.cdt.core.ReferencedProjectsLanguageSettingsProvider" ref="shared-provider"/>
|
|
||||||
<provider-reference id="org.eclipse.cdt.managedbuilder.core.MBSLanguageSettingsProvider" ref="shared-provider"/>
|
|
||||||
<provider-reference id="org.eclipse.cdt.managedbuilder.core.GCCBuiltinSpecsDetector" ref="shared-provider"/>
|
|
||||||
</extension>
|
|
||||||
</configuration>
|
|
||||||
<configuration id="com.intel.sgx.configuration.HW.Release" name="Intel(R) SGX Hardware Release">
|
|
||||||
<extension point="org.eclipse.cdt.core.LanguageSettingsProvider">
|
|
||||||
<provider class="org.eclipse.cdt.core.language.settings.providers.LanguageSettingsGenericProvider" id="org.eclipse.cdt.ui.UserLanguageSettingsProvider" name="CDT User Setting Entries" prefer-non-shared="true" store-entries-with-project="true">
|
|
||||||
<resource project-relative-path="">
|
|
||||||
<entry kind="includePath" name="${SGX_SDK}/include">
|
|
||||||
<flag value="LOCAL"/>
|
|
||||||
</entry>
|
|
||||||
</resource>
|
|
||||||
</provider>
|
|
||||||
<provider-reference id="org.eclipse.cdt.core.ReferencedProjectsLanguageSettingsProvider" ref="shared-provider"/>
|
|
||||||
<provider-reference id="org.eclipse.cdt.managedbuilder.core.MBSLanguageSettingsProvider" ref="shared-provider"/>
|
|
||||||
<provider-reference id="org.eclipse.cdt.managedbuilder.core.GCCBuiltinSpecsDetector" ref="shared-provider"/>
|
|
||||||
</extension>
|
|
||||||
</configuration>
|
|
||||||
</project>
|
|
|
@ -1,150 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
// App.cpp : Defines the entry point for the console application.
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <map>
|
|
||||||
#include "../Enclave1/Enclave1_u.h"
|
|
||||||
#include "../Enclave2/Enclave2_u.h"
|
|
||||||
#include "../Enclave3/Enclave3_u.h"
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "sgx_urts.h"
|
|
||||||
#define __STDC_FORMAT_MACROS
|
|
||||||
#include <inttypes.h>
|
|
||||||
|
|
||||||
#include <sys/ipc.h>
|
|
||||||
#include <sys/shm.h>
|
|
||||||
#include <unistd.h>
|
|
||||||
|
|
||||||
#define UNUSED(val) (void)(val)
|
|
||||||
#define TCHAR char
|
|
||||||
#define _TCHAR char
|
|
||||||
#define _T(str) str
|
|
||||||
#define scanf_s scanf
|
|
||||||
#define _tmain main
|
|
||||||
|
|
||||||
extern std::map<sgx_enclave_id_t, uint32_t>g_enclave_id_map;
|
|
||||||
|
|
||||||
|
|
||||||
sgx_enclave_id_t e1_enclave_id = 0;
|
|
||||||
sgx_enclave_id_t e2_enclave_id = 0;
|
|
||||||
sgx_enclave_id_t e3_enclave_id = 0;
|
|
||||||
|
|
||||||
#define ENCLAVE1_PATH "libenclave1.so"
|
|
||||||
#define ENCLAVE2_PATH "libenclave2.so"
|
|
||||||
#define ENCLAVE3_PATH "libenclave3.so"
|
|
||||||
|
|
||||||
void waitForKeyPress()
|
|
||||||
{
|
|
||||||
char ch;
|
|
||||||
int temp;
|
|
||||||
printf("\n\nHit a key....\n");
|
|
||||||
temp = scanf_s("%c", &ch);
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t load_enclaves()
|
|
||||||
{
|
|
||||||
uint32_t enclave_temp_no;
|
|
||||||
int ret, launch_token_updated;
|
|
||||||
sgx_launch_token_t launch_token;
|
|
||||||
|
|
||||||
enclave_temp_no = 0;
|
|
||||||
|
|
||||||
ret = sgx_create_enclave(ENCLAVE1_PATH, SGX_DEBUG_FLAG, &launch_token, &launch_token_updated, &e1_enclave_id, NULL);
|
|
||||||
if (ret != SGX_SUCCESS) {
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
enclave_temp_no++;
|
|
||||||
g_enclave_id_map.insert(std::pair<sgx_enclave_id_t, uint32_t>(e1_enclave_id, enclave_temp_no));
|
|
||||||
|
|
||||||
return SGX_SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
int _tmain(int argc, _TCHAR* argv[])
|
|
||||||
{
|
|
||||||
uint32_t ret_status;
|
|
||||||
sgx_status_t status;
|
|
||||||
|
|
||||||
UNUSED(argc);
|
|
||||||
UNUSED(argv);
|
|
||||||
|
|
||||||
if(load_enclaves() != SGX_SUCCESS)
|
|
||||||
{
|
|
||||||
printf("\nLoad Enclave Failure");
|
|
||||||
}
|
|
||||||
|
|
||||||
//printf("\nAvailable Enclaves");
|
|
||||||
//printf("\nEnclave1 - EnclaveID %" PRIx64 "\n", e1_enclave_id);
|
|
||||||
|
|
||||||
// shared memory
|
|
||||||
key_t key = ftok("../..", 1);
|
|
||||||
int shmid = shmget(key, 1024, 0666|IPC_CREAT);
|
|
||||||
char *str = (char*)shmat(shmid, (void*)0, 0);
|
|
||||||
printf("[TEST IPC] Sending to Enclave2: Hello from Enclave1\n");
|
|
||||||
strncpy(str, "Hello from Enclave1\n", 20);
|
|
||||||
shmdt(str);
|
|
||||||
|
|
||||||
do
|
|
||||||
{
|
|
||||||
printf("[START] Testing create session between Enclave1 (Initiator) and Enclave2 (Responder)\n");
|
|
||||||
status = Enclave1_test_create_session(e1_enclave_id, &ret_status, e1_enclave_id, 0);
|
|
||||||
status = SGX_SUCCESS;
|
|
||||||
if (status!=SGX_SUCCESS)
|
|
||||||
{
|
|
||||||
printf("[END] test_create_session Ecall failed: Error code is %x\n", status);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
if(ret_status==0)
|
|
||||||
{
|
|
||||||
printf("[END] Secure Channel Establishment between Initiator (E1) and Responder (E2) Enclaves successful !!!\n");
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
printf("[END] Session establishment and key exchange failure between Initiator (E1) and Responder (E2): Error code is %x\n", ret_status);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#pragma warning (push)
|
|
||||||
#pragma warning (disable : 4127)
|
|
||||||
}while(0);
|
|
||||||
#pragma warning (pop)
|
|
||||||
|
|
||||||
sgx_destroy_enclave(e1_enclave_id);
|
|
||||||
|
|
||||||
waitForKeyPress();
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
|
@ -1,12 +0,0 @@
|
||||||
<EnclaveConfiguration>
|
|
||||||
<ProdID>0</ProdID>
|
|
||||||
<ISVSVN>0</ISVSVN>
|
|
||||||
<StackMaxSize>0x40000</StackMaxSize>
|
|
||||||
<HeapMaxSize>0x100000</HeapMaxSize>
|
|
||||||
<TCSNum>1</TCSNum>
|
|
||||||
<TCSPolicy>1</TCSPolicy>
|
|
||||||
<!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
|
|
||||||
<DisableDebug>0</DisableDebug>
|
|
||||||
<MiscSelect>0</MiscSelect>
|
|
||||||
<MiscMask>0xFFFFFFFF</MiscMask>
|
|
||||||
</EnclaveConfiguration>
|
|
|
@ -1,367 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
// Enclave1.cpp : Defines the exported functions for the .so application
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "Enclave1_t.h"
|
|
||||||
#include "EnclaveMessageExchange.h"
|
|
||||||
#include "error_codes.h"
|
|
||||||
#include "Utility_E1.h"
|
|
||||||
#include "sgx_thread.h"
|
|
||||||
#include "sgx_dh.h"
|
|
||||||
#include <map>
|
|
||||||
|
|
||||||
#define UNUSED(val) (void)(val)
|
|
||||||
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>g_src_session_info_map;
|
|
||||||
|
|
||||||
static uint32_t e1_foo1_wrapper(ms_in_msg_exchange_t *ms, size_t param_lenth, char** resp_buffer, size_t* resp_length);
|
|
||||||
|
|
||||||
//Function pointer table containing the list of functions that the enclave exposes
|
|
||||||
const struct {
|
|
||||||
size_t num_funcs;
|
|
||||||
const void* table[1];
|
|
||||||
} func_table = {
|
|
||||||
1,
|
|
||||||
{
|
|
||||||
(const void*)e1_foo1_wrapper,
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
//Makes use of the sample code function to establish a secure channel with the destination enclave (Test Vector)
|
|
||||||
uint32_t test_create_session(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
dh_session_t dest_session_info;
|
|
||||||
|
|
||||||
//Core reference code function for creating a session
|
|
||||||
ke_status = create_session(src_enclave_id, dest_enclave_id, &dest_session_info);
|
|
||||||
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Makes use of the sample code function to do an enclave to enclave call (Test Vector)
|
|
||||||
uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
uint32_t var1,var2;
|
|
||||||
uint32_t target_fn_id, msg_type;
|
|
||||||
char* marshalled_inp_buff;
|
|
||||||
size_t marshalled_inp_buff_len;
|
|
||||||
char* out_buff;
|
|
||||||
size_t out_buff_len;
|
|
||||||
dh_session_t *dest_session_info;
|
|
||||||
size_t max_out_buff_size;
|
|
||||||
char* retval;
|
|
||||||
|
|
||||||
var1 = 0x4;
|
|
||||||
var2 = 0x5;
|
|
||||||
target_fn_id = 0;
|
|
||||||
msg_type = ENCLAVE_TO_ENCLAVE_CALL;
|
|
||||||
max_out_buff_size = 50;
|
|
||||||
|
|
||||||
//Marshals the input parameters for calling function foo1 in Enclave2 into a input buffer
|
|
||||||
ke_status = marshal_input_parameters_e2_foo1(target_fn_id, msg_type, var1, var2, &marshalled_inp_buff, &marshalled_inp_buff_len);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Search the map for the session information associated with the destination enclave id of Enclave2 passed in
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
|
|
||||||
if(it != g_src_session_info_map.end())
|
|
||||||
{
|
|
||||||
dest_session_info = &it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Core Reference Code function
|
|
||||||
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
|
|
||||||
marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
|
|
||||||
|
|
||||||
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Un-marshal the return value and output parameters from foo1 of Enclave 2
|
|
||||||
ke_status = unmarshal_retval_and_output_parameters_e2_foo1(out_buff, &retval);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
SAFE_FREE(retval);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Makes use of the sample code function to do a generic secret message exchange (Test Vector)
|
|
||||||
uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
uint32_t target_fn_id, msg_type;
|
|
||||||
char* marshalled_inp_buff;
|
|
||||||
size_t marshalled_inp_buff_len;
|
|
||||||
char* out_buff;
|
|
||||||
size_t out_buff_len;
|
|
||||||
dh_session_t *dest_session_info;
|
|
||||||
size_t max_out_buff_size;
|
|
||||||
char* secret_response;
|
|
||||||
uint32_t secret_data;
|
|
||||||
|
|
||||||
target_fn_id = 0;
|
|
||||||
msg_type = MESSAGE_EXCHANGE;
|
|
||||||
max_out_buff_size = 50;
|
|
||||||
secret_data = 0x12345678; //Secret Data here is shown only for purpose of demonstration.
|
|
||||||
|
|
||||||
//Marshals the secret data into a buffer
|
|
||||||
ke_status = marshal_message_exchange_request(target_fn_id, msg_type, secret_data, &marshalled_inp_buff, &marshalled_inp_buff_len);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
//Search the map for the session information associated with the destination enclave id passed in
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
|
|
||||||
if(it != g_src_session_info_map.end())
|
|
||||||
{
|
|
||||||
dest_session_info = &it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Core Reference Code function
|
|
||||||
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
|
|
||||||
marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Un-marshal the secret response data
|
|
||||||
ke_status = umarshal_message_exchange_response(out_buff, &secret_response);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
SAFE_FREE(secret_response);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
//Makes use of the sample code function to close a current session
|
|
||||||
uint32_t test_close_session(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
dh_session_t dest_session_info;
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
//Search the map for the session information associated with the destination enclave id passed in
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
|
|
||||||
if(it != g_src_session_info_map.end())
|
|
||||||
{
|
|
||||||
dest_session_info = it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Core reference code function for closing a session
|
|
||||||
ke_status = close_session(src_enclave_id, dest_enclave_id);
|
|
||||||
|
|
||||||
//Erase the session information associated with the destination enclave id
|
|
||||||
g_src_session_info_map.erase(dest_enclave_id);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Function that is used to verify the trust of the other enclave
|
|
||||||
//Each enclave can have its own way verifying the peer enclave identity
|
|
||||||
extern "C" uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity)
|
|
||||||
{
|
|
||||||
if(!peer_enclave_identity)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
if(peer_enclave_identity->isv_prod_id != 0 || !(peer_enclave_identity->attributes.flags & SGX_FLAGS_INITTED))
|
|
||||||
// || peer_enclave_identity->attributes.xfrm !=3)// || peer_enclave_identity->mr_signer != xx //TODO: To be hardcoded with values to check
|
|
||||||
{
|
|
||||||
return ENCLAVE_TRUST_ERROR;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
//Dispatcher function that calls the approriate enclave function based on the function id
|
|
||||||
//Each enclave can have its own way of dispatching the calls from other enclave
|
|
||||||
extern "C" uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data,
|
|
||||||
size_t decrypted_data_length,
|
|
||||||
char** resp_buffer,
|
|
||||||
size_t* resp_length)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
uint32_t (*fn1)(ms_in_msg_exchange_t *ms, size_t, char**, size_t*);
|
|
||||||
if(!decrypted_data || !resp_length)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
ms = (ms_in_msg_exchange_t *)decrypted_data;
|
|
||||||
if(ms->target_fn_id >= func_table.num_funcs)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
fn1 = (uint32_t (*)(ms_in_msg_exchange_t*, size_t, char**, size_t*))func_table.table[ms->target_fn_id];
|
|
||||||
return fn1(ms, decrypted_data_length, resp_buffer, resp_length);
|
|
||||||
}
|
|
||||||
|
|
||||||
//Operates on the input secret and generates the output secret
|
|
||||||
uint32_t get_message_exchange_response(uint32_t inp_secret_data)
|
|
||||||
{
|
|
||||||
uint32_t secret_response;
|
|
||||||
|
|
||||||
//User should use more complex encryption method to protect their secret, below is just a simple example
|
|
||||||
secret_response = inp_secret_data & 0x11111111;
|
|
||||||
|
|
||||||
return secret_response;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
//Generates the response from the request message
|
|
||||||
extern "C" uint32_t message_exchange_response_generator(char* decrypted_data,
|
|
||||||
char** resp_buffer,
|
|
||||||
size_t* resp_length)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
uint32_t inp_secret_data;
|
|
||||||
uint32_t out_secret_data;
|
|
||||||
if(!decrypted_data || !resp_length)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
ms = (ms_in_msg_exchange_t *)decrypted_data;
|
|
||||||
|
|
||||||
if(umarshal_message_exchange_request(&inp_secret_data,ms) != SUCCESS)
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
|
|
||||||
out_secret_data = get_message_exchange_response(inp_secret_data);
|
|
||||||
|
|
||||||
if(marshal_message_exchange_response(resp_buffer, resp_length, out_secret_data) != SUCCESS)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
static uint32_t e1_foo1(external_param_struct_t *p_struct_var)
|
|
||||||
{
|
|
||||||
if(!p_struct_var)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
(p_struct_var->var1)++;
|
|
||||||
(p_struct_var->var2)++;
|
|
||||||
(p_struct_var->p_internal_struct->ivar1)++;
|
|
||||||
(p_struct_var->p_internal_struct->ivar2)++;
|
|
||||||
|
|
||||||
return (p_struct_var->var1 + p_struct_var->var2 + p_struct_var->p_internal_struct->ivar1 + p_struct_var->p_internal_struct->ivar2);
|
|
||||||
}
|
|
||||||
|
|
||||||
//Function which is executed on request from the source enclave
|
|
||||||
static uint32_t e1_foo1_wrapper(ms_in_msg_exchange_t *ms,
|
|
||||||
size_t param_lenth,
|
|
||||||
char** resp_buffer,
|
|
||||||
size_t* resp_length)
|
|
||||||
{
|
|
||||||
UNUSED(param_lenth);
|
|
||||||
|
|
||||||
uint32_t ret;
|
|
||||||
size_t len_data, len_ptr_data;
|
|
||||||
external_param_struct_t *p_struct_var;
|
|
||||||
internal_param_struct_t internal_struct_var;
|
|
||||||
|
|
||||||
if(!ms || !resp_length)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
p_struct_var = (external_param_struct_t*)malloc(sizeof(external_param_struct_t));
|
|
||||||
if(!p_struct_var)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
p_struct_var->p_internal_struct = &internal_struct_var;
|
|
||||||
|
|
||||||
if(unmarshal_input_parameters_e1_foo1(p_struct_var, ms) != SUCCESS)//can use the stack
|
|
||||||
{
|
|
||||||
SAFE_FREE(p_struct_var);
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = e1_foo1(p_struct_var);
|
|
||||||
|
|
||||||
len_data = sizeof(external_param_struct_t) - sizeof(p_struct_var->p_internal_struct);
|
|
||||||
len_ptr_data = sizeof(internal_struct_var);
|
|
||||||
|
|
||||||
if(marshal_retval_and_output_parameters_e1_foo1(resp_buffer, resp_length, ret, p_struct_var, len_data, len_ptr_data) != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(p_struct_var);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
SAFE_FREE(p_struct_var);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,43 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
enclave {
|
|
||||||
include "sgx_eid.h"
|
|
||||||
from "../LocalAttestationCode/LocalAttestationCode.edl" import *;
|
|
||||||
from "sgx_tstdc.edl" import *;
|
|
||||||
trusted{
|
|
||||||
public uint32_t test_create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
public uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
public uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
public uint32_t test_close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
|
|
@ -1,10 +0,0 @@
|
||||||
Enclave1.so
|
|
||||||
{
|
|
||||||
global:
|
|
||||||
g_global_data_sim;
|
|
||||||
g_global_data;
|
|
||||||
enclave_entry;
|
|
||||||
g_peak_heap_used;
|
|
||||||
local:
|
|
||||||
*;
|
|
||||||
};
|
|
|
@ -1,39 +0,0 @@
|
||||||
-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIIG4wIBAAKCAYEAuJh4w/KzndQhzEqwH6Ut/3BmOom5CN117KT1/cemEbDLPhn0
|
|
||||||
c5yjAfe4NL1qtGqz0RTK9X9BBSi89b6BrsM9S6c2cUJaeYAPrAtJ+IuzN/5BAmmf
|
|
||||||
RXbPccETd7rHvDdQ9KBRjCipTx+H0D5nOB76S5PZPVrduwrCmSqVFmLNVWWfPYQx
|
|
||||||
YewbJ2QfEfioICZFYR0Jou38mJqDTl+CH0gLAuQ4n1kdpQ3VGymzt3oUiPzf5ImJ
|
|
||||||
oZh5HjarRRiWV+cyNyXYJTnx0dOtFQDgd8HhniagbRB0ZOIt6599JjMkWGkVP0Ni
|
|
||||||
U/NIlXG5musU35GfLB8MbTcxblMNm9sMYz1R8y/eAreoPTXUhtK8NG2TEywRh3UP
|
|
||||||
RF9/jM9WczjQXxJ3RznKOwNVwg4cRY2AOqD2vb1iGSqyc/WMzVULgfclkcScp75/
|
|
||||||
Auz9Y6473CQvaxyrseSWHGwCG7KG1GxYE8Bg8T6OlYD4mzKggoMdwVLAzUepRaPZ
|
|
||||||
5hqRDZzbTGUxJ+GLAgEDAoIBgHsQUIKhzRPiwTLcdWpuHqpK7tGxJgXo+Uht+VPa
|
|
||||||
brZ13NQRTaJobKv6es3TnHhHIotjMfj/gK4bKKPUVnSCKN0aJEuBkaZVX8gHhqWy
|
|
||||||
d3qpgKxGai5PNPaAt6UnL9LPi03ANl1wcN9qWorURNAUpt0NO348k9IHLGYcY2RB
|
|
||||||
3jjuaikCy5adZ2+YFLalxWrELkC+BmyeqGW8V4mVAWowB1dC0Go7aRiz42dxInpR
|
|
||||||
YwX96phbsRZlphQkci4QZDqaIFg3ndzTO5bo704zaMcbWtEjmFrYRyb519tRoDkN
|
|
||||||
Y0rGwOxFANeRV5dSfGGLm7K5JztiuHN0nMu3PhY4LOV0SeZ4+5sYn0LzB2nyKqgy
|
|
||||||
/c3AA2OG34DEdGxxh94kD66iKFVPyJG38/gnu9CsGmrLl3n4fgutPEVIbPdSSjex
|
|
||||||
4Y9EQfcnqImPxTrpP9CqD208VPcQHD/uy8s9q3961Ew3RPdHMZ8amIJdXkOmPEme
|
|
||||||
KZ7SG+VENBaj8r038iq1mPzcWwKBwQDcvJg75LfVuKX+cWMrTO2+MFVcEFiZ/NB/
|
|
||||||
gh7mgL6lCleROVa9P6iR2Wn6vHq8nP5BkChehm/rXEG78fgXEMoArimF7FrrICfI
|
|
||||||
4yB0opDJz/tWrE/62impN7OR8Ce+RQThFj4RTnibQEEVt++JMUXFiMKLdWDSpC2i
|
|
||||||
tNWnlTOb7d89bk0yk62IoLElCZK/MIMxkCHBKW6YgrmvlPJKQwpA6Z3wQbUpE6Rb
|
|
||||||
9f8xJfxZGEJPH0s3Ds9A0CVuEt8OOXcCgcEA1hXTHhhgmb2gIUJgIcvrpkDmiLux
|
|
||||||
EG6ZoyLt6h5QwzScS6KKU1mcoJyVDd0wlt7mEXrPYYHWUWPuvpTQ8/4ZGMw7FCZe
|
|
||||||
bakhnwRbw36FlLwRG35wCF6nQO1XFBKRGto15ivfTyDvMpJBdtNpET5NwT/ifDF3
|
|
||||||
OWS7t6TGhtcfnvBad5S1AgGoAq+q/huFiBGpDbxJ+1xh0lNL5Z8nVypvPWomNpde
|
|
||||||
rpLuwRPEIb+GBfQ9Hp5AjRXVsPjKnkHsnl2NAoHBAJMoZX1DJTklw/72Qhzd89Qg
|
|
||||||
OOgK5bv94FUBae8Afxixj7YmOdN/xbaQ8VHS/H29/tZgGumu9UeS1n1L+roLMVXJ
|
|
||||||
cQPy50dqxTCXavhsYIaKp48diqc8G8YlImFKxSmDWJYO1AuJpbzVgLklSlt2LoOw
|
|
||||||
gbJOQIxtc8HN48UOImfz6ij0M3cNHlsVy24GYdTLAiEKwStw9GWse8pjTDGCBtXx
|
|
||||||
E/WBI3C3wuf5VMtuqDtlgYoU3M9fNNXgGPQMlLQmTwKBwQCOuTdpZZW708AWLEAW
|
|
||||||
h/Ju1e8F0nYK9GZswfPxaYsszb2HwbGM5mhrEw4JPiBklJlg/IpBATmLl/R/DeCi
|
|
||||||
qWYQiCdixD7zxhZqAufXqa5jKAtnqaAFlG+AnjoNYbYR5s6ZcpTfa0ohttZPN5tg
|
|
||||||
1DPWKpb9dk97mH0lGIRZ5L+/Sub6YyNWq8VXH8dUElkFYRtefYankuvhjN1Dv2+P
|
|
||||||
cZ9+RsQkZOnJt0nWDS1r1QQD+Ci/FCsIuTkgpdxpgUhpk7MCgcEAkfkmaBDb7DG2
|
|
||||||
Kc39R6ZZuPnV10w+WOpph7ugwcguG/E0wGq+jFWv6HFckCPeHT4BNtOk8Dem/kPp
|
|
||||||
teF51eAuFWEefj2tScvlSBBPcnla+WzMWXrlxVnajTt73w+oT2Ql//WhgREpsNfx
|
|
||||||
SvU80YPVu4GJfl+hhxBifLx+0FM20OESW93qFRc3p040bNrDY9JIZuly/y5zaiBa
|
|
||||||
mRZF9H8P+x3Lu5AJpdXQEOMZ/XJ/xkoWWjbTojkmgOmmZSMLd5Te
|
|
||||||
-----END RSA PRIVATE KEY-----
|
|
|
@ -1,222 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "EnclaveMessageExchange.h"
|
|
||||||
#include "error_codes.h"
|
|
||||||
#include "Utility_E1.h"
|
|
||||||
#include "stdlib.h"
|
|
||||||
#include "string.h"
|
|
||||||
|
|
||||||
uint32_t marshal_input_parameters_e2_foo1(uint32_t target_fn_id, uint32_t msg_type, uint32_t var1, uint32_t var2, char** marshalled_buff, size_t* marshalled_buff_len)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
size_t param_len, ms_len;
|
|
||||||
char *temp_buff;
|
|
||||||
|
|
||||||
param_len = sizeof(var1)+sizeof(var2);
|
|
||||||
temp_buff = (char*)malloc(param_len);
|
|
||||||
if(!temp_buff)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
memcpy(temp_buff,&var1,sizeof(var1));
|
|
||||||
memcpy(temp_buff+sizeof(var1),&var2,sizeof(var2));
|
|
||||||
ms_len = sizeof(ms_in_msg_exchange_t) + param_len;
|
|
||||||
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
{
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
ms->msg_type = msg_type;
|
|
||||||
ms->target_fn_id = target_fn_id;
|
|
||||||
ms->inparam_buff_len = (uint32_t)param_len;
|
|
||||||
memcpy(&ms->inparam_buff, temp_buff, param_len);
|
|
||||||
*marshalled_buff = (char*)ms;
|
|
||||||
*marshalled_buff_len = ms_len;
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t unmarshal_retval_and_output_parameters_e2_foo1(char* out_buff, char** retval)
|
|
||||||
{
|
|
||||||
size_t retval_len;
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
if(!out_buff)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
ms = (ms_out_msg_exchange_t *)out_buff;
|
|
||||||
retval_len = ms->retval_len;
|
|
||||||
*retval = (char*)malloc(retval_len);
|
|
||||||
if(!*retval)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
memcpy(*retval, ms->ret_outparam_buff, retval_len);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t unmarshal_input_parameters_e1_foo1(external_param_struct_t *pstruct, ms_in_msg_exchange_t* ms)
|
|
||||||
{
|
|
||||||
char* buff;
|
|
||||||
size_t len;
|
|
||||||
if(!pstruct || !ms)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
|
|
||||||
buff = ms->inparam_buff;
|
|
||||||
len = ms->inparam_buff_len;
|
|
||||||
if(len != (sizeof(pstruct->var1)+sizeof(pstruct->var2)+sizeof(pstruct->p_internal_struct->ivar1)+sizeof(pstruct->p_internal_struct->ivar2)))
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
|
|
||||||
memcpy(&pstruct->var1, buff, sizeof(pstruct->var1));
|
|
||||||
memcpy(&pstruct->var2, buff + sizeof(pstruct->var1), sizeof(pstruct->var2));
|
|
||||||
memcpy(&pstruct->p_internal_struct->ivar1, buff+(sizeof(pstruct->var1)+sizeof(pstruct->var2)), sizeof(pstruct->p_internal_struct->ivar1));
|
|
||||||
memcpy(&pstruct->p_internal_struct->ivar2, buff+(sizeof(pstruct->var1)+sizeof(pstruct->var2)+sizeof(pstruct->p_internal_struct->ivar1)), sizeof(pstruct->p_internal_struct->ivar2));
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t marshal_retval_and_output_parameters_e1_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval, external_param_struct_t *p_struct_var, size_t len_data, size_t len_ptr_data)
|
|
||||||
{
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
size_t param_len, ms_len, ret_param_len;;
|
|
||||||
char *temp_buff;
|
|
||||||
int* addr;
|
|
||||||
char* struct_data;
|
|
||||||
size_t retval_len;
|
|
||||||
|
|
||||||
if(!resp_length || !p_struct_var)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
|
|
||||||
retval_len = sizeof(retval);
|
|
||||||
struct_data = (char*)p_struct_var;
|
|
||||||
param_len = len_data + len_ptr_data;
|
|
||||||
ret_param_len = param_len + retval_len;
|
|
||||||
addr = *(int **)(struct_data + len_data);
|
|
||||||
temp_buff = (char*)malloc(ret_param_len);
|
|
||||||
if(!temp_buff)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
memcpy(temp_buff, &retval, sizeof(retval));
|
|
||||||
memcpy(temp_buff + sizeof(retval), struct_data, len_data);
|
|
||||||
memcpy(temp_buff + sizeof(retval) + len_data, addr, len_ptr_data);
|
|
||||||
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
|
|
||||||
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
{
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
ms->retval_len = (uint32_t)retval_len;
|
|
||||||
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
|
|
||||||
memcpy(&ms->ret_outparam_buff, temp_buff, ret_param_len);
|
|
||||||
*resp_buffer = (char*)ms;
|
|
||||||
*resp_length = ms_len;
|
|
||||||
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
size_t secret_data_len, ms_len;
|
|
||||||
if(!marshalled_buff_len)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
secret_data_len = sizeof(secret_data);
|
|
||||||
ms_len = sizeof(ms_in_msg_exchange_t) + secret_data_len;
|
|
||||||
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
ms->msg_type = msg_type;
|
|
||||||
ms->target_fn_id = target_fn_id;
|
|
||||||
ms->inparam_buff_len = (uint32_t)secret_data_len;
|
|
||||||
memcpy(&ms->inparam_buff, &secret_data, secret_data_len);
|
|
||||||
*marshalled_buff = (char*)ms;
|
|
||||||
*marshalled_buff_len = ms_len;
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms)
|
|
||||||
{
|
|
||||||
char* buff;
|
|
||||||
size_t len;
|
|
||||||
if(!inp_secret_data || !ms)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
buff = ms->inparam_buff;
|
|
||||||
len = ms->inparam_buff_len;
|
|
||||||
if(len != sizeof(uint32_t))
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
|
|
||||||
memcpy(inp_secret_data, buff, sizeof(uint32_t));
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response)
|
|
||||||
{
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
size_t secret_response_len, ms_len;
|
|
||||||
size_t retval_len, ret_param_len;
|
|
||||||
if(!resp_length)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
secret_response_len = sizeof(secret_response);
|
|
||||||
retval_len = secret_response_len;
|
|
||||||
ret_param_len = secret_response_len;
|
|
||||||
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
|
|
||||||
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
ms->retval_len = (uint32_t)retval_len;
|
|
||||||
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
|
|
||||||
memcpy(&ms->ret_outparam_buff, &secret_response, secret_response_len);
|
|
||||||
*resp_buffer = (char*)ms;
|
|
||||||
*resp_length = ms_len;
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response)
|
|
||||||
{
|
|
||||||
size_t retval_len;
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
if(!out_buff)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
ms = (ms_out_msg_exchange_t *)out_buff;
|
|
||||||
retval_len = ms->retval_len;
|
|
||||||
*secret_response = (char*)malloc(retval_len);
|
|
||||||
if(!*secret_response)
|
|
||||||
{
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
memcpy(*secret_response, ms->ret_outparam_buff, retval_len);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,65 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
#ifndef UTILITY_E1_H__
|
|
||||||
#define UTILITY_E1_H__
|
|
||||||
|
|
||||||
#include "stdint.h"
|
|
||||||
|
|
||||||
typedef struct _internal_param_struct_t
|
|
||||||
{
|
|
||||||
uint32_t ivar1;
|
|
||||||
uint32_t ivar2;
|
|
||||||
}internal_param_struct_t;
|
|
||||||
|
|
||||||
typedef struct _external_param_struct_t
|
|
||||||
{
|
|
||||||
uint32_t var1;
|
|
||||||
uint32_t var2;
|
|
||||||
internal_param_struct_t *p_internal_struct;
|
|
||||||
}external_param_struct_t;
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
extern "C" {
|
|
||||||
#endif
|
|
||||||
|
|
||||||
uint32_t marshal_input_parameters_e2_foo1(uint32_t target_fn_id, uint32_t msg_type, uint32_t var1, uint32_t var2, char** marshalled_buff, size_t* marshalled_buff_len);
|
|
||||||
uint32_t unmarshal_retval_and_output_parameters_e2_foo1(char* out_buff, char** retval);
|
|
||||||
uint32_t unmarshal_input_parameters_e1_foo1(external_param_struct_t *pstruct, ms_in_msg_exchange_t* ms);
|
|
||||||
uint32_t marshal_retval_and_output_parameters_e1_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval, external_param_struct_t *p_struct_var, size_t len_data, size_t len_ptr_data);
|
|
||||||
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len);
|
|
||||||
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms);
|
|
||||||
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response);
|
|
||||||
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response);
|
|
||||||
#ifdef __cplusplus
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
#endif
|
|
|
@ -1,12 +0,0 @@
|
||||||
<EnclaveConfiguration>
|
|
||||||
<ProdID>0</ProdID>
|
|
||||||
<ISVSVN>0</ISVSVN>
|
|
||||||
<StackMaxSize>0x40000</StackMaxSize>
|
|
||||||
<HeapMaxSize>0x100000</HeapMaxSize>
|
|
||||||
<TCSNum>1</TCSNum>
|
|
||||||
<TCSPolicy>1</TCSPolicy>
|
|
||||||
<!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
|
|
||||||
<DisableDebug>0</DisableDebug>
|
|
||||||
<MiscSelect>0</MiscSelect>
|
|
||||||
<MiscMask>0xFFFFFFFF</MiscMask>
|
|
||||||
</EnclaveConfiguration>
|
|
|
@ -1,339 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
// Enclave2.cpp : Defines the exported functions for the DLL application
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "Enclave2_t.h"
|
|
||||||
#include "EnclaveMessageExchange.h"
|
|
||||||
#include "error_codes.h"
|
|
||||||
#include "Utility_E2.h"
|
|
||||||
#include "sgx_thread.h"
|
|
||||||
#include "sgx_dh.h"
|
|
||||||
#include <map>
|
|
||||||
|
|
||||||
#define UNUSED(val) (void)(val)
|
|
||||||
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>g_src_session_info_map;
|
|
||||||
|
|
||||||
static uint32_t e2_foo1_wrapper(ms_in_msg_exchange_t *ms, size_t param_lenth, char** resp_buffer, size_t* resp_length);
|
|
||||||
|
|
||||||
//Function pointer table containing the list of functions that the enclave exposes
|
|
||||||
const struct {
|
|
||||||
size_t num_funcs;
|
|
||||||
const void* table[1];
|
|
||||||
} func_table = {
|
|
||||||
1,
|
|
||||||
{
|
|
||||||
(const void*)e2_foo1_wrapper,
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
//Makes use of the sample code function to establish a secure channel with the destination enclave
|
|
||||||
uint32_t test_create_session(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
dh_session_t dest_session_info;
|
|
||||||
//Core reference code function for creating a session
|
|
||||||
ke_status = create_session(src_enclave_id, dest_enclave_id,&dest_session_info);
|
|
||||||
if(ke_status == SUCCESS)
|
|
||||||
{
|
|
||||||
//Insert the session information into the map under the corresponding destination enclave id
|
|
||||||
g_src_session_info_map.insert(std::pair<sgx_enclave_id_t, dh_session_t>(dest_enclave_id, dest_session_info));
|
|
||||||
}
|
|
||||||
memset(&dest_session_info, 0, sizeof(dh_session_t));
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Makes use of the sample code function to do an enclave to enclave call (Test Vector)
|
|
||||||
uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
param_struct_t *p_struct_var, struct_var;
|
|
||||||
uint32_t target_fn_id, msg_type;
|
|
||||||
char* marshalled_inp_buff;
|
|
||||||
size_t marshalled_inp_buff_len;
|
|
||||||
char* out_buff;
|
|
||||||
size_t out_buff_len;
|
|
||||||
dh_session_t *dest_session_info;
|
|
||||||
size_t max_out_buff_size;
|
|
||||||
char* retval;
|
|
||||||
|
|
||||||
max_out_buff_size = 50;
|
|
||||||
target_fn_id = 0;
|
|
||||||
msg_type = ENCLAVE_TO_ENCLAVE_CALL;
|
|
||||||
|
|
||||||
struct_var.var1 = 0x3;
|
|
||||||
struct_var.var2 = 0x4;
|
|
||||||
p_struct_var = &struct_var;
|
|
||||||
|
|
||||||
//Marshals the input parameters for calling function foo1 in Enclave3 into a input buffer
|
|
||||||
ke_status = marshal_input_parameters_e3_foo1(target_fn_id, msg_type, p_struct_var, &marshalled_inp_buff, &marshalled_inp_buff_len);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Search the map for the session information associated with the destination enclave id passed in
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
|
|
||||||
if(it != g_src_session_info_map.end())
|
|
||||||
{
|
|
||||||
dest_session_info = &it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Core Reference Code function
|
|
||||||
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
|
|
||||||
marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
|
|
||||||
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Un-marshal the return value and output parameters from foo1 of Enclave3
|
|
||||||
ke_status = unmarshal_retval_and_output_parameters_e3_foo1(out_buff, p_struct_var, &retval);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
SAFE_FREE(retval);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Makes use of the sample code function to do a generic secret message exchange (Test Vector)
|
|
||||||
uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
uint32_t target_fn_id, msg_type;
|
|
||||||
char* marshalled_inp_buff;
|
|
||||||
size_t marshalled_inp_buff_len;
|
|
||||||
char* out_buff;
|
|
||||||
size_t out_buff_len;
|
|
||||||
dh_session_t *dest_session_info;
|
|
||||||
size_t max_out_buff_size;
|
|
||||||
char* secret_response;
|
|
||||||
uint32_t secret_data;
|
|
||||||
|
|
||||||
target_fn_id = 0;
|
|
||||||
msg_type = MESSAGE_EXCHANGE;
|
|
||||||
max_out_buff_size = 50;
|
|
||||||
secret_data = 0x12345678; //Secret Data here is shown only for purpose of demonstration.
|
|
||||||
|
|
||||||
//Marshals the secret data into a buffer
|
|
||||||
ke_status = marshal_message_exchange_request(target_fn_id, msg_type, secret_data, &marshalled_inp_buff, &marshalled_inp_buff_len);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
//Search the map for the session information associated with the destination enclave id passed in
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
|
|
||||||
if(it != g_src_session_info_map.end())
|
|
||||||
{
|
|
||||||
dest_session_info = &it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Core Reference Code function
|
|
||||||
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
|
|
||||||
marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Un-marshal the secret response data
|
|
||||||
ke_status = umarshal_message_exchange_response(out_buff, &secret_response);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
SAFE_FREE(secret_response);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
//Makes use of the sample code function to close a current session
|
|
||||||
uint32_t test_close_session(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
dh_session_t dest_session_info;
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
//Search the map for the session information associated with the destination enclave id passed in
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
|
|
||||||
if(it != g_src_session_info_map.end())
|
|
||||||
{
|
|
||||||
dest_session_info = it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
//Core reference code function for closing a session
|
|
||||||
ke_status = close_session(src_enclave_id, dest_enclave_id);
|
|
||||||
|
|
||||||
//Erase the session information associated with the destination enclave id
|
|
||||||
g_src_session_info_map.erase(dest_enclave_id);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Function that is used to verify the trust of the other enclave
|
|
||||||
//Each enclave can have its own way verifying the peer enclave identity
|
|
||||||
extern "C" uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity)
|
|
||||||
{
|
|
||||||
if(!peer_enclave_identity)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
if(peer_enclave_identity->isv_prod_id != 0 || !(peer_enclave_identity->attributes.flags & SGX_FLAGS_INITTED))
|
|
||||||
// || peer_enclave_identity->attributes.xfrm !=3)// || peer_enclave_identity->mr_signer != xx //TODO: To be hardcoded with values to check
|
|
||||||
{
|
|
||||||
return ENCLAVE_TRUST_ERROR;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
//Dispatch function that calls the approriate enclave function based on the function id
|
|
||||||
//Each enclave can have its own way of dispatching the calls from other enclave
|
|
||||||
extern "C" uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data,
|
|
||||||
size_t decrypted_data_length,
|
|
||||||
char** resp_buffer,
|
|
||||||
size_t* resp_length)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
uint32_t (*fn1)(ms_in_msg_exchange_t *ms, size_t, char**, size_t*);
|
|
||||||
if(!decrypted_data || !resp_length)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
ms = (ms_in_msg_exchange_t *)decrypted_data;
|
|
||||||
if(ms->target_fn_id >= func_table.num_funcs)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
fn1 = (uint32_t (*)(ms_in_msg_exchange_t*, size_t, char**, size_t*))func_table.table[ms->target_fn_id];
|
|
||||||
return fn1(ms, decrypted_data_length, resp_buffer, resp_length);
|
|
||||||
}
|
|
||||||
|
|
||||||
//Operates on the input secret and generates the output secret
|
|
||||||
uint32_t get_message_exchange_response(uint32_t inp_secret_data)
|
|
||||||
{
|
|
||||||
uint32_t secret_response;
|
|
||||||
|
|
||||||
//User should use more complex encryption method to protect their secret, below is just a simple example
|
|
||||||
secret_response = inp_secret_data & 0x11111111;
|
|
||||||
|
|
||||||
return secret_response;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
//Generates the response from the request message
|
|
||||||
extern "C" uint32_t message_exchange_response_generator(char* decrypted_data,
|
|
||||||
char** resp_buffer,
|
|
||||||
size_t* resp_length)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
uint32_t inp_secret_data;
|
|
||||||
uint32_t out_secret_data;
|
|
||||||
if(!decrypted_data || !resp_length)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
ms = (ms_in_msg_exchange_t *)decrypted_data;
|
|
||||||
|
|
||||||
if(umarshal_message_exchange_request(&inp_secret_data,ms) != SUCCESS)
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
|
|
||||||
out_secret_data = get_message_exchange_response(inp_secret_data);
|
|
||||||
|
|
||||||
if(marshal_message_exchange_response(resp_buffer, resp_length, out_secret_data) != SUCCESS)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
static uint32_t e2_foo1(uint32_t var1, uint32_t var2)
|
|
||||||
{
|
|
||||||
return(var1 + var2);
|
|
||||||
}
|
|
||||||
|
|
||||||
//Function which is executed on request from the source enclave
|
|
||||||
static uint32_t e2_foo1_wrapper(ms_in_msg_exchange_t *ms,
|
|
||||||
size_t param_lenth,
|
|
||||||
char** resp_buffer,
|
|
||||||
size_t* resp_length)
|
|
||||||
{
|
|
||||||
UNUSED(param_lenth);
|
|
||||||
|
|
||||||
uint32_t var1,var2,ret;
|
|
||||||
if(!ms || !resp_length)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
if(unmarshal_input_parameters_e2_foo1(&var1, &var2, ms) != SUCCESS)
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
|
|
||||||
ret = e2_foo1(var1, var2);
|
|
||||||
|
|
||||||
if(marshal_retval_and_output_parameters_e2_foo1(resp_buffer, resp_length, ret) != SUCCESS )
|
|
||||||
return MALLOC_ERROR; //can set resp buffer to null here
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
|
@ -1,43 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
enclave {
|
|
||||||
include "sgx_eid.h"
|
|
||||||
from "../LocalAttestationCode/LocalAttestationCode.edl" import *;
|
|
||||||
from "sgx_tstdc.edl" import *;
|
|
||||||
trusted{
|
|
||||||
public uint32_t test_create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
public uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
public uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
public uint32_t test_close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
};
|
|
||||||
};
|
|
|
@ -1,10 +0,0 @@
|
||||||
Enclave2.so
|
|
||||||
{
|
|
||||||
global:
|
|
||||||
g_global_data_sim;
|
|
||||||
g_global_data;
|
|
||||||
enclave_entry;
|
|
||||||
g_peak_heap_used;
|
|
||||||
local:
|
|
||||||
*;
|
|
||||||
};
|
|
|
@ -1,39 +0,0 @@
|
||||||
-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIIG4gIBAAKCAYEAroOogvsj/fZDZY8XFdkl6dJmky0lRvnWMmpeH41Bla6U1qLZ
|
|
||||||
AmZuyIF+mQC/cgojIsrBMzBxb1kKqzATF4+XwPwgKz7fmiddmHyYz2WDJfAjIveJ
|
|
||||||
ZjdMjM4+EytGlkkJ52T8V8ds0/L2qKexJ+NBLxkeQLfV8n1mIk7zX7jguwbCG1Pr
|
|
||||||
nEMdJ3Sew20vnje+RsngAzdPChoJpVsWi/K7cettX/tbnre1DL02GXc5qJoQYk7b
|
|
||||||
3zkmhz31TgFrd9VVtmUGyFXAysuSAb3EN+5VnHGr0xKkeg8utErea2FNtNIgua8H
|
|
||||||
ONfm9Eiyaav1SVKzPHlyqLtcdxH3I8Wg7yqMsaprZ1n5A1v/levxnL8+It02KseD
|
|
||||||
5HqV4rf/cImSlCt3lpRg8U5E1pyFQ2IVEC/XTDMiI3c+AR+w2jSRB3Bwn9zJtFlW
|
|
||||||
KHG3m1xGI4ck+Lci1JvWWLXQagQSPtZTsubxTQNx1gsgZhgv1JHVZMdbVlAbbRMC
|
|
||||||
1nSuJNl7KPAS/VfzAgEDAoIBgHRXxaynbVP5gkO0ug6Qw/E27wzIw4SmjsxG6Wpe
|
|
||||||
K7kfDeRskKxESdsA/xCrKkwGwhcx1iIgS5+Qscd1Yg+1D9X9asd/P7waPmWoZd+Z
|
|
||||||
AhlKwhdPsO7PiF3e1AzHhGQwsUTt/Y/aSI1MpHBvy2/s1h9mFCslOUxTmWw0oj/Q
|
|
||||||
ldIEgWeNR72CE2+jFIJIyml6ftnb6qzPiga8Bm48ubKh0kvySOqnkmnPzgh+JBD6
|
|
||||||
JnBmtZbfPT97bwTT+N6rnPqOOApvfHPf15kWI8yDbprG1l4OCUaIUH1AszxLd826
|
|
||||||
5IPM+8gINLRDP1MA6azECPjTyHXhtnSIBZCyWSVkc05vYmNXYUNiXWMajcxW9M02
|
|
||||||
wKzFELO8NCEAkaTPxwo4SCyIjUxiK1LbQ9h8PSy4c1+gGP4LAMR8xqP4QKg6zdu9
|
|
||||||
osUGG/xRe/uufgTBFkcjqBHtK5L5VI0jeNIUAgW/6iNbYXjBMJ0GfauLs+g1VsOm
|
|
||||||
WfdgXzsb9DYdMa0OXXHypmV4GwKBwQDUwQj8RKJ6c8cT4vcWCoJvJF00+RFL+P3i
|
|
||||||
Gx2DLERxRrDa8AVGfqaCjsR+3vLgG8V/py+z+dxZYSqeB80Qeo6PDITcRKoeAYh9
|
|
||||||
xlT3LJOS+k1cJcEmlbbO2IjLkTmzSwa80fWexKu8/Xv6vv15gpqYl1ngYoqJM3pd
|
|
||||||
vzmTIOi7MKSZ0WmEQavrZj8zK4endE3v0eAEeQ55j1GImbypSf7Idh7wOXtjZ7WD
|
|
||||||
Dg6yWDrri+AP/L3gClMj8wsAxMV4ZR8CgcEA0fzDHkFa6raVOxWnObmRoDhAtE0a
|
|
||||||
cjUj976NM5yyfdf2MrKy4/RhdTiPZ6b08/lBC/+xRfV3xKVGzacm6QjqjZrUpgHC
|
|
||||||
0LKiZaMtccCJjLtPwQd0jGQEnKfMFaPsnhOc5y8qVkCzVOSthY5qhz0XNotHHFmJ
|
|
||||||
gffVgB0iqrMTvSL7IA2yqqpOqNRlhaYhNl8TiFP3gIeMtVa9rZy31JPgT2uJ+kfo
|
|
||||||
gV7sdTPEjPWZd7OshGxWpT6QfVDj/T9T7L6tAoHBAI3WBf2DFvxNL2KXT2QHAZ9t
|
|
||||||
k3imC4f7U+wSE6zILaDZyzygA4RUbwG0gv8/TJVn2P/Eynf76DuWHGlaiLWnCbSz
|
|
||||||
Az2DHBQBBaku409zDQym3j1ugMRjzzSQWzJg0SIyBH3hTmnYcn3+Uqcp/lEBvGW6
|
|
||||||
O+rsXFt3pukqJmIV8HzLGGaLm62BHUeZf3dyWm+i3p/hQAL7Xvu04QW70xuGqdr5
|
|
||||||
afV7p5eaeQIJXyGQJ0eylV/90+qxjMKiB1XYg6WYvwKBwQCL/ddpgOdHJGN8uRom
|
|
||||||
e7Zq0Csi3hGheMKlKbN3vcxT5U7MdyHtTZZOJbTvxKNNUNYH/8uD+PqDGNneb29G
|
|
||||||
BfGzvI3EASyLIcGZF3OhKwZd0jUrWk2y7Vhob91jwp2+t73vdMbkKyI4mHOuXvGv
|
|
||||||
fg95si9oO7EBT+Oqvhccd2J+F1IVXncccYnF4u5ZGWt5lLewN/pVr7MjjykeaHqN
|
|
||||||
t+rfnQam2psA6fL4zS2zTmZPzR2tnY8Y1GBTi0Ko1OKd1HMCgcAb5cB/7/AQlhP9
|
|
||||||
yQa04PLH9ygQkKKptZp7dy5WcWRx0K/hAHRoi2aw1wZqfm7VBNu2SLcs90kCCCxp
|
|
||||||
6C5sfJi6b8NpNbIPC+sc9wsFr7pGo9SFzQ78UlcWYK2Gu2FxlMjonhka5hvo4zvg
|
|
||||||
WxlpXKEkaFt3gLd92m/dMqBrHfafH7VwOJY2zT3WIpjwuk0ZzmRg5p0pG/svVQEH
|
|
||||||
NZmwRwlopysbR69B/n1nefJ84UO50fLh5s5Zr3gBRwbWNZyzhXk=
|
|
||||||
-----END RSA PRIVATE KEY-----
|
|
|
@ -1,213 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "EnclaveMessageExchange.h"
|
|
||||||
#include "error_codes.h"
|
|
||||||
#include "Utility_E2.h"
|
|
||||||
#include "stdlib.h"
|
|
||||||
#include "string.h"
|
|
||||||
|
|
||||||
uint32_t marshal_input_parameters_e3_foo1(uint32_t target_fn_id, uint32_t msg_type, param_struct_t *p_struct_var, char** marshalled_buff, size_t* marshalled_buff_len)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
size_t param_len, ms_len;
|
|
||||||
char *temp_buff;
|
|
||||||
if(!p_struct_var || !marshalled_buff_len)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
param_len = sizeof(param_struct_t);
|
|
||||||
temp_buff = (char*)malloc(param_len);
|
|
||||||
if(!temp_buff)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
memcpy(temp_buff, p_struct_var, sizeof(param_struct_t)); //can be optimized
|
|
||||||
ms_len = sizeof(ms_in_msg_exchange_t) + param_len;
|
|
||||||
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
{
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
ms->msg_type = msg_type;
|
|
||||||
ms->target_fn_id = target_fn_id;
|
|
||||||
ms->inparam_buff_len = (uint32_t)param_len;
|
|
||||||
memcpy(&ms->inparam_buff, temp_buff, param_len);
|
|
||||||
*marshalled_buff = (char*)ms;
|
|
||||||
*marshalled_buff_len = ms_len;
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t unmarshal_retval_and_output_parameters_e3_foo1(char* out_buff, param_struct_t *p_struct_var, char** retval)
|
|
||||||
{
|
|
||||||
size_t retval_len;
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
if(!out_buff)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
ms = (ms_out_msg_exchange_t *)out_buff;
|
|
||||||
retval_len = ms->retval_len;
|
|
||||||
*retval = (char*)malloc(retval_len);
|
|
||||||
if(!*retval)
|
|
||||||
{
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
memcpy(*retval, ms->ret_outparam_buff, retval_len);
|
|
||||||
memcpy(&p_struct_var->var1, (ms->ret_outparam_buff) + retval_len, sizeof(p_struct_var->var1));
|
|
||||||
memcpy(&p_struct_var->var2, (ms->ret_outparam_buff) + retval_len + sizeof(p_struct_var->var1), sizeof(p_struct_var->var2));
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
uint32_t unmarshal_input_parameters_e2_foo1(uint32_t* var1, uint32_t* var2, ms_in_msg_exchange_t* ms)
|
|
||||||
{
|
|
||||||
char* buff;
|
|
||||||
size_t len;
|
|
||||||
if(!var1 || !var2 || !ms)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
|
|
||||||
buff = ms->inparam_buff;
|
|
||||||
len = ms->inparam_buff_len;
|
|
||||||
|
|
||||||
if(len != (sizeof(*var1) + sizeof(*var2)))
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
|
|
||||||
memcpy(var1, buff, sizeof(*var1));
|
|
||||||
memcpy(var2, buff + sizeof(*var1), sizeof(*var2));
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t marshal_retval_and_output_parameters_e2_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval)
|
|
||||||
{
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
size_t ret_param_len, ms_len;
|
|
||||||
char *temp_buff;
|
|
||||||
size_t retval_len;
|
|
||||||
if(!resp_length)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
retval_len = sizeof(retval);
|
|
||||||
ret_param_len = retval_len; //no out parameters
|
|
||||||
temp_buff = (char*)malloc(ret_param_len);
|
|
||||||
if(!temp_buff)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
memcpy(temp_buff, &retval, sizeof(retval));
|
|
||||||
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
|
|
||||||
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
{
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
ms->retval_len = (uint32_t)retval_len;
|
|
||||||
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
|
|
||||||
memcpy(&ms->ret_outparam_buff, temp_buff, ret_param_len);
|
|
||||||
*resp_buffer = (char*)ms;
|
|
||||||
*resp_length = ms_len;
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
size_t secret_data_len, ms_len;
|
|
||||||
if(!marshalled_buff_len)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
secret_data_len = sizeof(secret_data);
|
|
||||||
ms_len = sizeof(ms_in_msg_exchange_t) + secret_data_len;
|
|
||||||
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
ms->msg_type = msg_type;
|
|
||||||
ms->target_fn_id = target_fn_id;
|
|
||||||
ms->inparam_buff_len = (uint32_t)secret_data_len;
|
|
||||||
memcpy(&ms->inparam_buff, &secret_data, secret_data_len);
|
|
||||||
*marshalled_buff = (char*)ms;
|
|
||||||
*marshalled_buff_len = ms_len;
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms)
|
|
||||||
{
|
|
||||||
char* buff;
|
|
||||||
size_t len;
|
|
||||||
if(!inp_secret_data || !ms)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
buff = ms->inparam_buff;
|
|
||||||
len = ms->inparam_buff_len;
|
|
||||||
if(len != sizeof(uint32_t))
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
|
|
||||||
memcpy(inp_secret_data, buff, sizeof(uint32_t));
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response)
|
|
||||||
{
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
size_t secret_response_len, ms_len;
|
|
||||||
size_t retval_len, ret_param_len;
|
|
||||||
if(!resp_length)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
secret_response_len = sizeof(secret_response);
|
|
||||||
retval_len = secret_response_len;
|
|
||||||
ret_param_len = secret_response_len;
|
|
||||||
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
|
|
||||||
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
ms->retval_len = (uint32_t)retval_len;
|
|
||||||
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
|
|
||||||
memcpy(&ms->ret_outparam_buff, &secret_response, secret_response_len);
|
|
||||||
*resp_buffer = (char*)ms;
|
|
||||||
*resp_length = ms_len;
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response)
|
|
||||||
{
|
|
||||||
size_t retval_len;
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
if(!out_buff)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
ms = (ms_out_msg_exchange_t *)out_buff;
|
|
||||||
retval_len = ms->retval_len;
|
|
||||||
*secret_response = (char*)malloc(retval_len);
|
|
||||||
if(!*secret_response)
|
|
||||||
{
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
memcpy(*secret_response, ms->ret_outparam_buff, retval_len);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
|
@ -1,59 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
#ifndef UTILITY_E2_H__
|
|
||||||
#define UTILITY_E2_H__
|
|
||||||
#include "stdint.h"
|
|
||||||
|
|
||||||
typedef struct _param_struct_t
|
|
||||||
{
|
|
||||||
uint32_t var1;
|
|
||||||
uint32_t var2;
|
|
||||||
}param_struct_t;
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
extern "C" {
|
|
||||||
#endif
|
|
||||||
|
|
||||||
uint32_t marshal_input_parameters_e3_foo1(uint32_t target_fn_id, uint32_t msg_type, param_struct_t *p_struct_var, char** marshalled_buff, size_t* marshalled_buff_len);
|
|
||||||
uint32_t unmarshal_retval_and_output_parameters_e3_foo1(char* out_buff, param_struct_t *p_struct_var, char** retval);
|
|
||||||
uint32_t unmarshal_input_parameters_e2_foo1(uint32_t* var1, uint32_t* var2, ms_in_msg_exchange_t* ms);
|
|
||||||
uint32_t marshal_retval_and_output_parameters_e2_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval);
|
|
||||||
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len);
|
|
||||||
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms);
|
|
||||||
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response);
|
|
||||||
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response);
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
|
|
|
@ -1,12 +0,0 @@
|
||||||
<EnclaveConfiguration>
|
|
||||||
<ProdID>0</ProdID>
|
|
||||||
<ISVSVN>0</ISVSVN>
|
|
||||||
<StackMaxSize>0x40000</StackMaxSize>
|
|
||||||
<HeapMaxSize>0x100000</HeapMaxSize>
|
|
||||||
<TCSNum>1</TCSNum>
|
|
||||||
<TCSPolicy>1</TCSPolicy>
|
|
||||||
<!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
|
|
||||||
<DisableDebug>0</DisableDebug>
|
|
||||||
<MiscSelect>0</MiscSelect>
|
|
||||||
<MiscMask>0xFFFFFFFF</MiscMask>
|
|
||||||
</EnclaveConfiguration>
|
|
|
@ -1,366 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
// Enclave3.cpp : Defines the exported functions for the DLL application
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "Enclave3_t.h"
|
|
||||||
#include "EnclaveMessageExchange.h"
|
|
||||||
#include "error_codes.h"
|
|
||||||
#include "Utility_E3.h"
|
|
||||||
#include "sgx_thread.h"
|
|
||||||
#include "sgx_dh.h"
|
|
||||||
#include <map>
|
|
||||||
|
|
||||||
#define UNUSED(val) (void)(val)
|
|
||||||
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>g_src_session_info_map;
|
|
||||||
|
|
||||||
static uint32_t e3_foo1_wrapper(ms_in_msg_exchange_t *ms, size_t param_lenth, char** resp_buffer, size_t* resp_length);
|
|
||||||
|
|
||||||
//Function pointer table containing the list of functions that the enclave exposes
|
|
||||||
const struct {
|
|
||||||
size_t num_funcs;
|
|
||||||
const void* table[1];
|
|
||||||
} func_table = {
|
|
||||||
1,
|
|
||||||
{
|
|
||||||
(const void*)e3_foo1_wrapper,
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
//Makes use of the sample code function to establish a secure channel with the destination enclave
|
|
||||||
uint32_t test_create_session(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
dh_session_t dest_session_info;
|
|
||||||
//Core reference code function for creating a session
|
|
||||||
ke_status = create_session(src_enclave_id, dest_enclave_id,&dest_session_info);
|
|
||||||
if(ke_status == SUCCESS)
|
|
||||||
{
|
|
||||||
//Insert the session information into the map under the corresponding destination enclave id
|
|
||||||
g_src_session_info_map.insert(std::pair<sgx_enclave_id_t, dh_session_t>(dest_enclave_id, dest_session_info));
|
|
||||||
}
|
|
||||||
memset(&dest_session_info, 0, sizeof(dh_session_t));
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Makes use of the sample code function to do an enclave to enclave call (Test Vector)
|
|
||||||
uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
external_param_struct_t *p_struct_var, struct_var;
|
|
||||||
internal_param_struct_t internal_struct_var;
|
|
||||||
uint32_t target_fn_id, msg_type;
|
|
||||||
char* marshalled_inp_buff;
|
|
||||||
size_t marshalled_inp_buff_len;
|
|
||||||
char* out_buff;
|
|
||||||
size_t out_buff_len;
|
|
||||||
dh_session_t *dest_session_info;
|
|
||||||
size_t max_out_buff_size;
|
|
||||||
char* retval;
|
|
||||||
|
|
||||||
max_out_buff_size = 50;
|
|
||||||
msg_type = ENCLAVE_TO_ENCLAVE_CALL;
|
|
||||||
target_fn_id = 0;
|
|
||||||
internal_struct_var.ivar1 = 0x5;
|
|
||||||
internal_struct_var.ivar2 = 0x6;
|
|
||||||
struct_var.var1 = 0x3;
|
|
||||||
struct_var.var2 = 0x4;
|
|
||||||
struct_var.p_internal_struct = &internal_struct_var;
|
|
||||||
p_struct_var = &struct_var;
|
|
||||||
|
|
||||||
size_t len_data = sizeof(struct_var) - sizeof(struct_var.p_internal_struct);
|
|
||||||
size_t len_ptr_data = sizeof(internal_struct_var);
|
|
||||||
|
|
||||||
//Marshals the input parameters for calling function foo1 in Enclave1 into a input buffer
|
|
||||||
ke_status = marshal_input_parameters_e1_foo1(target_fn_id, msg_type, p_struct_var, len_data,
|
|
||||||
len_ptr_data, &marshalled_inp_buff, &marshalled_inp_buff_len);
|
|
||||||
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Search the map for the session information associated with the destination enclave id passed in
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
|
|
||||||
if(it != g_src_session_info_map.end())
|
|
||||||
{
|
|
||||||
dest_session_info = &it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Core Reference Code function
|
|
||||||
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info,
|
|
||||||
marshalled_inp_buff, marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
|
|
||||||
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
////Un-marshal the return value and output parameters from foo1 of Enclave1
|
|
||||||
ke_status = unmarshal_retval_and_output_parameters_e1_foo1(out_buff, p_struct_var, &retval);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
SAFE_FREE(retval);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Makes use of the sample code function to do a generic secret message exchange (Test Vector)
|
|
||||||
uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
uint32_t target_fn_id, msg_type;
|
|
||||||
char* marshalled_inp_buff;
|
|
||||||
size_t marshalled_inp_buff_len;
|
|
||||||
char* out_buff;
|
|
||||||
size_t out_buff_len;
|
|
||||||
dh_session_t *dest_session_info;
|
|
||||||
size_t max_out_buff_size;
|
|
||||||
char* secret_response;
|
|
||||||
uint32_t secret_data;
|
|
||||||
|
|
||||||
target_fn_id = 0;
|
|
||||||
msg_type = MESSAGE_EXCHANGE;
|
|
||||||
max_out_buff_size = 50;
|
|
||||||
secret_data = 0x12345678; //Secret Data here is shown only for purpose of demonstration.
|
|
||||||
|
|
||||||
//Marshals the parameters into a buffer
|
|
||||||
ke_status = marshal_message_exchange_request(target_fn_id, msg_type, secret_data, &marshalled_inp_buff, &marshalled_inp_buff_len);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
//Search the map for the session information associated with the destination enclave id passed in
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
|
|
||||||
if(it != g_src_session_info_map.end())
|
|
||||||
{
|
|
||||||
dest_session_info = &it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Core Reference Code function
|
|
||||||
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
|
|
||||||
marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
|
|
||||||
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
//Un-marshal the secret response data
|
|
||||||
ke_status = umarshal_message_exchange_response(out_buff, &secret_response);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
SAFE_FREE(secret_response);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
//Makes use of the sample code function to close a current session
|
|
||||||
uint32_t test_close_session(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
dh_session_t dest_session_info;
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
//Search the map for the session information associated with the destination enclave id passed in
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
|
|
||||||
if(it != g_src_session_info_map.end())
|
|
||||||
{
|
|
||||||
dest_session_info = it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
//Core reference code function for closing a session
|
|
||||||
ke_status = close_session(src_enclave_id, dest_enclave_id);
|
|
||||||
|
|
||||||
//Erase the session information associated with the destination enclave id
|
|
||||||
g_src_session_info_map.erase(dest_enclave_id);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Function that is used to verify the trust of the other enclave
|
|
||||||
//Each enclave can have its own way verifying the peer enclave identity
|
|
||||||
extern "C" uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity)
|
|
||||||
{
|
|
||||||
if(!peer_enclave_identity)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
if(peer_enclave_identity->isv_prod_id != 0 || !(peer_enclave_identity->attributes.flags & SGX_FLAGS_INITTED))
|
|
||||||
// || peer_enclave_identity->attributes.xfrm !=3)// || peer_enclave_identity->mr_signer != xx //TODO: To be hardcoded with values to check
|
|
||||||
{
|
|
||||||
return ENCLAVE_TRUST_ERROR;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
//Dispatch function that calls the approriate enclave function based on the function id
|
|
||||||
//Each enclave can have its own way of dispatching the calls from other enclave
|
|
||||||
extern "C" uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data,
|
|
||||||
size_t decrypted_data_length,
|
|
||||||
char** resp_buffer,
|
|
||||||
size_t* resp_length)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
uint32_t (*fn1)(ms_in_msg_exchange_t *ms, size_t, char**, size_t*);
|
|
||||||
if(!decrypted_data || !resp_length)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
ms = (ms_in_msg_exchange_t *)decrypted_data;
|
|
||||||
if(ms->target_fn_id >= func_table.num_funcs)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
fn1 = (uint32_t (*)(ms_in_msg_exchange_t*, size_t, char**, size_t*))func_table.table[ms->target_fn_id];
|
|
||||||
return fn1(ms, decrypted_data_length, resp_buffer, resp_length);
|
|
||||||
}
|
|
||||||
|
|
||||||
//Operates on the input secret and generates the output secret
|
|
||||||
uint32_t get_message_exchange_response(uint32_t inp_secret_data)
|
|
||||||
{
|
|
||||||
uint32_t secret_response;
|
|
||||||
|
|
||||||
//User should use more complex encryption method to protect their secret, below is just a simple example
|
|
||||||
secret_response = inp_secret_data & 0x11111111;
|
|
||||||
|
|
||||||
return secret_response;
|
|
||||||
|
|
||||||
}
|
|
||||||
//Generates the response from the request message
|
|
||||||
extern "C" uint32_t message_exchange_response_generator(char* decrypted_data,
|
|
||||||
char** resp_buffer,
|
|
||||||
size_t* resp_length)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
uint32_t inp_secret_data;
|
|
||||||
uint32_t out_secret_data;
|
|
||||||
if(!decrypted_data || !resp_length)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
ms = (ms_in_msg_exchange_t *)decrypted_data;
|
|
||||||
|
|
||||||
if(umarshal_message_exchange_request(&inp_secret_data,ms) != SUCCESS)
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
|
|
||||||
out_secret_data = get_message_exchange_response(inp_secret_data);
|
|
||||||
|
|
||||||
if(marshal_message_exchange_response(resp_buffer, resp_length, out_secret_data) != SUCCESS)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
static uint32_t e3_foo1(param_struct_t *p_struct_var)
|
|
||||||
{
|
|
||||||
if(!p_struct_var)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
p_struct_var->var1++;
|
|
||||||
p_struct_var->var2++;
|
|
||||||
|
|
||||||
return(p_struct_var->var1 * p_struct_var->var2);
|
|
||||||
}
|
|
||||||
|
|
||||||
//Function which is executed on request from the source enclave
|
|
||||||
static uint32_t e3_foo1_wrapper(ms_in_msg_exchange_t *ms,
|
|
||||||
size_t param_lenth,
|
|
||||||
char** resp_buffer,
|
|
||||||
size_t* resp_length)
|
|
||||||
{
|
|
||||||
UNUSED(param_lenth);
|
|
||||||
|
|
||||||
uint32_t ret;
|
|
||||||
param_struct_t *p_struct_var;
|
|
||||||
if(!ms || !resp_length)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
p_struct_var = (param_struct_t*)malloc(sizeof(param_struct_t));
|
|
||||||
if(!p_struct_var)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
if(unmarshal_input_parameters_e3_foo1(p_struct_var, ms) != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(p_struct_var);
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = e3_foo1(p_struct_var);
|
|
||||||
|
|
||||||
if(marshal_retval_and_output_parameters_e3_foo1(resp_buffer, resp_length, ret, p_struct_var) != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(p_struct_var);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
SAFE_FREE(p_struct_var);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
|
@ -1,42 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
enclave {
|
|
||||||
include "sgx_eid.h"
|
|
||||||
from "../LocalAttestationCode/LocalAttestationCode.edl" import *;
|
|
||||||
from "sgx_tstdc.edl" import *;
|
|
||||||
trusted{
|
|
||||||
public uint32_t test_create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
public uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
public uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
public uint32_t test_close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
};
|
|
||||||
};
|
|
|
@ -1,10 +0,0 @@
|
||||||
Enclave3.so
|
|
||||||
{
|
|
||||||
global:
|
|
||||||
g_global_data_sim;
|
|
||||||
g_global_data;
|
|
||||||
enclave_entry;
|
|
||||||
g_peak_heap_used;
|
|
||||||
local:
|
|
||||||
*;
|
|
||||||
};
|
|
|
@ -1,39 +0,0 @@
|
||||||
-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIIG4wIBAAKCAYEA0MvI9NpdP4GEqCvtlJQv00OybzTXzxBhPu/257VYt9cYw/ph
|
|
||||||
BN1WRyxBBcrZs15xmcvlb3xNmFGWs4w5oUgrFBNgi6g+CUOCsj0cM8xw7P/y3K0H
|
|
||||||
XaZUf+T3CXCp8NvlkZHzfdWAFA5lGGR9g6kmuk7SojE3h87Zm1KjPU/PvAe+BaMU
|
|
||||||
trlRr4gPNVnu19Vho60xwuswPxfl/pBFUIk7qWEUR3l2hiqWMeLgf3Ays/WSnkXA
|
|
||||||
uijwPt5g0hxsgIlyDrI3jKbf0zkFB56jvPwSykfU8aw4Gkbo5qSZxUAKnwH2L8Uf
|
|
||||||
yM6inBaaYtM79icRwsu45Yt6X0GAt7CSb/1TKBrnm5exmK1sug3YSQ/YuK1FYawU
|
|
||||||
vIaDD0YfzOndTNVBewA+Hr5xNPvqGJoRKHuGbyu2lI9jrKYpVxQWsmx38wnxF6kE
|
|
||||||
zX6N4m7KZiLeLpDdBVQtLuOzIdIE4wT3t/ckeqElxO/1Ut9bj765GcTTrYwMKHRw
|
|
||||||
ukWIH7ZtHtAjj0KzAgEDAoIBgQCLMoX4kZN/q63Fcp5jDXU3gnb0zeU0tZYp9U9F
|
|
||||||
I5B6j2XX/ECt6OQvctYD3JEiPvZmh+5KUt5li7nNCCZrhXINYkBdGtQGLQHMKL13
|
|
||||||
3aCd//c9yK+TxDhVQ09boHFLPUO2YUz+jlVitENlmFOtG28m3zcWy3paieZnjGzT
|
|
||||||
iop9Wn6ubLh50OEfsAojkUnlOOvCc3aB8iAqD+6ptYOLBifGQLgvpk8EHGQhQer/
|
|
||||||
oCHNTmG+2SsmxfV/Pus2vZ2rBkrUbZU0hwrnvKOIPhnt3Qwtmx9xsC67jF+MpWko
|
|
||||||
UisJXC27FAGz2gpIGMhBp35HEppwG9hhCuMQdK2g62bvweyr1tC4qOVdQrKvhksN
|
|
||||||
r6CMjS9eSXvmWdF7lU4oxStN0V56/LICSIsLbggUaxTPKhAVEgfTSqwEJoQuFA3Q
|
|
||||||
4GmgTydPhcRH1L/lhbWJqZQm7V1Gt+5i5J6iATD32uNQQ2iZi5GsUhr+jZC+WlE5
|
|
||||||
6lS813cRNiaK52HIk62bG7IXOksCgcEA+6RxZhQ5GaCPYZNsk7TqxqsKopXKoYAr
|
|
||||||
2R4KWuexJTd+1kcNMk0ETX8OSgpY2cYL2uPFWmdutxPpLfpr8S2u92Da/Wxs70Ti
|
|
||||||
QSb0426ybTmnS5L7nOnGOHiddXILhW175liAszTeoR7nQ6vpr9YjfcnrXiB8bKIm
|
|
||||||
akft2DQoxrBPzEe9tA8gfkyDTsSG2j7kncSbvYRtkKcJOmmypotVU6uhRPSrSXCc
|
|
||||||
J59uBQkg6Bk4CKA1mz8ctG07MluFY0/ZAoHBANRpZlfIFl39gFmuEER7lb80GySO
|
|
||||||
J190LbqOca3dGOvAMsDgEAi6juJyX7ZNpbHFHj++LvmTtw9+kxhVDBcswS7304kt
|
|
||||||
7J2EfnGdctEZtXif1wiq30YWAp1tjRpQENKtt9wssmgcwgK39rZNiEHmStHGv3l+
|
|
||||||
5TnKPKeuFCDnsLvi5lQYoK2wTYvZtsjf+Rnt7H17q90IV54pMjTS8BkGskCkKf2A
|
|
||||||
IYuaZkqX0T3cM6ovoYYDAU6rWL5rrYPLEwkbawKBwQCnwvZEDXtmawpBDPMNI0cv
|
|
||||||
HLHBuTHBAB07aVw8mnYYz6nkL14hiK2I/17cBuXmhAfnQoORmknPYptz/Ef2HnSk
|
|
||||||
6zyo8vNKLewrb03s9Hbze8TdDKe98S7QUGj49rJY86fu5asiIz8WFJotHUZ1OWz+
|
|
||||||
hpzpav2dwW7xhUk6zXCEdYqIL9PNX2r+3azfLa88Ke2+gxJ+WEkLGgYm8SHEXOON
|
|
||||||
HRYt+HIw9b1vv56uBhXwENAFwCO81L3Nnid2565CNTsCgcEAjZuZj9q5k/5VkR61
|
|
||||||
gv0Of3gSGF7E6k1z0bRLyT4QnSrMgJVgBdG0lvbqeYkZIS4UKn7J+7fPX6m3ZY4I
|
|
||||||
D3MrdKU3sMlIaQL+9mj3NhEjpb/ksHHqLrlXE55eEYq14cklPXMhmr3WrHqkeYkF
|
|
||||||
gUQx4S8qUP9De9wob8liwJp10pdEOBBrHnWJB+Z52z/7Zp6dqP0dPgWPvsYheIyg
|
|
||||||
EK8hgG1xU6rBB7xEMbqLfpLNHB/BBAIA3xzl1EfJAodiBhJHAoHAeTS2znDHYayI
|
|
||||||
TvK86tBAPVORiBVTSdRUONdGF3dipo24hyeyrI5MtiOoMc3sKWXnSTkDQWa3WiPx
|
|
||||||
qStBmmO/SbGTuz7T6+oOwGeMiYzYBe87Ayn8Y0KYYshFikieJbGusHjUlIGmCVPy
|
|
||||||
UHrDMYGwFGUGBwW47gBsnZa+YPHtxWCPDe/U80et2Trx0RXJJQPmupAVMSiJWObI
|
|
||||||
9k5gRU+xDqkHanyD1gkGGwhFTUNX94EJEOdQEWw3hxLnVtePoke/
|
|
||||||
-----END RSA PRIVATE KEY-----
|
|
|
@ -1,223 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "EnclaveMessageExchange.h"
|
|
||||||
#include "error_codes.h"
|
|
||||||
#include "Utility_E3.h"
|
|
||||||
#include "stdlib.h"
|
|
||||||
#include "string.h"
|
|
||||||
|
|
||||||
uint32_t marshal_input_parameters_e1_foo1(uint32_t target_fn_id, uint32_t msg_type, external_param_struct_t *p_struct_var, size_t len_data, size_t len_ptr_data, char** marshalled_buff, size_t* marshalled_buff_len)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
size_t param_len, ms_len;
|
|
||||||
char *temp_buff;
|
|
||||||
int* addr;
|
|
||||||
char* struct_data;
|
|
||||||
if(!p_struct_var || !marshalled_buff_len)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
struct_data = (char*)p_struct_var;
|
|
||||||
temp_buff = (char*)malloc(len_data + len_ptr_data);
|
|
||||||
if(!temp_buff)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
memcpy(temp_buff, struct_data, len_data);
|
|
||||||
addr = *(int **)(struct_data + len_data);
|
|
||||||
memcpy(temp_buff + len_data, addr, len_ptr_data); //can be optimized
|
|
||||||
param_len = len_data + len_ptr_data;
|
|
||||||
ms_len = sizeof(ms_in_msg_exchange_t) + param_len;
|
|
||||||
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
{
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
ms->msg_type = msg_type;
|
|
||||||
ms->target_fn_id = target_fn_id;
|
|
||||||
ms->inparam_buff_len = (uint32_t)param_len;
|
|
||||||
memcpy(&ms->inparam_buff, temp_buff, param_len);
|
|
||||||
*marshalled_buff = (char*)ms;
|
|
||||||
*marshalled_buff_len = ms_len;
|
|
||||||
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t marshal_retval_and_output_parameters_e3_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval, param_struct_t *p_struct_var)
|
|
||||||
{
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
size_t ret_param_len, ms_len;
|
|
||||||
char *temp_buff;
|
|
||||||
size_t retval_len;
|
|
||||||
if(!resp_length || !p_struct_var)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
retval_len = sizeof(retval);
|
|
||||||
ret_param_len = sizeof(retval) + sizeof(param_struct_t);
|
|
||||||
temp_buff = (char*)malloc(ret_param_len);
|
|
||||||
if(!temp_buff)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
memcpy(temp_buff, &retval, sizeof(retval));
|
|
||||||
memcpy(temp_buff + sizeof(retval), p_struct_var, sizeof(param_struct_t));
|
|
||||||
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
|
|
||||||
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
{
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
ms->retval_len = (uint32_t)retval_len;
|
|
||||||
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
|
|
||||||
memcpy(&ms->ret_outparam_buff, temp_buff, ret_param_len);
|
|
||||||
*resp_buffer = (char*)ms;
|
|
||||||
*resp_length = ms_len;
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t unmarshal_input_parameters_e3_foo1(param_struct_t *pstruct, ms_in_msg_exchange_t* ms)
|
|
||||||
{
|
|
||||||
char* buff;
|
|
||||||
size_t len;
|
|
||||||
if(!pstruct || !ms)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
buff = ms->inparam_buff;
|
|
||||||
len = ms->inparam_buff_len;
|
|
||||||
|
|
||||||
if(len != (sizeof(pstruct->var1) + sizeof(pstruct->var2)))
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
|
|
||||||
memcpy(&pstruct->var1, buff, sizeof(pstruct->var1));
|
|
||||||
memcpy(&pstruct->var2, buff + sizeof(pstruct->var1), sizeof(pstruct->var2));
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
uint32_t unmarshal_retval_and_output_parameters_e1_foo1(char* out_buff, external_param_struct_t *p_struct_var, char** retval)
|
|
||||||
{
|
|
||||||
size_t retval_len;
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
if(!out_buff || !p_struct_var)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
ms = (ms_out_msg_exchange_t *)out_buff;
|
|
||||||
retval_len = ms->retval_len;
|
|
||||||
*retval = (char*)malloc(retval_len);
|
|
||||||
if(!*retval)
|
|
||||||
{
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
memcpy(*retval, ms->ret_outparam_buff, retval_len);
|
|
||||||
memcpy(&p_struct_var->var1, (ms->ret_outparam_buff) + retval_len, sizeof(p_struct_var->var1));
|
|
||||||
memcpy(&p_struct_var->var2, (ms->ret_outparam_buff) + retval_len + sizeof(p_struct_var->var1), sizeof(p_struct_var->var2));
|
|
||||||
memcpy(&p_struct_var->p_internal_struct->ivar1, (ms->ret_outparam_buff) + retval_len + sizeof(p_struct_var->var1)+ sizeof(p_struct_var->var2), sizeof(p_struct_var->p_internal_struct->ivar1));
|
|
||||||
memcpy(&p_struct_var->p_internal_struct->ivar2, (ms->ret_outparam_buff) + retval_len + sizeof(p_struct_var->var1)+ sizeof(p_struct_var->var2) + sizeof(p_struct_var->p_internal_struct->ivar1), sizeof(p_struct_var->p_internal_struct->ivar2));
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
size_t secret_data_len, ms_len;
|
|
||||||
if(!marshalled_buff_len)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
secret_data_len = sizeof(secret_data);
|
|
||||||
ms_len = sizeof(ms_in_msg_exchange_t) + secret_data_len;
|
|
||||||
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
ms->msg_type = msg_type;
|
|
||||||
ms->target_fn_id = target_fn_id;
|
|
||||||
ms->inparam_buff_len = (uint32_t)secret_data_len;
|
|
||||||
memcpy(&ms->inparam_buff, &secret_data, secret_data_len);
|
|
||||||
|
|
||||||
*marshalled_buff = (char*)ms;
|
|
||||||
*marshalled_buff_len = ms_len;
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms)
|
|
||||||
{
|
|
||||||
char* buff;
|
|
||||||
size_t len;
|
|
||||||
if(!inp_secret_data || !ms)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
buff = ms->inparam_buff;
|
|
||||||
len = ms->inparam_buff_len;
|
|
||||||
|
|
||||||
if(len != sizeof(uint32_t))
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
|
|
||||||
memcpy(inp_secret_data, buff, sizeof(uint32_t));
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response)
|
|
||||||
{
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
size_t secret_response_len, ms_len;
|
|
||||||
size_t retval_len, ret_param_len;
|
|
||||||
if(!resp_length)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
secret_response_len = sizeof(secret_response);
|
|
||||||
retval_len = secret_response_len;
|
|
||||||
ret_param_len = secret_response_len;
|
|
||||||
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
|
|
||||||
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
ms->retval_len = (uint32_t)retval_len;
|
|
||||||
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
|
|
||||||
memcpy(&ms->ret_outparam_buff, &secret_response, secret_response_len);
|
|
||||||
*resp_buffer = (char*)ms;
|
|
||||||
*resp_length = ms_len;
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response)
|
|
||||||
{
|
|
||||||
size_t retval_len;
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
if(!out_buff)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
ms = (ms_out_msg_exchange_t *)out_buff;
|
|
||||||
retval_len = ms->retval_len;
|
|
||||||
*secret_response = (char*)malloc(retval_len);
|
|
||||||
if(!*secret_response)
|
|
||||||
{
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
memcpy(*secret_response, ms->ret_outparam_buff, retval_len);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,73 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
#ifndef UTILITY_E3_H__
|
|
||||||
#define UTILITY_E3_H__
|
|
||||||
|
|
||||||
#include "stdint.h"
|
|
||||||
|
|
||||||
|
|
||||||
typedef struct _internal_param_struct_t
|
|
||||||
{
|
|
||||||
uint32_t ivar1;
|
|
||||||
uint32_t ivar2;
|
|
||||||
}internal_param_struct_t;
|
|
||||||
|
|
||||||
typedef struct _external_param_struct_t
|
|
||||||
{
|
|
||||||
uint32_t var1;
|
|
||||||
uint32_t var2;
|
|
||||||
internal_param_struct_t *p_internal_struct;
|
|
||||||
}external_param_struct_t;
|
|
||||||
|
|
||||||
typedef struct _param_struct_t
|
|
||||||
{
|
|
||||||
uint32_t var1;
|
|
||||||
uint32_t var2;
|
|
||||||
}param_struct_t;
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
extern "C" {
|
|
||||||
#endif
|
|
||||||
|
|
||||||
uint32_t marshal_input_parameters_e1_foo1(uint32_t target_fn_id, uint32_t msg_type, external_param_struct_t *p_struct_var, size_t len_data, size_t len_ptr_data, char** marshalled_buff, size_t* marshalled_buff_len);
|
|
||||||
uint32_t unmarshal_retval_and_output_parameters_e1_foo1(char* out_buff, external_param_struct_t *p_struct_var, char** retval);
|
|
||||||
uint32_t unmarshal_input_parameters_e3_foo1(param_struct_t *pstruct, ms_in_msg_exchange_t* ms);
|
|
||||||
uint32_t marshal_retval_and_output_parameters_e3_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval, param_struct_t *p_struct_var);
|
|
||||||
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len);
|
|
||||||
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms);
|
|
||||||
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response);
|
|
||||||
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response);
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
#endif
|
|
|
@ -1,68 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
#ifndef _DH_SESSION_PROROCOL_H
|
|
||||||
#define _DH_SESSION_PROROCOL_H
|
|
||||||
|
|
||||||
#include "sgx_ecp_types.h"
|
|
||||||
#include "sgx_key.h"
|
|
||||||
#include "sgx_report.h"
|
|
||||||
#include "sgx_attributes.h"
|
|
||||||
|
|
||||||
#define NONCE_SIZE 16
|
|
||||||
#define MAC_SIZE 16
|
|
||||||
|
|
||||||
#define MSG_BUF_LEN sizeof(ec_pub_t)*2
|
|
||||||
#define MSG_HASH_SZ 32
|
|
||||||
|
|
||||||
|
|
||||||
//Session information structure
|
|
||||||
typedef struct _la_dh_session_t
|
|
||||||
{
|
|
||||||
uint32_t session_id; //Identifies the current session
|
|
||||||
uint32_t status; //Indicates session is in progress, active or closed
|
|
||||||
union
|
|
||||||
{
|
|
||||||
struct
|
|
||||||
{
|
|
||||||
sgx_dh_session_t dh_session;
|
|
||||||
}in_progress;
|
|
||||||
|
|
||||||
struct
|
|
||||||
{
|
|
||||||
sgx_key_128bit_t AEK; //Session Key
|
|
||||||
uint32_t counter; //Used to store Message Sequence Number
|
|
||||||
}active;
|
|
||||||
};
|
|
||||||
} dh_session_t;
|
|
||||||
|
|
||||||
|
|
||||||
#endif
|
|
|
@ -1,726 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
#include "sgx_trts.h"
|
|
||||||
#include "sgx_utils.h"
|
|
||||||
#include "EnclaveMessageExchange.h"
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "error_codes.h"
|
|
||||||
#include "sgx_ecp_types.h"
|
|
||||||
#include "sgx_thread.h"
|
|
||||||
#include <map>
|
|
||||||
#include "dh_session_protocol.h"
|
|
||||||
#include "sgx_dh.h"
|
|
||||||
#include "sgx_tcrypto.h"
|
|
||||||
#include "LocalAttestationCode_t.h"
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
extern "C" {
|
|
||||||
#endif
|
|
||||||
|
|
||||||
uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data, size_t decrypted_data_length, char** resp_buffer, size_t* resp_length);
|
|
||||||
uint32_t message_exchange_response_generator(char* decrypted_data, char** resp_buffer, size_t* resp_length);
|
|
||||||
uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity);
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#define MAX_SESSION_COUNT 16
|
|
||||||
|
|
||||||
//number of open sessions
|
|
||||||
uint32_t g_session_count = 0;
|
|
||||||
|
|
||||||
ATTESTATION_STATUS generate_session_id(uint32_t *session_id);
|
|
||||||
ATTESTATION_STATUS end_session(sgx_enclave_id_t src_enclave_id);
|
|
||||||
|
|
||||||
//Array of open session ids
|
|
||||||
session_id_tracker_t *g_session_id_tracker[MAX_SESSION_COUNT];
|
|
||||||
|
|
||||||
//Map between the source enclave id and the session information associated with that particular session
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>g_dest_session_info_map;
|
|
||||||
|
|
||||||
//Create a session with the destination enclave
|
|
||||||
ATTESTATION_STATUS create_session(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id,
|
|
||||||
dh_session_t *session_info)
|
|
||||||
{
|
|
||||||
ocall_print_string("[ECALL] create_session()\n");
|
|
||||||
sgx_dh_msg1_t dh_msg1; //Diffie-Hellman Message 1
|
|
||||||
sgx_key_128bit_t dh_aek; // Session Key
|
|
||||||
sgx_dh_msg2_t dh_msg2; //Diffie-Hellman Message 2
|
|
||||||
sgx_dh_msg3_t dh_msg3; //Diffie-Hellman Message 3
|
|
||||||
uint32_t session_id;
|
|
||||||
uint32_t retstatus;
|
|
||||||
sgx_status_t status = SGX_SUCCESS;
|
|
||||||
sgx_dh_session_t sgx_dh_session;
|
|
||||||
sgx_dh_session_enclave_identity_t responder_identity;
|
|
||||||
|
|
||||||
if(!session_info)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
|
|
||||||
memset(&dh_msg1, 0, sizeof(sgx_dh_msg1_t));
|
|
||||||
memset(&dh_msg2, 0, sizeof(sgx_dh_msg2_t));
|
|
||||||
memset(&dh_msg3, 0, sizeof(sgx_dh_msg3_t));
|
|
||||||
memset(session_info, 0, sizeof(dh_session_t));
|
|
||||||
|
|
||||||
//Intialize the session as a session initiator
|
|
||||||
ocall_print_string("[ECALL] Initializing the session as session initiator...\n");
|
|
||||||
status = sgx_dh_init_session(SGX_DH_SESSION_INITIATOR, &sgx_dh_session);
|
|
||||||
if(SGX_SUCCESS != status)
|
|
||||||
{
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Ocall to request for a session with the destination enclave and obtain session id and Message 1 if successful
|
|
||||||
status = session_request_ocall(&retstatus, src_enclave_id, dest_enclave_id, &dh_msg1, &session_id);
|
|
||||||
if (status == SGX_SUCCESS)
|
|
||||||
{
|
|
||||||
if ((ATTESTATION_STATUS)retstatus != SUCCESS)
|
|
||||||
return ((ATTESTATION_STATUS)retstatus);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return ATTESTATION_SE_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
ocall_print_string("[ECALL] Processing message1 obtained from Enclave2 and generate message2\n");
|
|
||||||
status = sgx_dh_initiator_proc_msg1(&dh_msg1, &dh_msg2, &sgx_dh_session);
|
|
||||||
if(SGX_SUCCESS != status)
|
|
||||||
{
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Send Message 2 to Destination Enclave and get Message 3 in return
|
|
||||||
status = exchange_report_ocall(&retstatus, src_enclave_id, dest_enclave_id, &dh_msg2, &dh_msg3, session_id);
|
|
||||||
if (status == SGX_SUCCESS)
|
|
||||||
{
|
|
||||||
if ((ATTESTATION_STATUS)retstatus != SUCCESS)
|
|
||||||
return ((ATTESTATION_STATUS)retstatus);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return ATTESTATION_SE_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Process Message 3 obtained from the destination enclave
|
|
||||||
ocall_print_string("[ECALL] Processing message3 obtained from Enclave3\n");
|
|
||||||
status = sgx_dh_initiator_proc_msg3(&dh_msg3, &sgx_dh_session, &dh_aek, &responder_identity);
|
|
||||||
if(SGX_SUCCESS != status)
|
|
||||||
{
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Verify the identity of the destination enclave
|
|
||||||
ocall_print_string("[ECALL] Verifying Encalve2(Responder)'s trust\n");
|
|
||||||
if(verify_peer_enclave_trust(&responder_identity) != SUCCESS)
|
|
||||||
{
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
memcpy(session_info->active.AEK, &dh_aek, sizeof(sgx_key_128bit_t));
|
|
||||||
session_info->session_id = session_id;
|
|
||||||
session_info->active.counter = 0;
|
|
||||||
session_info->status = ACTIVE;
|
|
||||||
memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Handle the request from Source Enclave for a session
|
|
||||||
ATTESTATION_STATUS session_request(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_dh_msg1_t *dh_msg1,
|
|
||||||
uint32_t *session_id )
|
|
||||||
{
|
|
||||||
dh_session_t session_info;
|
|
||||||
sgx_dh_session_t sgx_dh_session;
|
|
||||||
sgx_status_t status = SGX_SUCCESS;
|
|
||||||
|
|
||||||
if(!session_id || !dh_msg1)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
//Intialize the session as a session responder
|
|
||||||
status = sgx_dh_init_session(SGX_DH_SESSION_RESPONDER, &sgx_dh_session);
|
|
||||||
if(SGX_SUCCESS != status)
|
|
||||||
{
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//get a new SessionID
|
|
||||||
if ((status = (sgx_status_t)generate_session_id(session_id)) != SUCCESS)
|
|
||||||
return status; //no more sessions available
|
|
||||||
|
|
||||||
//Allocate memory for the session id tracker
|
|
||||||
g_session_id_tracker[*session_id] = (session_id_tracker_t *)malloc(sizeof(session_id_tracker_t));
|
|
||||||
if(!g_session_id_tracker[*session_id])
|
|
||||||
{
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(g_session_id_tracker[*session_id], 0, sizeof(session_id_tracker_t));
|
|
||||||
g_session_id_tracker[*session_id]->session_id = *session_id;
|
|
||||||
session_info.status = IN_PROGRESS;
|
|
||||||
|
|
||||||
//Generate Message1 that will be returned to Source Enclave
|
|
||||||
status = sgx_dh_responder_gen_msg1((sgx_dh_msg1_t*)dh_msg1, &sgx_dh_session);
|
|
||||||
if(SGX_SUCCESS != status)
|
|
||||||
{
|
|
||||||
SAFE_FREE(g_session_id_tracker[*session_id]);
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
memcpy(&session_info.in_progress.dh_session, &sgx_dh_session, sizeof(sgx_dh_session_t));
|
|
||||||
//Store the session information under the correspoding source enlave id key
|
|
||||||
g_dest_session_info_map.insert(std::pair<sgx_enclave_id_t, dh_session_t>(src_enclave_id, session_info));
|
|
||||||
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Verify Message 2, generate Message3 and exchange Message 3 with Source Enclave
|
|
||||||
ATTESTATION_STATUS exchange_report(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_dh_msg2_t *dh_msg2,
|
|
||||||
sgx_dh_msg3_t *dh_msg3,
|
|
||||||
uint32_t session_id)
|
|
||||||
{
|
|
||||||
|
|
||||||
sgx_key_128bit_t dh_aek; // Session key
|
|
||||||
dh_session_t *session_info;
|
|
||||||
ATTESTATION_STATUS status = SUCCESS;
|
|
||||||
sgx_dh_session_t sgx_dh_session;
|
|
||||||
sgx_dh_session_enclave_identity_t initiator_identity;
|
|
||||||
|
|
||||||
if(!dh_msg2 || !dh_msg3)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
|
|
||||||
do
|
|
||||||
{
|
|
||||||
//Retreive the session information for the corresponding source enclave id
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_dest_session_info_map.find(src_enclave_id);
|
|
||||||
if(it != g_dest_session_info_map.end())
|
|
||||||
{
|
|
||||||
session_info = &it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
status = INVALID_SESSION;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(session_info->status != IN_PROGRESS)
|
|
||||||
{
|
|
||||||
status = INVALID_SESSION;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
memcpy(&sgx_dh_session, &session_info->in_progress.dh_session, sizeof(sgx_dh_session_t));
|
|
||||||
|
|
||||||
dh_msg3->msg3_body.additional_prop_length = 0;
|
|
||||||
//Process message 2 from source enclave and obtain message 3
|
|
||||||
sgx_status_t se_ret = sgx_dh_responder_proc_msg2(dh_msg2,
|
|
||||||
dh_msg3,
|
|
||||||
&sgx_dh_session,
|
|
||||||
&dh_aek,
|
|
||||||
&initiator_identity);
|
|
||||||
if(SGX_SUCCESS != se_ret)
|
|
||||||
{
|
|
||||||
status = se_ret;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Verify source enclave's trust
|
|
||||||
if(verify_peer_enclave_trust(&initiator_identity) != SUCCESS)
|
|
||||||
{
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
//save the session ID, status and initialize the session nonce
|
|
||||||
session_info->session_id = session_id;
|
|
||||||
session_info->status = ACTIVE;
|
|
||||||
session_info->active.counter = 0;
|
|
||||||
memcpy(session_info->active.AEK, &dh_aek, sizeof(sgx_key_128bit_t));
|
|
||||||
memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
|
|
||||||
g_session_count++;
|
|
||||||
}while(0);
|
|
||||||
|
|
||||||
if(status != SUCCESS)
|
|
||||||
{
|
|
||||||
end_session(src_enclave_id);
|
|
||||||
}
|
|
||||||
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Request for the response size, send the request message to the destination enclave and receive the response message back
|
|
||||||
ATTESTATION_STATUS send_request_receive_response(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id,
|
|
||||||
dh_session_t *session_info,
|
|
||||||
char *inp_buff,
|
|
||||||
size_t inp_buff_len,
|
|
||||||
size_t max_out_buff_size,
|
|
||||||
char **out_buff,
|
|
||||||
size_t* out_buff_len)
|
|
||||||
{
|
|
||||||
const uint8_t* plaintext;
|
|
||||||
uint32_t plaintext_length;
|
|
||||||
sgx_status_t status;
|
|
||||||
uint32_t retstatus;
|
|
||||||
secure_message_t* req_message;
|
|
||||||
secure_message_t* resp_message;
|
|
||||||
uint8_t *decrypted_data;
|
|
||||||
uint32_t decrypted_data_length;
|
|
||||||
uint32_t plain_text_offset;
|
|
||||||
uint8_t l_tag[TAG_SIZE];
|
|
||||||
size_t max_resp_message_length;
|
|
||||||
plaintext = (const uint8_t*)(" ");
|
|
||||||
plaintext_length = 0;
|
|
||||||
|
|
||||||
if(!session_info || !inp_buff)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
//Check if the nonce for the session has not exceeded 2^32-2 if so end session and start a new session
|
|
||||||
if(session_info->active.counter == ((uint32_t) - 2))
|
|
||||||
{
|
|
||||||
close_session(src_enclave_id, dest_enclave_id);
|
|
||||||
create_session(src_enclave_id, dest_enclave_id, session_info);
|
|
||||||
}
|
|
||||||
|
|
||||||
//Allocate memory for the AES-GCM request message
|
|
||||||
req_message = (secure_message_t*)malloc(sizeof(secure_message_t)+ inp_buff_len);
|
|
||||||
if(!req_message)
|
|
||||||
{
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(req_message,0,sizeof(secure_message_t)+ inp_buff_len);
|
|
||||||
const uint32_t data2encrypt_length = (uint32_t)inp_buff_len;
|
|
||||||
//Set the payload size to data to encrypt length
|
|
||||||
req_message->message_aes_gcm_data.payload_size = data2encrypt_length;
|
|
||||||
|
|
||||||
//Use the session nonce as the payload IV
|
|
||||||
memcpy(req_message->message_aes_gcm_data.reserved,&session_info->active.counter,sizeof(session_info->active.counter));
|
|
||||||
|
|
||||||
//Set the session ID of the message to the current session id
|
|
||||||
req_message->session_id = session_info->session_id;
|
|
||||||
|
|
||||||
//Prepare the request message with the encrypted payload
|
|
||||||
status = sgx_rijndael128GCM_encrypt(&session_info->active.AEK, (uint8_t*)inp_buff, data2encrypt_length,
|
|
||||||
reinterpret_cast<uint8_t *>(&(req_message->message_aes_gcm_data.payload)),
|
|
||||||
reinterpret_cast<uint8_t *>(&(req_message->message_aes_gcm_data.reserved)),
|
|
||||||
sizeof(req_message->message_aes_gcm_data.reserved), plaintext, plaintext_length,
|
|
||||||
&(req_message->message_aes_gcm_data.payload_tag));
|
|
||||||
|
|
||||||
if(SGX_SUCCESS != status)
|
|
||||||
{
|
|
||||||
SAFE_FREE(req_message);
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Allocate memory for the response payload to be copied
|
|
||||||
*out_buff = (char*)malloc(max_out_buff_size);
|
|
||||||
if(!*out_buff)
|
|
||||||
{
|
|
||||||
SAFE_FREE(req_message);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(*out_buff, 0, max_out_buff_size);
|
|
||||||
|
|
||||||
//Allocate memory for the response message
|
|
||||||
resp_message = (secure_message_t*)malloc(sizeof(secure_message_t)+ max_out_buff_size);
|
|
||||||
if(!resp_message)
|
|
||||||
{
|
|
||||||
SAFE_FREE(req_message);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(resp_message, 0, sizeof(secure_message_t)+ max_out_buff_size);
|
|
||||||
|
|
||||||
//Ocall to send the request to the Destination Enclave and get the response message back
|
|
||||||
status = send_request_ocall(&retstatus, src_enclave_id, dest_enclave_id, req_message,
|
|
||||||
(sizeof(secure_message_t)+ inp_buff_len), max_out_buff_size,
|
|
||||||
resp_message, (sizeof(secure_message_t)+ max_out_buff_size));
|
|
||||||
if (status == SGX_SUCCESS)
|
|
||||||
{
|
|
||||||
if ((ATTESTATION_STATUS)retstatus != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(req_message);
|
|
||||||
SAFE_FREE(resp_message);
|
|
||||||
return ((ATTESTATION_STATUS)retstatus);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
SAFE_FREE(req_message);
|
|
||||||
SAFE_FREE(resp_message);
|
|
||||||
return ATTESTATION_SE_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
max_resp_message_length = sizeof(secure_message_t)+ max_out_buff_size;
|
|
||||||
|
|
||||||
if(sizeof(resp_message) > max_resp_message_length)
|
|
||||||
{
|
|
||||||
SAFE_FREE(req_message);
|
|
||||||
SAFE_FREE(resp_message);
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Code to process the response message from the Destination Enclave
|
|
||||||
|
|
||||||
decrypted_data_length = resp_message->message_aes_gcm_data.payload_size;
|
|
||||||
plain_text_offset = decrypted_data_length;
|
|
||||||
decrypted_data = (uint8_t*)malloc(decrypted_data_length);
|
|
||||||
if(!decrypted_data)
|
|
||||||
{
|
|
||||||
SAFE_FREE(req_message);
|
|
||||||
SAFE_FREE(resp_message);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
memset(&l_tag, 0, 16);
|
|
||||||
|
|
||||||
memset(decrypted_data, 0, decrypted_data_length);
|
|
||||||
|
|
||||||
//Decrypt the response message payload
|
|
||||||
status = sgx_rijndael128GCM_decrypt(&session_info->active.AEK, resp_message->message_aes_gcm_data.payload,
|
|
||||||
decrypted_data_length, decrypted_data,
|
|
||||||
reinterpret_cast<uint8_t *>(&(resp_message->message_aes_gcm_data.reserved)),
|
|
||||||
sizeof(resp_message->message_aes_gcm_data.reserved), &(resp_message->message_aes_gcm_data.payload[plain_text_offset]), plaintext_length,
|
|
||||||
&resp_message->message_aes_gcm_data.payload_tag);
|
|
||||||
|
|
||||||
if(SGX_SUCCESS != status)
|
|
||||||
{
|
|
||||||
SAFE_FREE(req_message);
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
SAFE_FREE(resp_message);
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Verify if the nonce obtained in the response is equal to the session nonce + 1 (Prevents replay attacks)
|
|
||||||
if(*(resp_message->message_aes_gcm_data.reserved) != (session_info->active.counter + 1 ))
|
|
||||||
{
|
|
||||||
SAFE_FREE(req_message);
|
|
||||||
SAFE_FREE(resp_message);
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Update the value of the session nonce in the source enclave
|
|
||||||
session_info->active.counter = session_info->active.counter + 1;
|
|
||||||
|
|
||||||
memcpy(out_buff_len, &decrypted_data_length, sizeof(decrypted_data_length));
|
|
||||||
memcpy(*out_buff, decrypted_data, decrypted_data_length);
|
|
||||||
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
SAFE_FREE(req_message);
|
|
||||||
SAFE_FREE(resp_message);
|
|
||||||
return SUCCESS;
|
|
||||||
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
//Process the request from the Source enclave and send the response message back to the Source enclave
|
|
||||||
ATTESTATION_STATUS generate_response(sgx_enclave_id_t src_enclave_id,
|
|
||||||
secure_message_t* req_message,
|
|
||||||
size_t req_message_size,
|
|
||||||
size_t max_payload_size,
|
|
||||||
secure_message_t* resp_message,
|
|
||||||
size_t resp_message_size)
|
|
||||||
{
|
|
||||||
const uint8_t* plaintext;
|
|
||||||
uint32_t plaintext_length;
|
|
||||||
uint8_t *decrypted_data;
|
|
||||||
uint32_t decrypted_data_length;
|
|
||||||
uint32_t plain_text_offset;
|
|
||||||
ms_in_msg_exchange_t * ms;
|
|
||||||
size_t resp_data_length;
|
|
||||||
size_t resp_message_calc_size;
|
|
||||||
char* resp_data;
|
|
||||||
uint8_t l_tag[TAG_SIZE];
|
|
||||||
size_t header_size, expected_payload_size;
|
|
||||||
dh_session_t *session_info;
|
|
||||||
secure_message_t* temp_resp_message;
|
|
||||||
uint32_t ret;
|
|
||||||
sgx_status_t status;
|
|
||||||
|
|
||||||
plaintext = (const uint8_t*)(" ");
|
|
||||||
plaintext_length = 0;
|
|
||||||
|
|
||||||
if(!req_message || !resp_message)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Get the session information from the map corresponding to the source enclave id
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_dest_session_info_map.find(src_enclave_id);
|
|
||||||
if(it != g_dest_session_info_map.end())
|
|
||||||
{
|
|
||||||
session_info = &it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(session_info->status != ACTIVE)
|
|
||||||
{
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Set the decrypted data length to the payload size obtained from the message
|
|
||||||
decrypted_data_length = req_message->message_aes_gcm_data.payload_size;
|
|
||||||
|
|
||||||
header_size = sizeof(secure_message_t);
|
|
||||||
expected_payload_size = req_message_size - header_size;
|
|
||||||
|
|
||||||
//Verify the size of the payload
|
|
||||||
if(expected_payload_size != decrypted_data_length)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
|
|
||||||
memset(&l_tag, 0, 16);
|
|
||||||
plain_text_offset = decrypted_data_length;
|
|
||||||
decrypted_data = (uint8_t*)malloc(decrypted_data_length);
|
|
||||||
if(!decrypted_data)
|
|
||||||
{
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(decrypted_data, 0, decrypted_data_length);
|
|
||||||
|
|
||||||
//Decrypt the request message payload from source enclave
|
|
||||||
status = sgx_rijndael128GCM_decrypt(&session_info->active.AEK, req_message->message_aes_gcm_data.payload,
|
|
||||||
decrypted_data_length, decrypted_data,
|
|
||||||
reinterpret_cast<uint8_t *>(&(req_message->message_aes_gcm_data.reserved)),
|
|
||||||
sizeof(req_message->message_aes_gcm_data.reserved), &(req_message->message_aes_gcm_data.payload[plain_text_offset]), plaintext_length,
|
|
||||||
&req_message->message_aes_gcm_data.payload_tag);
|
|
||||||
|
|
||||||
if(SGX_SUCCESS != status)
|
|
||||||
{
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Casting the decrypted data to the marshaling structure type to obtain type of request (generic message exchange/enclave to enclave call)
|
|
||||||
ms = (ms_in_msg_exchange_t *)decrypted_data;
|
|
||||||
|
|
||||||
|
|
||||||
// Verify if the nonce obtained in the request is equal to the session nonce
|
|
||||||
if((uint32_t)*(req_message->message_aes_gcm_data.reserved) != session_info->active.counter || *(req_message->message_aes_gcm_data.reserved) > ((2^32)-2))
|
|
||||||
{
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(ms->msg_type == MESSAGE_EXCHANGE)
|
|
||||||
{
|
|
||||||
//Call the generic secret response generator for message exchange
|
|
||||||
ret = message_exchange_response_generator((char*)decrypted_data, &resp_data, &resp_data_length);
|
|
||||||
if(ret !=0)
|
|
||||||
{
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
SAFE_FREE(resp_data);
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else if(ms->msg_type == ENCLAVE_TO_ENCLAVE_CALL)
|
|
||||||
{
|
|
||||||
//Call the destination enclave's dispatcher to call the appropriate function in the destination enclave
|
|
||||||
ret = enclave_to_enclave_call_dispatcher((char*)decrypted_data, decrypted_data_length, &resp_data, &resp_data_length);
|
|
||||||
if(ret !=0)
|
|
||||||
{
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
SAFE_FREE(resp_data);
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
return INVALID_REQUEST_TYPE_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
if(resp_data_length > max_payload_size)
|
|
||||||
{
|
|
||||||
SAFE_FREE(resp_data);
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
return OUT_BUFFER_LENGTH_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
resp_message_calc_size = sizeof(secure_message_t)+ resp_data_length;
|
|
||||||
|
|
||||||
if(resp_message_calc_size > resp_message_size)
|
|
||||||
{
|
|
||||||
SAFE_FREE(resp_data);
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
return OUT_BUFFER_LENGTH_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Code to build the response back to the Source Enclave
|
|
||||||
temp_resp_message = (secure_message_t*)malloc(resp_message_calc_size);
|
|
||||||
if(!temp_resp_message)
|
|
||||||
{
|
|
||||||
SAFE_FREE(resp_data);
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(temp_resp_message,0,sizeof(secure_message_t)+ resp_data_length);
|
|
||||||
const uint32_t data2encrypt_length = (uint32_t)resp_data_length;
|
|
||||||
temp_resp_message->session_id = session_info->session_id;
|
|
||||||
temp_resp_message->message_aes_gcm_data.payload_size = data2encrypt_length;
|
|
||||||
|
|
||||||
//Increment the Session Nonce (Replay Protection)
|
|
||||||
session_info->active.counter = session_info->active.counter + 1;
|
|
||||||
|
|
||||||
//Set the response nonce as the session nonce
|
|
||||||
memcpy(&temp_resp_message->message_aes_gcm_data.reserved,&session_info->active.counter,sizeof(session_info->active.counter));
|
|
||||||
|
|
||||||
//Prepare the response message with the encrypted payload
|
|
||||||
status = sgx_rijndael128GCM_encrypt(&session_info->active.AEK, (uint8_t*)resp_data, data2encrypt_length,
|
|
||||||
reinterpret_cast<uint8_t *>(&(temp_resp_message->message_aes_gcm_data.payload)),
|
|
||||||
reinterpret_cast<uint8_t *>(&(temp_resp_message->message_aes_gcm_data.reserved)),
|
|
||||||
sizeof(temp_resp_message->message_aes_gcm_data.reserved), plaintext, plaintext_length,
|
|
||||||
&(temp_resp_message->message_aes_gcm_data.payload_tag));
|
|
||||||
|
|
||||||
if(SGX_SUCCESS != status)
|
|
||||||
{
|
|
||||||
SAFE_FREE(resp_data);
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
SAFE_FREE(temp_resp_message);
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(resp_message, 0, sizeof(secure_message_t)+ resp_data_length);
|
|
||||||
memcpy(resp_message, temp_resp_message, sizeof(secure_message_t)+ resp_data_length);
|
|
||||||
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
SAFE_FREE(resp_data);
|
|
||||||
SAFE_FREE(temp_resp_message);
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Close a current session
|
|
||||||
ATTESTATION_STATUS close_session(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
sgx_status_t status;
|
|
||||||
|
|
||||||
uint32_t retstatus;
|
|
||||||
|
|
||||||
//Ocall to ask the destination enclave to end the session
|
|
||||||
status = end_session_ocall(&retstatus, src_enclave_id, dest_enclave_id);
|
|
||||||
if (status == SGX_SUCCESS)
|
|
||||||
{
|
|
||||||
if ((ATTESTATION_STATUS)retstatus != SUCCESS)
|
|
||||||
return ((ATTESTATION_STATUS)retstatus);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return ATTESTATION_SE_ERROR;
|
|
||||||
}
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Respond to the request from the Source Enclave to close the session
|
|
||||||
ATTESTATION_STATUS end_session(sgx_enclave_id_t src_enclave_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS status = SUCCESS;
|
|
||||||
int i;
|
|
||||||
dh_session_t session_info;
|
|
||||||
uint32_t session_id;
|
|
||||||
|
|
||||||
//Get the session information from the map corresponding to the source enclave id
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_dest_session_info_map.find(src_enclave_id);
|
|
||||||
if(it != g_dest_session_info_map.end())
|
|
||||||
{
|
|
||||||
session_info = it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
session_id = session_info.session_id;
|
|
||||||
//Erase the session information for the current session
|
|
||||||
g_dest_session_info_map.erase(src_enclave_id);
|
|
||||||
|
|
||||||
//Update the session id tracker
|
|
||||||
if (g_session_count > 0)
|
|
||||||
{
|
|
||||||
//check if session exists
|
|
||||||
for (i=1; i <= MAX_SESSION_COUNT; i++)
|
|
||||||
{
|
|
||||||
if(g_session_id_tracker[i-1] != NULL && g_session_id_tracker[i-1]->session_id == session_id)
|
|
||||||
{
|
|
||||||
memset(g_session_id_tracker[i-1], 0, sizeof(session_id_tracker_t));
|
|
||||||
SAFE_FREE(g_session_id_tracker[i-1]);
|
|
||||||
g_session_count--;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return status;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
//Returns a new sessionID for the source destination session
|
|
||||||
ATTESTATION_STATUS generate_session_id(uint32_t *session_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS status = SUCCESS;
|
|
||||||
|
|
||||||
if(!session_id)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
//if the session structure is untintialized, set that as the next session ID
|
|
||||||
for (int i = 0; i < MAX_SESSION_COUNT; i++)
|
|
||||||
{
|
|
||||||
if (g_session_id_tracker[i] == NULL)
|
|
||||||
{
|
|
||||||
*session_id = i;
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
status = NO_AVAILABLE_SESSION_ERROR;
|
|
||||||
|
|
||||||
return status;
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,54 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
#include "datatypes.h"
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "sgx_trts.h"
|
|
||||||
#include <map>
|
|
||||||
#include "dh_session_protocol.h"
|
|
||||||
|
|
||||||
#ifndef LOCALATTESTATION_H_
|
|
||||||
#define LOCALATTESTATION_H_
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
extern "C" {
|
|
||||||
#endif
|
|
||||||
|
|
||||||
uint32_t SGXAPI create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, dh_session_t *p_session_info);
|
|
||||||
uint32_t SGXAPI send_request_receive_response(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, dh_session_t *p_session_info, char *inp_buff, size_t inp_buff_len, size_t max_out_buff_size, char **out_buff, size_t* out_buff_len);
|
|
||||||
uint32_t SGXAPI close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#endif
|
|
|
@ -1,50 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
enclave {
|
|
||||||
include "sgx_eid.h"
|
|
||||||
include "datatypes.h"
|
|
||||||
include "../Include/dh_session_protocol.h"
|
|
||||||
trusted{
|
|
||||||
public uint32_t session_request(sgx_enclave_id_t src_enclave_id, [out] sgx_dh_msg1_t *dh_msg1, [out] uint32_t *session_id);
|
|
||||||
public uint32_t exchange_report(sgx_enclave_id_t src_enclave_id, [in] sgx_dh_msg2_t *dh_msg2, [out] sgx_dh_msg3_t *dh_msg3, uint32_t session_id);
|
|
||||||
public uint32_t generate_response(sgx_enclave_id_t src_enclave_id, [in, size = req_message_size] secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, [out, size=resp_message_size] secure_message_t* resp_message, size_t resp_message_size );
|
|
||||||
public uint32_t end_session(sgx_enclave_id_t src_enclave_id);
|
|
||||||
};
|
|
||||||
|
|
||||||
untrusted{
|
|
||||||
uint32_t session_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [out] sgx_dh_msg1_t *dh_msg1,[out] uint32_t *session_id);
|
|
||||||
uint32_t exchange_report_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [in] sgx_dh_msg2_t *dh_msg2, [out] sgx_dh_msg3_t *dh_msg3, uint32_t session_id);
|
|
||||||
uint32_t send_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [in, size = req_message_size] secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, [out, size=resp_message_size] secure_message_t* resp_message, size_t resp_message_size);
|
|
||||||
uint32_t end_session_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
void ocall_print_string([in, string] const char *str);
|
|
||||||
};
|
|
||||||
};
|
|
|
@ -1,105 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include "sgx_report.h"
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "sgx_ecp_types.h"
|
|
||||||
#include "sgx_dh.h"
|
|
||||||
#include "sgx_tseal.h"
|
|
||||||
|
|
||||||
#ifndef DATATYPES_H_
|
|
||||||
#define DATATYPES_H_
|
|
||||||
|
|
||||||
#define DH_KEY_SIZE 20
|
|
||||||
#define NONCE_SIZE 16
|
|
||||||
#define MAC_SIZE 16
|
|
||||||
#define MAC_KEY_SIZE 16
|
|
||||||
#define PADDING_SIZE 16
|
|
||||||
|
|
||||||
#define TAG_SIZE 16
|
|
||||||
#define IV_SIZE 12
|
|
||||||
|
|
||||||
#define DERIVE_MAC_KEY 0x0
|
|
||||||
#define DERIVE_SESSION_KEY 0x1
|
|
||||||
#define DERIVE_VK1_KEY 0x3
|
|
||||||
#define DERIVE_VK2_KEY 0x4
|
|
||||||
|
|
||||||
#define CLOSED 0x0
|
|
||||||
#define IN_PROGRESS 0x1
|
|
||||||
#define ACTIVE 0x2
|
|
||||||
|
|
||||||
#define MESSAGE_EXCHANGE 0x0
|
|
||||||
#define ENCLAVE_TO_ENCLAVE_CALL 0x1
|
|
||||||
|
|
||||||
#define INVALID_ARGUMENT -2 ///< Invalid function argument
|
|
||||||
#define LOGIC_ERROR -3 ///< Functional logic error
|
|
||||||
#define FILE_NOT_FOUND -4 ///< File not found
|
|
||||||
|
|
||||||
#define SAFE_FREE(ptr) {if (NULL != (ptr)) {free(ptr); (ptr)=NULL;}}
|
|
||||||
|
|
||||||
#define VMC_ATTRIBUTE_MASK 0xFFFFFFFFFFFFFFCB
|
|
||||||
|
|
||||||
typedef uint8_t dh_nonce[NONCE_SIZE];
|
|
||||||
typedef uint8_t cmac_128[MAC_SIZE];
|
|
||||||
|
|
||||||
#pragma pack(push, 1)
|
|
||||||
|
|
||||||
//Format of the AES-GCM message being exchanged between the source and the destination enclaves
|
|
||||||
typedef struct _secure_message_t
|
|
||||||
{
|
|
||||||
uint32_t session_id; //Session ID identifyting the session to which the message belongs
|
|
||||||
sgx_aes_gcm_data_t message_aes_gcm_data;
|
|
||||||
}secure_message_t;
|
|
||||||
|
|
||||||
//Format of the input function parameter structure
|
|
||||||
typedef struct _ms_in_msg_exchange_t {
|
|
||||||
uint32_t msg_type; //Type of Call E2E or general message exchange
|
|
||||||
uint32_t target_fn_id; //Function Id to be called in Destination. Is valid only when msg_type=ENCLAVE_TO_ENCLAVE_CALL
|
|
||||||
uint32_t inparam_buff_len; //Length of the serialized input parameters
|
|
||||||
char inparam_buff[]; //Serialized input parameters
|
|
||||||
} ms_in_msg_exchange_t;
|
|
||||||
|
|
||||||
//Format of the return value and output function parameter structure
|
|
||||||
typedef struct _ms_out_msg_exchange_t {
|
|
||||||
uint32_t retval_len; //Length of the return value
|
|
||||||
uint32_t ret_outparam_buff_len; //Length of the serialized return value and output parameters
|
|
||||||
char ret_outparam_buff[]; //Serialized return value and output parameters
|
|
||||||
} ms_out_msg_exchange_t;
|
|
||||||
|
|
||||||
//Session Tracker to generate session ids
|
|
||||||
typedef struct _session_id_tracker_t
|
|
||||||
{
|
|
||||||
uint32_t session_id;
|
|
||||||
}session_id_tracker_t;
|
|
||||||
|
|
||||||
#pragma pack(pop)
|
|
||||||
|
|
||||||
#endif
|
|
|
@ -1,53 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
#ifndef ERROR_CODES_H_
|
|
||||||
#define ERROR_CODES_H_
|
|
||||||
|
|
||||||
typedef uint32_t ATTESTATION_STATUS;
|
|
||||||
|
|
||||||
#define SUCCESS 0x00
|
|
||||||
#define INVALID_PARAMETER 0xE1
|
|
||||||
#define VALID_SESSION 0xE2
|
|
||||||
#define INVALID_SESSION 0xE3
|
|
||||||
#define ATTESTATION_ERROR 0xE4
|
|
||||||
#define ATTESTATION_SE_ERROR 0xE5
|
|
||||||
#define IPP_ERROR 0xE6
|
|
||||||
#define NO_AVAILABLE_SESSION_ERROR 0xE7
|
|
||||||
#define MALLOC_ERROR 0xE8
|
|
||||||
#define ERROR_TAG_MISMATCH 0xE9
|
|
||||||
#define OUT_BUFFER_LENGTH_ERROR 0xEA
|
|
||||||
#define INVALID_REQUEST_TYPE_ERROR 0xEB
|
|
||||||
#define INVALID_PARAMETER_ERROR 0xEC
|
|
||||||
#define ENCLAVE_TRUST_ERROR 0xED
|
|
||||||
#define ENCRYPT_DECRYPT_ERROR 0xEE
|
|
||||||
#define DUPLICATE_SESSION 0xEF
|
|
||||||
#endif
|
|
|
@ -1,346 +0,0 @@
|
||||||
#
|
|
||||||
# Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
#
|
|
||||||
# Redistribution and use in source and binary forms, with or without
|
|
||||||
# modification, are permitted provided that the following conditions
|
|
||||||
# are met:
|
|
||||||
#
|
|
||||||
# * Redistributions of source code must retain the above copyright
|
|
||||||
# notice, this list of conditions and the following disclaimer.
|
|
||||||
# * Redistributions in binary form must reproduce the above copyright
|
|
||||||
# notice, this list of conditions and the following disclaimer in
|
|
||||||
# the documentation and/or other materials provided with the
|
|
||||||
# distribution.
|
|
||||||
# * Neither the name of Intel Corporation nor the names of its
|
|
||||||
# contributors may be used to endorse or promote products derived
|
|
||||||
# from this software without specific prior written permission.
|
|
||||||
#
|
|
||||||
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
#
|
|
||||||
#
|
|
||||||
|
|
||||||
######## SGX SDK Settings ########
|
|
||||||
|
|
||||||
SGX_SDK ?= /opt/intel/sgxsdk
|
|
||||||
SGX_MODE ?= HW
|
|
||||||
SGX_ARCH ?= x64
|
|
||||||
SGX_DEBUG ?= 1
|
|
||||||
|
|
||||||
ifeq ($(shell getconf LONG_BIT), 32)
|
|
||||||
SGX_ARCH := x86
|
|
||||||
else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32)
|
|
||||||
SGX_ARCH := x86
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifeq ($(SGX_ARCH), x86)
|
|
||||||
SGX_COMMON_CFLAGS := -m32
|
|
||||||
SGX_LIBRARY_PATH := $(SGX_SDK)/lib
|
|
||||||
SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign
|
|
||||||
SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r
|
|
||||||
else
|
|
||||||
SGX_COMMON_CFLAGS := -m64
|
|
||||||
SGX_LIBRARY_PATH := $(SGX_SDK)/lib64
|
|
||||||
SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign
|
|
||||||
SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifeq ($(SGX_DEBUG), 1)
|
|
||||||
ifeq ($(SGX_PRERELEASE), 1)
|
|
||||||
$(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!)
|
|
||||||
endif
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifeq ($(SGX_DEBUG), 1)
|
|
||||||
SGX_COMMON_CFLAGS += -O0 -g
|
|
||||||
else
|
|
||||||
SGX_COMMON_CFLAGS += -O2
|
|
||||||
endif
|
|
||||||
|
|
||||||
######## Library Settings ########
|
|
||||||
|
|
||||||
Trust_Lib_Name := libLocalAttestation_Trusted.a
|
|
||||||
TrustLib_Cpp_Files := $(wildcard LocalAttestationCode/*.cpp)
|
|
||||||
TrustLib_Cpp_Objects := $(TrustLib_Cpp_Files:.cpp=.o)
|
|
||||||
TrustLib_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx -I$(SGX_SDK)/include/epid -I./Include
|
|
||||||
TrustLib_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector $(TrustLib_Include_Paths)
|
|
||||||
TrustLib_Compile_Cxx_Flags := -std=c++11 -nostdinc++
|
|
||||||
|
|
||||||
UnTrustLib_Name := libLocalAttestation_unTrusted.a
|
|
||||||
UnTrustLib_Cpp_Files := $(wildcard Untrusted_LocalAttestation/*.cpp)
|
|
||||||
UnTrustLib_Cpp_Objects := $(UnTrustLib_Cpp_Files:.cpp=.o)
|
|
||||||
UnTrustLib_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/ippcp -I./Include -I./LocalAttestationCode
|
|
||||||
UnTrustLib_Compile_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes -std=c++11 $(UnTrustLib_Include_Paths)
|
|
||||||
|
|
||||||
######## App Settings ########
|
|
||||||
|
|
||||||
ifneq ($(SGX_MODE), HW)
|
|
||||||
Urts_Library_Name := sgx_urts_sim
|
|
||||||
else
|
|
||||||
Urts_Library_Name := sgx_urts
|
|
||||||
endif
|
|
||||||
|
|
||||||
App_Cpp_Files := $(wildcard App/*.cpp)
|
|
||||||
App_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/ippcp -I./Include -I./LocalAttestationCode
|
|
||||||
|
|
||||||
App_Compile_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths)
|
|
||||||
# Three configuration modes - Debug, prerelease, release
|
|
||||||
# Debug - Macro DEBUG enabled.
|
|
||||||
# Prerelease - Macro NDEBUG and EDEBUG enabled.
|
|
||||||
# Release - Macro NDEBUG enabled.
|
|
||||||
ifeq ($(SGX_DEBUG), 1)
|
|
||||||
App_Compile_Flags += -DDEBUG -UNDEBUG -UEDEBUG
|
|
||||||
else ifeq ($(SGX_PRERELEASE), 1)
|
|
||||||
App_Compile_Flags += -DNDEBUG -DEDEBUG -UDEBUG
|
|
||||||
else
|
|
||||||
App_Compile_Flags += -DNDEBUG -UEDEBUG -UDEBUG
|
|
||||||
endif
|
|
||||||
|
|
||||||
App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -L. -lpthread -lLocalAttestation_unTrusted
|
|
||||||
|
|
||||||
ifneq ($(SGX_MODE), HW)
|
|
||||||
App_Link_Flags += -lsgx_uae_service_sim
|
|
||||||
else
|
|
||||||
App_Link_Flags += -lsgx_uae_service
|
|
||||||
endif
|
|
||||||
|
|
||||||
App_Cpp_Objects := $(App_Cpp_Files:.cpp=.o)
|
|
||||||
App_Name := app
|
|
||||||
|
|
||||||
######## Enclave Settings ########
|
|
||||||
|
|
||||||
Enclave1_Version_Script := Enclave1/Enclave1.lds
|
|
||||||
Enclave2_Version_Script := Enclave2/Enclave2.lds
|
|
||||||
Enclave3_Version_Script := Enclave3/Enclave3.lds
|
|
||||||
|
|
||||||
ifneq ($(SGX_MODE), HW)
|
|
||||||
Trts_Library_Name := sgx_trts_sim
|
|
||||||
Service_Library_Name := sgx_tservice_sim
|
|
||||||
else
|
|
||||||
Trts_Library_Name := sgx_trts
|
|
||||||
Service_Library_Name := sgx_tservice
|
|
||||||
endif
|
|
||||||
Crypto_Library_Name := sgx_tcrypto
|
|
||||||
|
|
||||||
Enclave_Cpp_Files_1 := $(wildcard Enclave1/*.cpp)
|
|
||||||
Enclave_Cpp_Files_2 := $(wildcard Enclave2/*.cpp)
|
|
||||||
Enclave_Cpp_Files_3 := $(wildcard Enclave3/*.cpp)
|
|
||||||
Enclave_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx -I./LocalAttestationCode -I./Include
|
|
||||||
|
|
||||||
CC_BELOW_4_9 := $(shell expr "`$(CC) -dumpversion`" \< "4.9")
|
|
||||||
ifeq ($(CC_BELOW_4_9), 1)
|
|
||||||
Enclave_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -ffunction-sections -fdata-sections -fstack-protector
|
|
||||||
else
|
|
||||||
Enclave_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -ffunction-sections -fdata-sections -fstack-protector-strong
|
|
||||||
endif
|
|
||||||
|
|
||||||
Enclave_Compile_Flags += $(Enclave_Include_Paths)
|
|
||||||
|
|
||||||
# To generate a proper enclave, it is recommended to follow below guideline to link the trusted libraries:
|
|
||||||
# 1. Link sgx_trts with the `--whole-archive' and `--no-whole-archive' options,
|
|
||||||
# so that the whole content of trts is included in the enclave.
|
|
||||||
# 2. For other libraries, you just need to pull the required symbols.
|
|
||||||
# Use `--start-group' and `--end-group' to link these libraries.
|
|
||||||
# Do NOT move the libraries linked with `--start-group' and `--end-group' within `--whole-archive' and `--no-whole-archive' options.
|
|
||||||
# Otherwise, you may get some undesirable errors.
|
|
||||||
Common_Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \
|
|
||||||
-Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
|
|
||||||
-Wl,--start-group -lsgx_tstdc -lsgx_tcxx -l$(Crypto_Library_Name) -L. -lLocalAttestation_Trusted -l$(Service_Library_Name) -Wl,--end-group \
|
|
||||||
-Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
|
|
||||||
-Wl,-pie,-eenclave_entry -Wl,--export-dynamic \
|
|
||||||
-Wl,--defsym,__ImageBase=0 -Wl,--gc-sections
|
|
||||||
Enclave1_Link_Flags := $(Common_Enclave_Link_Flags) -Wl,--version-script=$(Enclave1_Version_Script)
|
|
||||||
Enclave2_Link_Flags := $(Common_Enclave_Link_Flags) -Wl,--version-script=$(Enclave2_Version_Script)
|
|
||||||
Enclave3_Link_Flags := $(Common_Enclave_Link_Flags) -Wl,--version-script=$(Enclave3_Version_Script)
|
|
||||||
|
|
||||||
Enclave_Cpp_Objects_1 := $(Enclave_Cpp_Files_1:.cpp=.o)
|
|
||||||
Enclave_Cpp_Objects_2 := $(Enclave_Cpp_Files_2:.cpp=.o)
|
|
||||||
Enclave_Cpp_Objects_3 := $(Enclave_Cpp_Files_3:.cpp=.o)
|
|
||||||
|
|
||||||
Enclave_Name_1 := libenclave1.so
|
|
||||||
Enclave_Name_2 := libenclave2.so
|
|
||||||
Enclave_Name_3 := libenclave3.so
|
|
||||||
|
|
||||||
ifeq ($(SGX_MODE), HW)
|
|
||||||
ifeq ($(SGX_DEBUG), 1)
|
|
||||||
Build_Mode = HW_DEBUG
|
|
||||||
else ifeq ($(SGX_PRERELEASE), 1)
|
|
||||||
Build_Mode = HW_PRERELEASE
|
|
||||||
else
|
|
||||||
Build_Mode = HW_RELEASE
|
|
||||||
endif
|
|
||||||
else
|
|
||||||
ifeq ($(SGX_DEBUG), 1)
|
|
||||||
Build_Mode = SIM_DEBUG
|
|
||||||
else ifeq ($(SGX_PRERELEASE), 1)
|
|
||||||
Build_Mode = SIM_PRERELEASE
|
|
||||||
else
|
|
||||||
Build_Mode = SIM_RELEASE
|
|
||||||
endif
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifeq ($(Build_Mode), HW_RELEASE)
|
|
||||||
all: .config_$(Build_Mode)_$(SGX_ARCH) $(Trust_Lib_Name) $(UnTrustLib_Name) Enclave1.so Enclave2.so Enclave3.so $(App_Name)
|
|
||||||
@echo "The project has been built in release hardware mode."
|
|
||||||
@echo "Please sign the enclaves (Enclave1.so, Enclave2.so, Enclave3.so) first with your signing keys before you run the $(App_Name) to launch and access the enclave."
|
|
||||||
@echo "To sign the enclaves use the following commands:"
|
|
||||||
@echo " $(SGX_ENCLAVE_SIGNER) sign -key <key1> -enclave Enclave1.so -out <$(Enclave_Name_1)> -config Enclave1/Enclave1.config.xml"
|
|
||||||
@echo " $(SGX_ENCLAVE_SIGNER) sign -key <key2> -enclave Enclave2.so -out <$(Enclave_Name_2)> -config Enclave2/Enclave2.config.xml"
|
|
||||||
@echo " $(SGX_ENCLAVE_SIGNER) sign -key <key3> -enclave Enclave3.so -out <$(Enclave_Name_3)> -config Enclave3/Enclave3.config.xml"
|
|
||||||
@echo "You can also sign the enclaves using an external signing tool."
|
|
||||||
@echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW."
|
|
||||||
else
|
|
||||||
all: .config_$(Build_Mode)_$(SGX_ARCH) $(Trust_Lib_Name) $(UnTrustLib_Name) $(Enclave_Name_1) $(Enclave_Name_2) $(Enclave_Name_3) $(App_Name)
|
|
||||||
ifeq ($(Build_Mode), HW_DEBUG)
|
|
||||||
@echo "The project has been built in debug hardware mode."
|
|
||||||
else ifeq ($(Build_Mode), SIM_DEBUG)
|
|
||||||
@echo "The project has been built in debug simulation mode."
|
|
||||||
else ifeq ($(Build_Mode), HW_PRERELEASE)
|
|
||||||
@echo "The project has been built in pre-release hardware mode."
|
|
||||||
else ifeq ($(Build_Mode), SIM_PRERELEASE)
|
|
||||||
@echo "The project has been built in pre-release simulation mode."
|
|
||||||
else
|
|
||||||
@echo "The project has been built in release simulation mode."
|
|
||||||
endif
|
|
||||||
endif
|
|
||||||
|
|
||||||
.config_$(Build_Mode)_$(SGX_ARCH):
|
|
||||||
@rm -rf .config_* $(App_Name) *.so *.a App/*.o Enclave1/*.o Enclave1/*_t.* Enclave1/*_u.* Enclave2/*.o Enclave2/*_t.* Enclave2/*_u.* Enclave3/*.o Enclave3/*_t.* Enclave3/*_u.* LocalAttestationCode/*.o Untrusted_LocalAttestation/*.o LocalAttestationCode/*_t.*
|
|
||||||
@touch .config_$(Build_Mode)_$(SGX_ARCH)
|
|
||||||
|
|
||||||
######## Library Objects ########
|
|
||||||
|
|
||||||
LocalAttestationCode/LocalAttestationCode_t.c LocalAttestationCode/LocalAttestationCode_t.h : $(SGX_EDGER8R) LocalAttestationCode/LocalAttestationCode.edl
|
|
||||||
@cd LocalAttestationCode && $(SGX_EDGER8R) --trusted ../LocalAttestationCode/LocalAttestationCode.edl --search-path $(SGX_SDK)/include
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
LocalAttestationCode/LocalAttestationCode_t.o: LocalAttestationCode/LocalAttestationCode_t.c
|
|
||||||
@$(CC) $(TrustLib_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
LocalAttestationCode/%.o: LocalAttestationCode/%.cpp LocalAttestationCode/LocalAttestationCode_t.h
|
|
||||||
@$(CXX) $(TrustLib_Compile_Flags) $(TrustLib_Compile_Cxx_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
$(Trust_Lib_Name): LocalAttestationCode/LocalAttestationCode_t.o $(TrustLib_Cpp_Objects)
|
|
||||||
@$(AR) rcs $@ $^
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
Untrusted_LocalAttestation/%.o: Untrusted_LocalAttestation/%.cpp
|
|
||||||
@$(CXX) $(UnTrustLib_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
$(UnTrustLib_Name): $(UnTrustLib_Cpp_Objects)
|
|
||||||
@$(AR) rcs $@ $^
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
######## App Objects ########
|
|
||||||
Enclave1/Enclave1_u.c Enclave1/Enclave1_u.h: $(SGX_EDGER8R) Enclave1/Enclave1.edl
|
|
||||||
@cd Enclave1 && $(SGX_EDGER8R) --use-prefix --untrusted ../Enclave1/Enclave1.edl --search-path $(SGX_SDK)/include
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
App/Enclave1_u.o: Enclave1/Enclave1_u.c
|
|
||||||
@$(CC) $(App_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
Enclave2/Enclave2_u.c Enclave2/Enclave2_u.h: $(SGX_EDGER8R) Enclave2/Enclave2.edl
|
|
||||||
@cd Enclave2 && $(SGX_EDGER8R) --use-prefix --untrusted ../Enclave2/Enclave2.edl --search-path $(SGX_SDK)/include
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
App/Enclave2_u.o: Enclave2/Enclave2_u.c
|
|
||||||
@$(CC) $(App_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
Enclave3/Enclave3_u.c Enclave3/Enclave3_u.h: $(SGX_EDGER8R) Enclave3/Enclave3.edl
|
|
||||||
@cd Enclave3 && $(SGX_EDGER8R) --use-prefix --untrusted ../Enclave3/Enclave3.edl --search-path $(SGX_SDK)/include
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
App/Enclave3_u.o: Enclave3/Enclave3_u.c
|
|
||||||
@$(CC) $(App_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
App/%.o: App/%.cpp Enclave1/Enclave1_u.h Enclave2/Enclave2_u.h Enclave3/Enclave3_u.h
|
|
||||||
@$(CXX) $(App_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CXX <= $<"
|
|
||||||
|
|
||||||
$(App_Name): App/Enclave1_u.o App/Enclave2_u.o App/Enclave3_u.o $(App_Cpp_Objects) $(UnTrustLib_Name)
|
|
||||||
@$(CXX) $^ -o $@ $(App_Link_Flags)
|
|
||||||
@echo "LINK => $@"
|
|
||||||
|
|
||||||
|
|
||||||
######## Enclave Objects ########
|
|
||||||
|
|
||||||
Enclave1/Enclave1_t.c Enclave1/Enclave1_t.h: $(SGX_EDGER8R) Enclave1/Enclave1.edl
|
|
||||||
@cd Enclave1 && $(SGX_EDGER8R) --use-prefix --trusted ../Enclave1/Enclave1.edl --search-path $(SGX_SDK)/include
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
Enclave1/Enclave1_t.o: Enclave1/Enclave1_t.c
|
|
||||||
@$(CC) $(Enclave_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
Enclave1/%.o: Enclave1/%.cpp Enclave1/Enclave1_t.h
|
|
||||||
@$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CXX <= $<"
|
|
||||||
|
|
||||||
Enclave1.so: Enclave1/Enclave1_t.o $(Enclave_Cpp_Objects_1) $(Trust_Lib_Name)
|
|
||||||
@$(CXX) Enclave1/Enclave1_t.o $(Enclave_Cpp_Objects_1) -o $@ $(Enclave1_Link_Flags)
|
|
||||||
@echo "LINK => $@"
|
|
||||||
|
|
||||||
$(Enclave_Name_1): Enclave1.so
|
|
||||||
@$(SGX_ENCLAVE_SIGNER) sign -key Enclave1/Enclave1_private.pem -enclave Enclave1.so -out $@ -config Enclave1/Enclave1.config.xml
|
|
||||||
@echo "SIGN => $@"
|
|
||||||
|
|
||||||
Enclave2/Enclave2_t.c: $(SGX_EDGER8R) Enclave2/Enclave2.edl
|
|
||||||
@cd Enclave2 && $(SGX_EDGER8R) --use-prefix --trusted ../Enclave2/Enclave2.edl --search-path $(SGX_SDK)/include
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
Enclave2/Enclave2_t.o: Enclave2/Enclave2_t.c
|
|
||||||
@$(CC) $(Enclave_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
Enclave2/%.o: Enclave2/%.cpp
|
|
||||||
@$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CXX <= $<"
|
|
||||||
|
|
||||||
Enclave2.so: Enclave2/Enclave2_t.o $(Enclave_Cpp_Objects_2) $(Trust_Lib_Name)
|
|
||||||
@$(CXX) Enclave2/Enclave2_t.o $(Enclave_Cpp_Objects_2) -o $@ $(Enclave2_Link_Flags)
|
|
||||||
@echo "LINK => $@"
|
|
||||||
|
|
||||||
$(Enclave_Name_2): Enclave2.so
|
|
||||||
@$(SGX_ENCLAVE_SIGNER) sign -key Enclave2/Enclave2_private.pem -enclave Enclave2.so -out $@ -config Enclave2/Enclave2.config.xml
|
|
||||||
@echo "SIGN => $@"
|
|
||||||
|
|
||||||
Enclave3/Enclave3_t.c: $(SGX_EDGER8R) Enclave3/Enclave3.edl
|
|
||||||
@cd Enclave3 && $(SGX_EDGER8R) --use-prefix --trusted ../Enclave3/Enclave3.edl --search-path $(SGX_SDK)/include
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
Enclave3/Enclave3_t.o: Enclave3/Enclave3_t.c
|
|
||||||
@$(CC) $(Enclave_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
Enclave3/%.o: Enclave3/%.cpp
|
|
||||||
@$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CXX <= $<"
|
|
||||||
|
|
||||||
Enclave3.so: Enclave3/Enclave3_t.o $(Enclave_Cpp_Objects_3) $(Trust_Lib_Name)
|
|
||||||
@$(CXX) Enclave3/Enclave3_t.o $(Enclave_Cpp_Objects_3) -o $@ $(Enclave3_Link_Flags)
|
|
||||||
@echo "LINK => $@"
|
|
||||||
|
|
||||||
$(Enclave_Name_3): Enclave3.so
|
|
||||||
@$(SGX_ENCLAVE_SIGNER) sign -key Enclave3/Enclave3_private.pem -enclave Enclave3.so -out $@ -config Enclave3/Enclave3.config.xml
|
|
||||||
@echo "SIGN => $@"
|
|
||||||
|
|
||||||
######## Clean ########
|
|
||||||
.PHONY: clean
|
|
||||||
|
|
||||||
clean:
|
|
||||||
@rm -rf .config_* $(App_Name) *.so *.a App/*.o Enclave1/*.o Enclave1/*_t.* Enclave1/*_u.* Enclave2/*.o Enclave2/*_t.* Enclave2/*_u.* Enclave3/*.o Enclave3/*_t.* Enclave3/*_u.* LocalAttestationCode/*.o Untrusted_LocalAttestation/*.o LocalAttestationCode/*_t.*
|
|
|
@ -1,29 +0,0 @@
|
||||||
---------------------------
|
|
||||||
Purpose of LocalAttestation
|
|
||||||
---------------------------
|
|
||||||
The project demonstrates:
|
|
||||||
- How to establish a protected channel
|
|
||||||
- Secret message exchange using enclave to enclave function calls
|
|
||||||
|
|
||||||
------------------------------------
|
|
||||||
How to Build/Execute the Sample Code
|
|
||||||
------------------------------------
|
|
||||||
1. Install Intel(R) Software Guard Extensions (Intel(R) SGX) SDK for Linux* OS
|
|
||||||
2. Make sure your environment is set:
|
|
||||||
$ source ${sgx-sdk-install-path}/environment
|
|
||||||
3. Build the project with the prepared Makefile:
|
|
||||||
a. Hardware Mode, Debug build:
|
|
||||||
$ make
|
|
||||||
b. Hardware Mode, Pre-release build:
|
|
||||||
$ make SGX_PRERELEASE=1 SGX_DEBUG=0
|
|
||||||
c. Hardware Mode, Release build:
|
|
||||||
$ make SGX_DEBUG=0
|
|
||||||
d. Simulation Mode, Debug build:
|
|
||||||
$ make SGX_MODE=SIM
|
|
||||||
e. Simulation Mode, Pre-release build:
|
|
||||||
$ make SGX_MODE=SIM SGX_PRERELEASE=1 SGX_DEBUG=0
|
|
||||||
f. Simulation Mode, Release build:
|
|
||||||
$ make SGX_MODE=SIM SGX_DEBUG=0
|
|
||||||
4. Execute the binary directly:
|
|
||||||
$ ./app
|
|
||||||
5. Remember to "make clean" before switching build mode
|
|
|
@ -1,194 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "error_codes.h"
|
|
||||||
#include "datatypes.h"
|
|
||||||
#include "sgx_urts.h"
|
|
||||||
#include "UntrustedEnclaveMessageExchange.h"
|
|
||||||
#include "sgx_dh.h"
|
|
||||||
#include <map>
|
|
||||||
#include <sys/ipc.h>
|
|
||||||
#include <sys/shm.h>
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <unistd.h>
|
|
||||||
|
|
||||||
std::map<sgx_enclave_id_t, uint32_t>g_enclave_id_map;
|
|
||||||
|
|
||||||
//Makes an sgx_ecall to the destination enclave to get session id and message1
|
|
||||||
ATTESTATION_STATUS session_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id)
|
|
||||||
{
|
|
||||||
uint32_t status = 0;
|
|
||||||
sgx_status_t ret = SGX_SUCCESS;
|
|
||||||
|
|
||||||
// wait for Enclave2 to fill msg1
|
|
||||||
printf("[OCALL IPC] Waiting for Enclave2 to generate SessionID and message1...\n");
|
|
||||||
sleep(5);
|
|
||||||
|
|
||||||
printf("[OCALL IPC] SessionID and message1 should be ready\n");
|
|
||||||
|
|
||||||
// for session id
|
|
||||||
printf("[OCALL IPC] Retriving SessionID from shared memory\n");
|
|
||||||
key_t key_session_id = ftok("../..", 3);
|
|
||||||
int shmid_session_id = shmget(key_session_id, sizeof(uint32_t), 0666|IPC_CREAT);
|
|
||||||
uint32_t* tmp_session_id = (uint32_t*)shmat(shmid_session_id, (void*)0, 0);
|
|
||||||
memcpy(session_id, tmp_session_id, sizeof(uint32_t));
|
|
||||||
shmdt(tmp_session_id);
|
|
||||||
|
|
||||||
// for msg1
|
|
||||||
printf("[OCALL IPC] Retriving message1 from shared memory\n");
|
|
||||||
key_t key_msg1 = ftok("../..", 2);
|
|
||||||
int shmid_msg1 = shmget(key_msg1, sizeof(sgx_dh_msg1_t), 0666|IPC_CREAT);
|
|
||||||
sgx_dh_msg1_t *tmp_msg1 = (sgx_dh_msg1_t*)shmat(shmid_msg1, (void*)0, 0);
|
|
||||||
memcpy(dh_msg1, tmp_msg1, sizeof(sgx_dh_msg1_t));
|
|
||||||
shmdt(tmp_msg1);
|
|
||||||
|
|
||||||
ret = SGX_SUCCESS;
|
|
||||||
|
|
||||||
if (ret == SGX_SUCCESS)
|
|
||||||
return SUCCESS;
|
|
||||||
else
|
|
||||||
return INVALID_SESSION;
|
|
||||||
|
|
||||||
}
|
|
||||||
//Makes an sgx_ecall to the destination enclave sends message2 from the source enclave and gets message 3 from the destination enclave
|
|
||||||
ATTESTATION_STATUS exchange_report_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t session_id)
|
|
||||||
{
|
|
||||||
uint32_t status = 0;
|
|
||||||
sgx_status_t ret = SGX_SUCCESS;
|
|
||||||
|
|
||||||
// for msg2 (filled by Enclave1)
|
|
||||||
printf("[OCALL IPC] Passing message2 to shared memory for Enclave2\n");
|
|
||||||
key_t key_msg2 = ftok("../..", 4);
|
|
||||||
int shmid_msg2 = shmget(key_msg2, sizeof(sgx_dh_msg2_t), 0666|IPC_CREAT);
|
|
||||||
sgx_dh_msg2_t *tmp_msg2 = (sgx_dh_msg2_t*)shmat(shmid_msg2, (void*)0, 0);
|
|
||||||
memcpy(tmp_msg2, dh_msg2, sizeof(sgx_dh_msg2_t));
|
|
||||||
shmdt(tmp_msg2);
|
|
||||||
|
|
||||||
// wait for Enclave2 to process msg2
|
|
||||||
printf("[OCALL IPC] Waiting for Enclave2 to process message2 and generate message3...\n");
|
|
||||||
sleep(5);
|
|
||||||
|
|
||||||
// retrieve msg3 (filled by Enclave2)
|
|
||||||
printf("[OCALL IPC] Message3 should be ready\n");
|
|
||||||
printf("[OCALL IPC] Retrieving message3 from shared memory\n");
|
|
||||||
key_t key_msg3 = ftok("../..", 5);
|
|
||||||
int shmid_msg3 = shmget(key_msg3, sizeof(sgx_dh_msg3_t), 0666|IPC_CREAT);
|
|
||||||
sgx_dh_msg3_t *tmp_msg3 = (sgx_dh_msg3_t*)shmat(shmid_msg3, (void*)0, 0);
|
|
||||||
memcpy(dh_msg3, tmp_msg3, sizeof(sgx_dh_msg3_t));
|
|
||||||
shmdt(tmp_msg3);
|
|
||||||
|
|
||||||
ret = SGX_SUCCESS;
|
|
||||||
if (ret == SGX_SUCCESS)
|
|
||||||
return SUCCESS;
|
|
||||||
else
|
|
||||||
return INVALID_SESSION;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
//Make an sgx_ecall to the destination enclave function that generates the actual response
|
|
||||||
ATTESTATION_STATUS send_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id,secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size)
|
|
||||||
{
|
|
||||||
uint32_t status = 0;
|
|
||||||
sgx_status_t ret = SGX_SUCCESS;
|
|
||||||
uint32_t temp_enclave_no;
|
|
||||||
|
|
||||||
std::map<sgx_enclave_id_t, uint32_t>::iterator it = g_enclave_id_map.find(dest_enclave_id);
|
|
||||||
if(it != g_enclave_id_map.end())
|
|
||||||
{
|
|
||||||
temp_enclave_no = it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
switch(temp_enclave_no)
|
|
||||||
{
|
|
||||||
case 1:
|
|
||||||
ret = Enclave1_generate_response(dest_enclave_id, &status, src_enclave_id, req_message, req_message_size, max_payload_size, resp_message, resp_message_size);
|
|
||||||
break;
|
|
||||||
case 2:
|
|
||||||
ret = Enclave2_generate_response(dest_enclave_id, &status, src_enclave_id, req_message, req_message_size, max_payload_size, resp_message, resp_message_size);
|
|
||||||
break;
|
|
||||||
case 3:
|
|
||||||
ret = Enclave3_generate_response(dest_enclave_id, &status, src_enclave_id, req_message, req_message_size, max_payload_size, resp_message, resp_message_size);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
if (ret == SGX_SUCCESS)
|
|
||||||
return (ATTESTATION_STATUS)status;
|
|
||||||
else
|
|
||||||
return INVALID_SESSION;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
//Make an sgx_ecall to the destination enclave to close the session
|
|
||||||
ATTESTATION_STATUS end_session_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
uint32_t status = 0;
|
|
||||||
sgx_status_t ret = SGX_SUCCESS;
|
|
||||||
uint32_t temp_enclave_no;
|
|
||||||
|
|
||||||
std::map<sgx_enclave_id_t, uint32_t>::iterator it = g_enclave_id_map.find(dest_enclave_id);
|
|
||||||
if(it != g_enclave_id_map.end())
|
|
||||||
{
|
|
||||||
temp_enclave_no = it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
switch(temp_enclave_no)
|
|
||||||
{
|
|
||||||
case 1:
|
|
||||||
ret = Enclave1_end_session(dest_enclave_id, &status, src_enclave_id);
|
|
||||||
break;
|
|
||||||
case 2:
|
|
||||||
ret = Enclave2_end_session(dest_enclave_id, &status, src_enclave_id);
|
|
||||||
break;
|
|
||||||
case 3:
|
|
||||||
ret = Enclave3_end_session(dest_enclave_id, &status, src_enclave_id);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
if (ret == SGX_SUCCESS)
|
|
||||||
return (ATTESTATION_STATUS)status;
|
|
||||||
else
|
|
||||||
return INVALID_SESSION;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
void ocall_print_string(const char *str)
|
|
||||||
{
|
|
||||||
printf("%s", str);
|
|
||||||
}
|
|
|
@ -1,74 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "error_codes.h"
|
|
||||||
#include "datatypes.h"
|
|
||||||
#include "sgx_urts.h"
|
|
||||||
#include "dh_session_protocol.h"
|
|
||||||
#include "sgx_dh.h"
|
|
||||||
#include <cstddef>
|
|
||||||
|
|
||||||
|
|
||||||
#ifndef ULOCALATTESTATION_H_
|
|
||||||
#define ULOCALATTESTATION_H_
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
extern "C" {
|
|
||||||
#endif
|
|
||||||
|
|
||||||
sgx_status_t Enclave1_session_request(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id);
|
|
||||||
sgx_status_t Enclave1_exchange_report(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id);
|
|
||||||
sgx_status_t Enclave1_generate_response(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size);
|
|
||||||
sgx_status_t Enclave1_end_session(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id);
|
|
||||||
|
|
||||||
sgx_status_t Enclave2_session_request(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id);
|
|
||||||
sgx_status_t Enclave2_exchange_report(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id);
|
|
||||||
sgx_status_t Enclave2_generate_response(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size);
|
|
||||||
sgx_status_t Enclave2_end_session(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id);
|
|
||||||
|
|
||||||
sgx_status_t Enclave3_session_request(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id);
|
|
||||||
sgx_status_t Enclave3_exchange_report(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id);
|
|
||||||
sgx_status_t Enclave3_generate_response(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size);
|
|
||||||
sgx_status_t Enclave3_end_session(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id);
|
|
||||||
|
|
||||||
uint32_t session_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id);
|
|
||||||
uint32_t exchange_report_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id);
|
|
||||||
uint32_t send_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size);
|
|
||||||
uint32_t end_session_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
void ocall_print_string(const char *str);
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#endif
|
|
|
@ -1,216 +0,0 @@
|
||||||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
|
||||||
<?fileVersion 4.0.0?><cproject storage_type_id="org.eclipse.cdt.core.XmlProjectDescriptionStorage">
|
|
||||||
<storageModule moduleId="org.eclipse.cdt.core.settings">
|
|
||||||
<cconfiguration id="com.intel.sgx.configuration.Sim.Debug">
|
|
||||||
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.Sim.Debug" moduleId="org.eclipse.cdt.core.settings" name="Intel(R) SGX Simulation Debug">
|
|
||||||
<externalSettings/>
|
|
||||||
<extensions>
|
|
||||||
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
</extensions>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
|
|
||||||
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.Sim.Debug" name="Intel(R) SGX Simulation Debug" parent="com.intel.sgx.configuration.Sim.Debug">
|
|
||||||
<folderInfo id="com.intel.sgx.configuration.Sim.Debug.935873960" name="/" resourcePath="">
|
|
||||||
<toolChain id="com.intel.sgx.toolChain.Sim.Debug.2132595457" name="Intel(R) SGX" superClass="com.intel.sgx.toolChain.Sim.Debug">
|
|
||||||
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.1678491512" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
|
|
||||||
<builder arguments="SGX_DEBUG=1 SGX_MODE=SIM -f Makefile" command="make" id="com.intel.sgx.builder2.229166714" keepEnvironmentInBuildfile="false" name="Intel(R) Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder2"/>
|
|
||||||
<tool id="com.intel.sgx.compiler.81269967" name="Intel(R) SGX" superClass="com.intel.sgx.compiler">
|
|
||||||
<option id="com.intel.sgx.option.includePath.1694375039" superClass="com.intel.sgx.option.includePath" valueType="includePath">
|
|
||||||
<listOptionValue builtIn="false" value=""${SGX_SDK}/include""/>
|
|
||||||
</option>
|
|
||||||
<inputType id="com.intel.sgx.inputType.742388855" superClass="com.intel.sgx.inputType"/>
|
|
||||||
</tool>
|
|
||||||
</toolChain>
|
|
||||||
</folderInfo>
|
|
||||||
</configuration>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
|
|
||||||
</cconfiguration>
|
|
||||||
<cconfiguration id="com.intel.sgx.configuration.Sim.Release">
|
|
||||||
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.Sim.Release" moduleId="org.eclipse.cdt.core.settings" name="Intel(R) SGX Simulation">
|
|
||||||
<externalSettings/>
|
|
||||||
<extensions>
|
|
||||||
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
</extensions>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
|
|
||||||
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.Sim.Release" name="Intel(R) SGX Simulation" parent="com.intel.sgx.configuration.Sim.Release">
|
|
||||||
<folderInfo id="com.intel.sgx.configuration.Sim.Release.428839196" name="/" resourcePath="">
|
|
||||||
<toolChain id="com.intel.sgx.toolChain.Sim.Release.709775329" name="Intel(R) SGX" superClass="com.intel.sgx.toolChain.Sim.Release">
|
|
||||||
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.1866379479" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
|
|
||||||
<builder arguments="SGX_DEBUG=0 SGX_MODE=SIM -f Makefile" command="make" id="com.intel.sgx.builder3.1000705250" keepEnvironmentInBuildfile="false" name="Intel(R) Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder3"/>
|
|
||||||
<tool id="com.intel.sgx.compiler.301453474" name="Intel(R) SGX" superClass="com.intel.sgx.compiler">
|
|
||||||
<option id="com.intel.sgx.option.includePath.1312096753" superClass="com.intel.sgx.option.includePath" valueType="includePath">
|
|
||||||
<listOptionValue builtIn="false" value=""${SGX_SDK}/include""/>
|
|
||||||
</option>
|
|
||||||
<inputType id="com.intel.sgx.inputType.596141238" superClass="com.intel.sgx.inputType"/>
|
|
||||||
</tool>
|
|
||||||
</toolChain>
|
|
||||||
</folderInfo>
|
|
||||||
</configuration>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
|
|
||||||
</cconfiguration>
|
|
||||||
<cconfiguration id="com.intel.sgx.configuration.HW.Debug">
|
|
||||||
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.HW.Debug" moduleId="org.eclipse.cdt.core.settings" name="Intel(R) SGX Hardware Debug">
|
|
||||||
<externalSettings/>
|
|
||||||
<extensions>
|
|
||||||
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
</extensions>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
|
|
||||||
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.HW.Debug" name="Intel(R) SGX Hardware Debug" parent="com.intel.sgx.configuration.HW.Debug">
|
|
||||||
<folderInfo id="com.intel.sgx.configuration.HW.Debug.562917509" name="/" resourcePath="">
|
|
||||||
<toolChain id="com.intel.sgx.toolChain.HW.Debug.2046051538" name="Intel(R) SGX" superClass="com.intel.sgx.toolChain.HW.Debug">
|
|
||||||
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.999277922" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
|
|
||||||
<builder arguments="SGX_DEBUG=1 SGX_MODE=HW -f Makefile" command="make" id="com.intel.sgx.builder1.577701014" keepEnvironmentInBuildfile="false" name="Intel(R) Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder1"/>
|
|
||||||
<tool id="com.intel.sgx.compiler.1898704176" name="Intel(R) SGX" superClass="com.intel.sgx.compiler">
|
|
||||||
<option id="com.intel.sgx.option.includePath.1026657138" superClass="com.intel.sgx.option.includePath" valueType="includePath">
|
|
||||||
<listOptionValue builtIn="false" value=""${SGX_SDK}/include""/>
|
|
||||||
</option>
|
|
||||||
<inputType id="com.intel.sgx.inputType.393162412" superClass="com.intel.sgx.inputType"/>
|
|
||||||
</tool>
|
|
||||||
</toolChain>
|
|
||||||
</folderInfo>
|
|
||||||
</configuration>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
|
|
||||||
</cconfiguration>
|
|
||||||
<cconfiguration id="com.intel.sgx.configuration.HW.Prerelease">
|
|
||||||
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.HW.Prerelease" moduleId="org.eclipse.cdt.core.settings" name="Intel(R) SGX Hardware Prerelease">
|
|
||||||
<externalSettings/>
|
|
||||||
<extensions>
|
|
||||||
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
</extensions>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
|
|
||||||
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.HW.Prerelease" name="Intel(R) SGX Hardware Prerelease" parent="com.intel.sgx.configuration.HW.Prerelease">
|
|
||||||
<folderInfo id="com.intel.sgx.configuration.HW.Prerelease.2074448686" name="/" resourcePath="">
|
|
||||||
<toolChain id="com.intel.sgx.toolChain.HW.Prerelease.2016152654" name="Intel(R) SGX" superClass="com.intel.sgx.toolChain.HW.Prerelease">
|
|
||||||
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.1520324017" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
|
|
||||||
<builder arguments="SGX_PRERELEASE=1 SGX_MODE=HW -f Makefile" command="make" id="com.intel.sgx.builder5.293910513" keepEnvironmentInBuildfile="false" name="Intel(R) Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder5"/>
|
|
||||||
<tool id="com.intel.sgx.compiler.845441552" name="Intel(R) SGX" superClass="com.intel.sgx.compiler">
|
|
||||||
<option id="com.intel.sgx.option.includePath.199398937" superClass="com.intel.sgx.option.includePath" valueType="includePath">
|
|
||||||
<listOptionValue builtIn="false" value=""${SGX_SDK}/include""/>
|
|
||||||
</option>
|
|
||||||
<inputType id="com.intel.sgx.inputType.1555926498" superClass="com.intel.sgx.inputType"/>
|
|
||||||
</tool>
|
|
||||||
</toolChain>
|
|
||||||
</folderInfo>
|
|
||||||
</configuration>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
|
|
||||||
</cconfiguration>
|
|
||||||
<cconfiguration id="com.intel.sgx.configuration.HW.Release">
|
|
||||||
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.HW.Release" moduleId="org.eclipse.cdt.core.settings" name="Intel(R) SGX Hardware Release">
|
|
||||||
<externalSettings/>
|
|
||||||
<extensions>
|
|
||||||
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
</extensions>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
|
|
||||||
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.HW.Release" name="Intel(R) SGX Hardware Release" parent="com.intel.sgx.configuration.HW.Release">
|
|
||||||
<folderInfo id="com.intel.sgx.configuration.HW.Release.1347223665" name="/" resourcePath="">
|
|
||||||
<toolChain id="com.intel.sgx.toolChain.HW.Release.1050674831" name="Intel(R) SGX" superClass="com.intel.sgx.toolChain.HW.Release">
|
|
||||||
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.987781695" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
|
|
||||||
<builder arguments="SGX_DEBUG=0 SGX_MODE=HW -f Makefile" command="make" id="com.intel.sgx.builder6.484951388" keepEnvironmentInBuildfile="false" name="Intel(R) Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder6"/>
|
|
||||||
<tool id="com.intel.sgx.compiler.945246695" name="Intel(R) SGX" superClass="com.intel.sgx.compiler">
|
|
||||||
<option id="com.intel.sgx.option.includePath.119487102" superClass="com.intel.sgx.option.includePath" valueType="includePath">
|
|
||||||
<listOptionValue builtIn="false" value=""${SGX_SDK}/include""/>
|
|
||||||
</option>
|
|
||||||
<inputType id="com.intel.sgx.inputType.593431891" superClass="com.intel.sgx.inputType"/>
|
|
||||||
</tool>
|
|
||||||
</toolChain>
|
|
||||||
</folderInfo>
|
|
||||||
</configuration>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
|
|
||||||
</cconfiguration>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
|
|
||||||
<project id="LocalAttestation.cdt.managedbuild.target.gnu.exe.872917958" name="Executable" projectType="cdt.managedbuild.target.gnu.exe"/>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="org.eclipse.cdt.core.LanguageSettingsProviders"/>
|
|
||||||
<storageModule moduleId="refreshScope" versionNumber="2">
|
|
||||||
<configuration configurationName="Intel(R) SGX Hardware Debug">
|
|
||||||
<resource resourceType="PROJECT" workspacePath="/LocalAttestation"/>
|
|
||||||
</configuration>
|
|
||||||
<configuration configurationName="Intel(R) SGX Simulation Debug">
|
|
||||||
<resource resourceType="PROJECT" workspacePath="/LocalAttestation"/>
|
|
||||||
</configuration>
|
|
||||||
<configuration configurationName="Intel(R) SGX Hardware Prerelease">
|
|
||||||
<resource resourceType="PROJECT" workspacePath="/LocalAttestation"/>
|
|
||||||
</configuration>
|
|
||||||
<configuration configurationName="Intel(R) SGX Simulation">
|
|
||||||
<resource resourceType="PROJECT" workspacePath="/LocalAttestation"/>
|
|
||||||
</configuration>
|
|
||||||
<configuration configurationName="Intel(R) SGX Hardware Release">
|
|
||||||
<resource resourceType="PROJECT" workspacePath="/LocalAttestation"/>
|
|
||||||
</configuration>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="scannerConfiguration">
|
|
||||||
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
|
|
||||||
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.HW.Release;com.intel.sgx.configuration.HW.Release.1347223665;com.intel.sgx.compiler.945246695;com.intel.sgx.inputType.593431891">
|
|
||||||
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
|
|
||||||
</scannerConfigBuildInfo>
|
|
||||||
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.Sim.Debug;com.intel.sgx.configuration.Sim.Debug.935873960;com.intel.sgx.compiler.81269967;com.intel.sgx.inputType.742388855">
|
|
||||||
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
|
|
||||||
</scannerConfigBuildInfo>
|
|
||||||
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.Sim.Release;com.intel.sgx.configuration.Sim.Release.428839196;com.intel.sgx.compiler.301453474;com.intel.sgx.inputType.596141238">
|
|
||||||
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
|
|
||||||
</scannerConfigBuildInfo>
|
|
||||||
<scannerConfigBuildInfo instanceId="cdt.managedbuild.config.gnu.exe.debug.1609650460;cdt.managedbuild.config.gnu.exe.debug.1609650460.;cdt.managedbuild.tool.gnu.c.compiler.exe.debug.1644119147;cdt.managedbuild.tool.gnu.c.compiler.input.938348551">
|
|
||||||
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
|
|
||||||
</scannerConfigBuildInfo>
|
|
||||||
<scannerConfigBuildInfo instanceId="cdt.managedbuild.config.gnu.exe.release.1394873887;cdt.managedbuild.config.gnu.exe.release.1394873887.;cdt.managedbuild.tool.gnu.c.compiler.exe.release.2035356548;cdt.managedbuild.tool.gnu.c.compiler.input.793813290">
|
|
||||||
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
|
|
||||||
</scannerConfigBuildInfo>
|
|
||||||
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.HW.Debug;com.intel.sgx.configuration.HW.Debug.562917509;com.intel.sgx.compiler.1898704176;com.intel.sgx.inputType.393162412">
|
|
||||||
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
|
|
||||||
</scannerConfigBuildInfo>
|
|
||||||
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.HW.Prerelease;com.intel.sgx.configuration.HW.Prerelease.2074448686;com.intel.sgx.compiler.845441552;com.intel.sgx.inputType.1555926498">
|
|
||||||
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
|
|
||||||
</scannerConfigBuildInfo>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="org.eclipse.cdt.internal.ui.text.commentOwnerProjectMappings"/>
|
|
||||||
</cproject>
|
|
|
@ -1,28 +0,0 @@
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
|
||||||
<projectDescription>
|
|
||||||
<name>LocalAttestation</name>
|
|
||||||
<comment></comment>
|
|
||||||
<projects>
|
|
||||||
</projects>
|
|
||||||
<buildSpec>
|
|
||||||
<buildCommand>
|
|
||||||
<name>org.eclipse.cdt.managedbuilder.core.genmakebuilder</name>
|
|
||||||
<triggers>clean,full,incremental,</triggers>
|
|
||||||
<arguments>
|
|
||||||
</arguments>
|
|
||||||
</buildCommand>
|
|
||||||
<buildCommand>
|
|
||||||
<name>org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder</name>
|
|
||||||
<triggers>full,incremental,</triggers>
|
|
||||||
<arguments>
|
|
||||||
</arguments>
|
|
||||||
</buildCommand>
|
|
||||||
</buildSpec>
|
|
||||||
<natures>
|
|
||||||
<nature>org.eclipse.cdt.core.cnature</nature>
|
|
||||||
<nature>org.eclipse.cdt.managedbuilder.core.managedBuildNature</nature>
|
|
||||||
<nature>org.eclipse.cdt.managedbuilder.core.ScannerConfigNature</nature>
|
|
||||||
<nature>org.eclipse.cdt.core.ccnature</nature>
|
|
||||||
<nature>com.intel.sgx.sgxnature</nature>
|
|
||||||
</natures>
|
|
||||||
</projectDescription>
|
|
|
@ -1,73 +0,0 @@
|
||||||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
|
||||||
<project>
|
|
||||||
<configuration id="com.intel.sgx.configuration.Sim.Debug" name="Intel(R) SGX Simulation Debug">
|
|
||||||
<extension point="org.eclipse.cdt.core.LanguageSettingsProvider">
|
|
||||||
<provider class="org.eclipse.cdt.core.language.settings.providers.LanguageSettingsGenericProvider" id="org.eclipse.cdt.ui.UserLanguageSettingsProvider" name="CDT User Setting Entries" prefer-non-shared="true" store-entries-with-project="true">
|
|
||||||
<resource project-relative-path="">
|
|
||||||
<entry kind="includePath" name="${SGX_SDK}/include">
|
|
||||||
<flag value="LOCAL"/>
|
|
||||||
</entry>
|
|
||||||
</resource>
|
|
||||||
</provider>
|
|
||||||
<provider-reference id="org.eclipse.cdt.core.ReferencedProjectsLanguageSettingsProvider" ref="shared-provider"/>
|
|
||||||
<provider-reference id="org.eclipse.cdt.managedbuilder.core.MBSLanguageSettingsProvider" ref="shared-provider"/>
|
|
||||||
<provider-reference id="org.eclipse.cdt.managedbuilder.core.GCCBuiltinSpecsDetector" ref="shared-provider"/>
|
|
||||||
</extension>
|
|
||||||
</configuration>
|
|
||||||
<configuration id="com.intel.sgx.configuration.Sim.Release" name="Intel(R) SGX Simulation">
|
|
||||||
<extension point="org.eclipse.cdt.core.LanguageSettingsProvider">
|
|
||||||
<provider class="org.eclipse.cdt.core.language.settings.providers.LanguageSettingsGenericProvider" id="org.eclipse.cdt.ui.UserLanguageSettingsProvider" name="CDT User Setting Entries" prefer-non-shared="true" store-entries-with-project="true">
|
|
||||||
<resource project-relative-path="">
|
|
||||||
<entry kind="includePath" name="${SGX_SDK}/include">
|
|
||||||
<flag value="LOCAL"/>
|
|
||||||
</entry>
|
|
||||||
</resource>
|
|
||||||
</provider>
|
|
||||||
<provider-reference id="org.eclipse.cdt.core.ReferencedProjectsLanguageSettingsProvider" ref="shared-provider"/>
|
|
||||||
<provider-reference id="org.eclipse.cdt.managedbuilder.core.MBSLanguageSettingsProvider" ref="shared-provider"/>
|
|
||||||
<provider-reference id="org.eclipse.cdt.managedbuilder.core.GCCBuiltinSpecsDetector" ref="shared-provider"/>
|
|
||||||
</extension>
|
|
||||||
</configuration>
|
|
||||||
<configuration id="com.intel.sgx.configuration.HW.Debug" name="Intel(R) SGX Hardware Debug">
|
|
||||||
<extension point="org.eclipse.cdt.core.LanguageSettingsProvider">
|
|
||||||
<provider class="org.eclipse.cdt.core.language.settings.providers.LanguageSettingsGenericProvider" id="org.eclipse.cdt.ui.UserLanguageSettingsProvider" name="CDT User Setting Entries" prefer-non-shared="true" store-entries-with-project="true">
|
|
||||||
<resource project-relative-path="">
|
|
||||||
<entry kind="includePath" name="${SGX_SDK}/include">
|
|
||||||
<flag value="LOCAL"/>
|
|
||||||
</entry>
|
|
||||||
</resource>
|
|
||||||
</provider>
|
|
||||||
<provider-reference id="org.eclipse.cdt.core.ReferencedProjectsLanguageSettingsProvider" ref="shared-provider"/>
|
|
||||||
<provider-reference id="org.eclipse.cdt.managedbuilder.core.MBSLanguageSettingsProvider" ref="shared-provider"/>
|
|
||||||
<provider-reference id="org.eclipse.cdt.managedbuilder.core.GCCBuiltinSpecsDetector" ref="shared-provider"/>
|
|
||||||
</extension>
|
|
||||||
</configuration>
|
|
||||||
<configuration id="com.intel.sgx.configuration.HW.Prerelease" name="Intel(R) SGX Hardware Prerelease">
|
|
||||||
<extension point="org.eclipse.cdt.core.LanguageSettingsProvider">
|
|
||||||
<provider class="org.eclipse.cdt.core.language.settings.providers.LanguageSettingsGenericProvider" id="org.eclipse.cdt.ui.UserLanguageSettingsProvider" name="CDT User Setting Entries" prefer-non-shared="true" store-entries-with-project="true">
|
|
||||||
<resource project-relative-path="">
|
|
||||||
<entry kind="includePath" name="${SGX_SDK}/include">
|
|
||||||
<flag value="LOCAL"/>
|
|
||||||
</entry>
|
|
||||||
</resource>
|
|
||||||
</provider>
|
|
||||||
<provider-reference id="org.eclipse.cdt.core.ReferencedProjectsLanguageSettingsProvider" ref="shared-provider"/>
|
|
||||||
<provider-reference id="org.eclipse.cdt.managedbuilder.core.MBSLanguageSettingsProvider" ref="shared-provider"/>
|
|
||||||
<provider-reference id="org.eclipse.cdt.managedbuilder.core.GCCBuiltinSpecsDetector" ref="shared-provider"/>
|
|
||||||
</extension>
|
|
||||||
</configuration>
|
|
||||||
<configuration id="com.intel.sgx.configuration.HW.Release" name="Intel(R) SGX Hardware Release">
|
|
||||||
<extension point="org.eclipse.cdt.core.LanguageSettingsProvider">
|
|
||||||
<provider class="org.eclipse.cdt.core.language.settings.providers.LanguageSettingsGenericProvider" id="org.eclipse.cdt.ui.UserLanguageSettingsProvider" name="CDT User Setting Entries" prefer-non-shared="true" store-entries-with-project="true">
|
|
||||||
<resource project-relative-path="">
|
|
||||||
<entry kind="includePath" name="${SGX_SDK}/include">
|
|
||||||
<flag value="LOCAL"/>
|
|
||||||
</entry>
|
|
||||||
</resource>
|
|
||||||
</provider>
|
|
||||||
<provider-reference id="org.eclipse.cdt.core.ReferencedProjectsLanguageSettingsProvider" ref="shared-provider"/>
|
|
||||||
<provider-reference id="org.eclipse.cdt.managedbuilder.core.MBSLanguageSettingsProvider" ref="shared-provider"/>
|
|
||||||
<provider-reference id="org.eclipse.cdt.managedbuilder.core.GCCBuiltinSpecsDetector" ref="shared-provider"/>
|
|
||||||
</extension>
|
|
||||||
</configuration>
|
|
||||||
</project>
|
|
|
@ -1,151 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
// App.cpp : Defines the entry point for the console application.
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <map>
|
|
||||||
#include "../Enclave1/Enclave1_u.h"
|
|
||||||
#include "../Enclave2/Enclave2_u.h"
|
|
||||||
#include "../Enclave3/Enclave3_u.h"
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "sgx_urts.h"
|
|
||||||
#define __STDC_FORMAT_MACROS
|
|
||||||
#include <inttypes.h>
|
|
||||||
|
|
||||||
#include <sys/ipc.h>
|
|
||||||
#include <sys/shm.h>
|
|
||||||
#include <unistd.h>
|
|
||||||
|
|
||||||
#define UNUSED(val) (void)(val)
|
|
||||||
#define TCHAR char
|
|
||||||
#define _TCHAR char
|
|
||||||
#define _T(str) str
|
|
||||||
#define scanf_s scanf
|
|
||||||
#define _tmain main
|
|
||||||
|
|
||||||
extern std::map<sgx_enclave_id_t, uint32_t>g_enclave_id_map;
|
|
||||||
|
|
||||||
|
|
||||||
sgx_enclave_id_t e1_enclave_id = 0;
|
|
||||||
sgx_enclave_id_t e2_enclave_id = 0;
|
|
||||||
sgx_enclave_id_t e3_enclave_id = 0;
|
|
||||||
|
|
||||||
#define ENCLAVE1_PATH "libenclave1.so"
|
|
||||||
#define ENCLAVE2_PATH "libenclave2.so"
|
|
||||||
#define ENCLAVE3_PATH "libenclave3.so"
|
|
||||||
|
|
||||||
void waitForKeyPress()
|
|
||||||
{
|
|
||||||
char ch;
|
|
||||||
int temp;
|
|
||||||
printf("\n\nHit a key....\n");
|
|
||||||
temp = scanf_s("%c", &ch);
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t load_enclaves()
|
|
||||||
{
|
|
||||||
uint32_t enclave_temp_no;
|
|
||||||
int ret, launch_token_updated;
|
|
||||||
sgx_launch_token_t launch_token;
|
|
||||||
|
|
||||||
enclave_temp_no = 0;
|
|
||||||
|
|
||||||
ret = sgx_create_enclave(ENCLAVE1_PATH, SGX_DEBUG_FLAG, &launch_token, &launch_token_updated, &e1_enclave_id, NULL);
|
|
||||||
if (ret != SGX_SUCCESS) {
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
enclave_temp_no++;
|
|
||||||
g_enclave_id_map.insert(std::pair<sgx_enclave_id_t, uint32_t>(e1_enclave_id, enclave_temp_no));
|
|
||||||
|
|
||||||
return SGX_SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
int _tmain(int argc, _TCHAR* argv[])
|
|
||||||
{
|
|
||||||
uint32_t ret_status;
|
|
||||||
sgx_status_t status;
|
|
||||||
|
|
||||||
UNUSED(argc);
|
|
||||||
UNUSED(argv);
|
|
||||||
|
|
||||||
if(load_enclaves() != SGX_SUCCESS)
|
|
||||||
{
|
|
||||||
printf("\nLoad Enclave Failure");
|
|
||||||
}
|
|
||||||
|
|
||||||
//printf("\nAvailable Enclaves");
|
|
||||||
//printf("\nEnclave1 - EnclaveID %" PRIx64 "\n", e1_enclave_id);
|
|
||||||
|
|
||||||
// shared memory between Enlave1 and Enclave2 to pass data
|
|
||||||
key_t key = ftok("../..", 1);
|
|
||||||
int shmid = shmget(key, 1024, 0666 | IPC_CREAT);
|
|
||||||
char *str = (char*)shmat(shmid, (void*)0, 0);
|
|
||||||
|
|
||||||
printf("[TEST IPC] Receiving from Enclave1: %s", str);
|
|
||||||
|
|
||||||
shmdt(str);
|
|
||||||
shmctl(shmid, IPC_RMID, NULL);
|
|
||||||
|
|
||||||
do
|
|
||||||
{
|
|
||||||
printf("[START] Testing create session between Enclave1 (Initiator) and Enclave2 (Responder)\n");
|
|
||||||
status = Enclave1_test_create_session(e1_enclave_id, &ret_status, e1_enclave_id, 0);
|
|
||||||
if (status!=SGX_SUCCESS)
|
|
||||||
{
|
|
||||||
printf("[END] test_create_session Ecall failed: Error code is %x\n", status);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
if(ret_status==0)
|
|
||||||
{
|
|
||||||
printf("[END] Secure Channel Establishment between Initiator (E1) and Responder (E2) Enclaves successful !!!\n");
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
printf("[END] Session establishment and key exchange failure between Initiator (E1) and Responder (E2): Error code is %x\n", ret_status);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#pragma warning (push)
|
|
||||||
#pragma warning (disable : 4127)
|
|
||||||
}while(0);
|
|
||||||
#pragma warning (pop)
|
|
||||||
|
|
||||||
sgx_destroy_enclave(e1_enclave_id);
|
|
||||||
|
|
||||||
waitForKeyPress();
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
|
@ -1,12 +0,0 @@
|
||||||
<EnclaveConfiguration>
|
|
||||||
<ProdID>0</ProdID>
|
|
||||||
<ISVSVN>0</ISVSVN>
|
|
||||||
<StackMaxSize>0x40000</StackMaxSize>
|
|
||||||
<HeapMaxSize>0x100000</HeapMaxSize>
|
|
||||||
<TCSNum>1</TCSNum>
|
|
||||||
<TCSPolicy>1</TCSPolicy>
|
|
||||||
<!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
|
|
||||||
<DisableDebug>0</DisableDebug>
|
|
||||||
<MiscSelect>0</MiscSelect>
|
|
||||||
<MiscMask>0xFFFFFFFF</MiscMask>
|
|
||||||
</EnclaveConfiguration>
|
|
|
@ -1,367 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
// Enclave1.cpp : Defines the exported functions for the .so application
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "Enclave1_t.h"
|
|
||||||
#include "EnclaveMessageExchange.h"
|
|
||||||
#include "error_codes.h"
|
|
||||||
#include "Utility_E1.h"
|
|
||||||
#include "sgx_thread.h"
|
|
||||||
#include "sgx_dh.h"
|
|
||||||
#include <map>
|
|
||||||
|
|
||||||
#define UNUSED(val) (void)(val)
|
|
||||||
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>g_src_session_info_map;
|
|
||||||
|
|
||||||
static uint32_t e1_foo1_wrapper(ms_in_msg_exchange_t *ms, size_t param_lenth, char** resp_buffer, size_t* resp_length);
|
|
||||||
|
|
||||||
//Function pointer table containing the list of functions that the enclave exposes
|
|
||||||
const struct {
|
|
||||||
size_t num_funcs;
|
|
||||||
const void* table[1];
|
|
||||||
} func_table = {
|
|
||||||
1,
|
|
||||||
{
|
|
||||||
(const void*)e1_foo1_wrapper,
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
//Makes use of the sample code function to establish a secure channel with the destination enclave (Test Vector)
|
|
||||||
uint32_t test_create_session(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
dh_session_t dest_session_info;
|
|
||||||
|
|
||||||
//Core reference code function for creating a session
|
|
||||||
ke_status = create_session(src_enclave_id, dest_enclave_id, &dest_session_info);
|
|
||||||
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Makes use of the sample code function to do an enclave to enclave call (Test Vector)
|
|
||||||
uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
uint32_t var1,var2;
|
|
||||||
uint32_t target_fn_id, msg_type;
|
|
||||||
char* marshalled_inp_buff;
|
|
||||||
size_t marshalled_inp_buff_len;
|
|
||||||
char* out_buff;
|
|
||||||
size_t out_buff_len;
|
|
||||||
dh_session_t *dest_session_info;
|
|
||||||
size_t max_out_buff_size;
|
|
||||||
char* retval;
|
|
||||||
|
|
||||||
var1 = 0x4;
|
|
||||||
var2 = 0x5;
|
|
||||||
target_fn_id = 0;
|
|
||||||
msg_type = ENCLAVE_TO_ENCLAVE_CALL;
|
|
||||||
max_out_buff_size = 50;
|
|
||||||
|
|
||||||
//Marshals the input parameters for calling function foo1 in Enclave2 into a input buffer
|
|
||||||
ke_status = marshal_input_parameters_e2_foo1(target_fn_id, msg_type, var1, var2, &marshalled_inp_buff, &marshalled_inp_buff_len);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Search the map for the session information associated with the destination enclave id of Enclave2 passed in
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
|
|
||||||
if(it != g_src_session_info_map.end())
|
|
||||||
{
|
|
||||||
dest_session_info = &it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Core Reference Code function
|
|
||||||
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
|
|
||||||
marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
|
|
||||||
|
|
||||||
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Un-marshal the return value and output parameters from foo1 of Enclave 2
|
|
||||||
ke_status = unmarshal_retval_and_output_parameters_e2_foo1(out_buff, &retval);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
SAFE_FREE(retval);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Makes use of the sample code function to do a generic secret message exchange (Test Vector)
|
|
||||||
uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
uint32_t target_fn_id, msg_type;
|
|
||||||
char* marshalled_inp_buff;
|
|
||||||
size_t marshalled_inp_buff_len;
|
|
||||||
char* out_buff;
|
|
||||||
size_t out_buff_len;
|
|
||||||
dh_session_t *dest_session_info;
|
|
||||||
size_t max_out_buff_size;
|
|
||||||
char* secret_response;
|
|
||||||
uint32_t secret_data;
|
|
||||||
|
|
||||||
target_fn_id = 0;
|
|
||||||
msg_type = MESSAGE_EXCHANGE;
|
|
||||||
max_out_buff_size = 50;
|
|
||||||
secret_data = 0x12345678; //Secret Data here is shown only for purpose of demonstration.
|
|
||||||
|
|
||||||
//Marshals the secret data into a buffer
|
|
||||||
ke_status = marshal_message_exchange_request(target_fn_id, msg_type, secret_data, &marshalled_inp_buff, &marshalled_inp_buff_len);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
//Search the map for the session information associated with the destination enclave id passed in
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
|
|
||||||
if(it != g_src_session_info_map.end())
|
|
||||||
{
|
|
||||||
dest_session_info = &it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Core Reference Code function
|
|
||||||
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
|
|
||||||
marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Un-marshal the secret response data
|
|
||||||
ke_status = umarshal_message_exchange_response(out_buff, &secret_response);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
SAFE_FREE(secret_response);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
//Makes use of the sample code function to close a current session
|
|
||||||
uint32_t test_close_session(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
dh_session_t dest_session_info;
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
//Search the map for the session information associated with the destination enclave id passed in
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
|
|
||||||
if(it != g_src_session_info_map.end())
|
|
||||||
{
|
|
||||||
dest_session_info = it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Core reference code function for closing a session
|
|
||||||
ke_status = close_session(src_enclave_id, dest_enclave_id);
|
|
||||||
|
|
||||||
//Erase the session information associated with the destination enclave id
|
|
||||||
g_src_session_info_map.erase(dest_enclave_id);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Function that is used to verify the trust of the other enclave
|
|
||||||
//Each enclave can have its own way verifying the peer enclave identity
|
|
||||||
extern "C" uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity)
|
|
||||||
{
|
|
||||||
if(!peer_enclave_identity)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
if(peer_enclave_identity->isv_prod_id != 0 || !(peer_enclave_identity->attributes.flags & SGX_FLAGS_INITTED))
|
|
||||||
// || peer_enclave_identity->attributes.xfrm !=3)// || peer_enclave_identity->mr_signer != xx //TODO: To be hardcoded with values to check
|
|
||||||
{
|
|
||||||
return ENCLAVE_TRUST_ERROR;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
//Dispatcher function that calls the approriate enclave function based on the function id
|
|
||||||
//Each enclave can have its own way of dispatching the calls from other enclave
|
|
||||||
extern "C" uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data,
|
|
||||||
size_t decrypted_data_length,
|
|
||||||
char** resp_buffer,
|
|
||||||
size_t* resp_length)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
uint32_t (*fn1)(ms_in_msg_exchange_t *ms, size_t, char**, size_t*);
|
|
||||||
if(!decrypted_data || !resp_length)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
ms = (ms_in_msg_exchange_t *)decrypted_data;
|
|
||||||
if(ms->target_fn_id >= func_table.num_funcs)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
fn1 = (uint32_t (*)(ms_in_msg_exchange_t*, size_t, char**, size_t*))func_table.table[ms->target_fn_id];
|
|
||||||
return fn1(ms, decrypted_data_length, resp_buffer, resp_length);
|
|
||||||
}
|
|
||||||
|
|
||||||
//Operates on the input secret and generates the output secret
|
|
||||||
uint32_t get_message_exchange_response(uint32_t inp_secret_data)
|
|
||||||
{
|
|
||||||
uint32_t secret_response;
|
|
||||||
|
|
||||||
//User should use more complex encryption method to protect their secret, below is just a simple example
|
|
||||||
secret_response = inp_secret_data & 0x11111111;
|
|
||||||
|
|
||||||
return secret_response;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
//Generates the response from the request message
|
|
||||||
extern "C" uint32_t message_exchange_response_generator(char* decrypted_data,
|
|
||||||
char** resp_buffer,
|
|
||||||
size_t* resp_length)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
uint32_t inp_secret_data;
|
|
||||||
uint32_t out_secret_data;
|
|
||||||
if(!decrypted_data || !resp_length)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
ms = (ms_in_msg_exchange_t *)decrypted_data;
|
|
||||||
|
|
||||||
if(umarshal_message_exchange_request(&inp_secret_data,ms) != SUCCESS)
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
|
|
||||||
out_secret_data = get_message_exchange_response(inp_secret_data);
|
|
||||||
|
|
||||||
if(marshal_message_exchange_response(resp_buffer, resp_length, out_secret_data) != SUCCESS)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
static uint32_t e1_foo1(external_param_struct_t *p_struct_var)
|
|
||||||
{
|
|
||||||
if(!p_struct_var)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
(p_struct_var->var1)++;
|
|
||||||
(p_struct_var->var2)++;
|
|
||||||
(p_struct_var->p_internal_struct->ivar1)++;
|
|
||||||
(p_struct_var->p_internal_struct->ivar2)++;
|
|
||||||
|
|
||||||
return (p_struct_var->var1 + p_struct_var->var2 + p_struct_var->p_internal_struct->ivar1 + p_struct_var->p_internal_struct->ivar2);
|
|
||||||
}
|
|
||||||
|
|
||||||
//Function which is executed on request from the source enclave
|
|
||||||
static uint32_t e1_foo1_wrapper(ms_in_msg_exchange_t *ms,
|
|
||||||
size_t param_lenth,
|
|
||||||
char** resp_buffer,
|
|
||||||
size_t* resp_length)
|
|
||||||
{
|
|
||||||
UNUSED(param_lenth);
|
|
||||||
|
|
||||||
uint32_t ret;
|
|
||||||
size_t len_data, len_ptr_data;
|
|
||||||
external_param_struct_t *p_struct_var;
|
|
||||||
internal_param_struct_t internal_struct_var;
|
|
||||||
|
|
||||||
if(!ms || !resp_length)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
p_struct_var = (external_param_struct_t*)malloc(sizeof(external_param_struct_t));
|
|
||||||
if(!p_struct_var)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
p_struct_var->p_internal_struct = &internal_struct_var;
|
|
||||||
|
|
||||||
if(unmarshal_input_parameters_e1_foo1(p_struct_var, ms) != SUCCESS)//can use the stack
|
|
||||||
{
|
|
||||||
SAFE_FREE(p_struct_var);
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = e1_foo1(p_struct_var);
|
|
||||||
|
|
||||||
len_data = sizeof(external_param_struct_t) - sizeof(p_struct_var->p_internal_struct);
|
|
||||||
len_ptr_data = sizeof(internal_struct_var);
|
|
||||||
|
|
||||||
if(marshal_retval_and_output_parameters_e1_foo1(resp_buffer, resp_length, ret, p_struct_var, len_data, len_ptr_data) != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(p_struct_var);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
SAFE_FREE(p_struct_var);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,43 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
enclave {
|
|
||||||
include "sgx_eid.h"
|
|
||||||
from "../LocalAttestationCode/LocalAttestationCode.edl" import *;
|
|
||||||
from "sgx_tstdc.edl" import *;
|
|
||||||
trusted{
|
|
||||||
public uint32_t test_create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
public uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
public uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
public uint32_t test_close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
|
|
@ -1,10 +0,0 @@
|
||||||
Enclave1.so
|
|
||||||
{
|
|
||||||
global:
|
|
||||||
g_global_data_sim;
|
|
||||||
g_global_data;
|
|
||||||
enclave_entry;
|
|
||||||
g_peak_heap_used;
|
|
||||||
local:
|
|
||||||
*;
|
|
||||||
};
|
|
|
@ -1,39 +0,0 @@
|
||||||
-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIIG4wIBAAKCAYEAuJh4w/KzndQhzEqwH6Ut/3BmOom5CN117KT1/cemEbDLPhn0
|
|
||||||
c5yjAfe4NL1qtGqz0RTK9X9BBSi89b6BrsM9S6c2cUJaeYAPrAtJ+IuzN/5BAmmf
|
|
||||||
RXbPccETd7rHvDdQ9KBRjCipTx+H0D5nOB76S5PZPVrduwrCmSqVFmLNVWWfPYQx
|
|
||||||
YewbJ2QfEfioICZFYR0Jou38mJqDTl+CH0gLAuQ4n1kdpQ3VGymzt3oUiPzf5ImJ
|
|
||||||
oZh5HjarRRiWV+cyNyXYJTnx0dOtFQDgd8HhniagbRB0ZOIt6599JjMkWGkVP0Ni
|
|
||||||
U/NIlXG5musU35GfLB8MbTcxblMNm9sMYz1R8y/eAreoPTXUhtK8NG2TEywRh3UP
|
|
||||||
RF9/jM9WczjQXxJ3RznKOwNVwg4cRY2AOqD2vb1iGSqyc/WMzVULgfclkcScp75/
|
|
||||||
Auz9Y6473CQvaxyrseSWHGwCG7KG1GxYE8Bg8T6OlYD4mzKggoMdwVLAzUepRaPZ
|
|
||||||
5hqRDZzbTGUxJ+GLAgEDAoIBgHsQUIKhzRPiwTLcdWpuHqpK7tGxJgXo+Uht+VPa
|
|
||||||
brZ13NQRTaJobKv6es3TnHhHIotjMfj/gK4bKKPUVnSCKN0aJEuBkaZVX8gHhqWy
|
|
||||||
d3qpgKxGai5PNPaAt6UnL9LPi03ANl1wcN9qWorURNAUpt0NO348k9IHLGYcY2RB
|
|
||||||
3jjuaikCy5adZ2+YFLalxWrELkC+BmyeqGW8V4mVAWowB1dC0Go7aRiz42dxInpR
|
|
||||||
YwX96phbsRZlphQkci4QZDqaIFg3ndzTO5bo704zaMcbWtEjmFrYRyb519tRoDkN
|
|
||||||
Y0rGwOxFANeRV5dSfGGLm7K5JztiuHN0nMu3PhY4LOV0SeZ4+5sYn0LzB2nyKqgy
|
|
||||||
/c3AA2OG34DEdGxxh94kD66iKFVPyJG38/gnu9CsGmrLl3n4fgutPEVIbPdSSjex
|
|
||||||
4Y9EQfcnqImPxTrpP9CqD208VPcQHD/uy8s9q3961Ew3RPdHMZ8amIJdXkOmPEme
|
|
||||||
KZ7SG+VENBaj8r038iq1mPzcWwKBwQDcvJg75LfVuKX+cWMrTO2+MFVcEFiZ/NB/
|
|
||||||
gh7mgL6lCleROVa9P6iR2Wn6vHq8nP5BkChehm/rXEG78fgXEMoArimF7FrrICfI
|
|
||||||
4yB0opDJz/tWrE/62impN7OR8Ce+RQThFj4RTnibQEEVt++JMUXFiMKLdWDSpC2i
|
|
||||||
tNWnlTOb7d89bk0yk62IoLElCZK/MIMxkCHBKW6YgrmvlPJKQwpA6Z3wQbUpE6Rb
|
|
||||||
9f8xJfxZGEJPH0s3Ds9A0CVuEt8OOXcCgcEA1hXTHhhgmb2gIUJgIcvrpkDmiLux
|
|
||||||
EG6ZoyLt6h5QwzScS6KKU1mcoJyVDd0wlt7mEXrPYYHWUWPuvpTQ8/4ZGMw7FCZe
|
|
||||||
bakhnwRbw36FlLwRG35wCF6nQO1XFBKRGto15ivfTyDvMpJBdtNpET5NwT/ifDF3
|
|
||||||
OWS7t6TGhtcfnvBad5S1AgGoAq+q/huFiBGpDbxJ+1xh0lNL5Z8nVypvPWomNpde
|
|
||||||
rpLuwRPEIb+GBfQ9Hp5AjRXVsPjKnkHsnl2NAoHBAJMoZX1DJTklw/72Qhzd89Qg
|
|
||||||
OOgK5bv94FUBae8Afxixj7YmOdN/xbaQ8VHS/H29/tZgGumu9UeS1n1L+roLMVXJ
|
|
||||||
cQPy50dqxTCXavhsYIaKp48diqc8G8YlImFKxSmDWJYO1AuJpbzVgLklSlt2LoOw
|
|
||||||
gbJOQIxtc8HN48UOImfz6ij0M3cNHlsVy24GYdTLAiEKwStw9GWse8pjTDGCBtXx
|
|
||||||
E/WBI3C3wuf5VMtuqDtlgYoU3M9fNNXgGPQMlLQmTwKBwQCOuTdpZZW708AWLEAW
|
|
||||||
h/Ju1e8F0nYK9GZswfPxaYsszb2HwbGM5mhrEw4JPiBklJlg/IpBATmLl/R/DeCi
|
|
||||||
qWYQiCdixD7zxhZqAufXqa5jKAtnqaAFlG+AnjoNYbYR5s6ZcpTfa0ohttZPN5tg
|
|
||||||
1DPWKpb9dk97mH0lGIRZ5L+/Sub6YyNWq8VXH8dUElkFYRtefYankuvhjN1Dv2+P
|
|
||||||
cZ9+RsQkZOnJt0nWDS1r1QQD+Ci/FCsIuTkgpdxpgUhpk7MCgcEAkfkmaBDb7DG2
|
|
||||||
Kc39R6ZZuPnV10w+WOpph7ugwcguG/E0wGq+jFWv6HFckCPeHT4BNtOk8Dem/kPp
|
|
||||||
teF51eAuFWEefj2tScvlSBBPcnla+WzMWXrlxVnajTt73w+oT2Ql//WhgREpsNfx
|
|
||||||
SvU80YPVu4GJfl+hhxBifLx+0FM20OESW93qFRc3p040bNrDY9JIZuly/y5zaiBa
|
|
||||||
mRZF9H8P+x3Lu5AJpdXQEOMZ/XJ/xkoWWjbTojkmgOmmZSMLd5Te
|
|
||||||
-----END RSA PRIVATE KEY-----
|
|
|
@ -1,222 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "EnclaveMessageExchange.h"
|
|
||||||
#include "error_codes.h"
|
|
||||||
#include "Utility_E1.h"
|
|
||||||
#include "stdlib.h"
|
|
||||||
#include "string.h"
|
|
||||||
|
|
||||||
uint32_t marshal_input_parameters_e2_foo1(uint32_t target_fn_id, uint32_t msg_type, uint32_t var1, uint32_t var2, char** marshalled_buff, size_t* marshalled_buff_len)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
size_t param_len, ms_len;
|
|
||||||
char *temp_buff;
|
|
||||||
|
|
||||||
param_len = sizeof(var1)+sizeof(var2);
|
|
||||||
temp_buff = (char*)malloc(param_len);
|
|
||||||
if(!temp_buff)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
memcpy(temp_buff,&var1,sizeof(var1));
|
|
||||||
memcpy(temp_buff+sizeof(var1),&var2,sizeof(var2));
|
|
||||||
ms_len = sizeof(ms_in_msg_exchange_t) + param_len;
|
|
||||||
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
{
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
ms->msg_type = msg_type;
|
|
||||||
ms->target_fn_id = target_fn_id;
|
|
||||||
ms->inparam_buff_len = (uint32_t)param_len;
|
|
||||||
memcpy(&ms->inparam_buff, temp_buff, param_len);
|
|
||||||
*marshalled_buff = (char*)ms;
|
|
||||||
*marshalled_buff_len = ms_len;
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t unmarshal_retval_and_output_parameters_e2_foo1(char* out_buff, char** retval)
|
|
||||||
{
|
|
||||||
size_t retval_len;
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
if(!out_buff)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
ms = (ms_out_msg_exchange_t *)out_buff;
|
|
||||||
retval_len = ms->retval_len;
|
|
||||||
*retval = (char*)malloc(retval_len);
|
|
||||||
if(!*retval)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
memcpy(*retval, ms->ret_outparam_buff, retval_len);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t unmarshal_input_parameters_e1_foo1(external_param_struct_t *pstruct, ms_in_msg_exchange_t* ms)
|
|
||||||
{
|
|
||||||
char* buff;
|
|
||||||
size_t len;
|
|
||||||
if(!pstruct || !ms)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
|
|
||||||
buff = ms->inparam_buff;
|
|
||||||
len = ms->inparam_buff_len;
|
|
||||||
if(len != (sizeof(pstruct->var1)+sizeof(pstruct->var2)+sizeof(pstruct->p_internal_struct->ivar1)+sizeof(pstruct->p_internal_struct->ivar2)))
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
|
|
||||||
memcpy(&pstruct->var1, buff, sizeof(pstruct->var1));
|
|
||||||
memcpy(&pstruct->var2, buff + sizeof(pstruct->var1), sizeof(pstruct->var2));
|
|
||||||
memcpy(&pstruct->p_internal_struct->ivar1, buff+(sizeof(pstruct->var1)+sizeof(pstruct->var2)), sizeof(pstruct->p_internal_struct->ivar1));
|
|
||||||
memcpy(&pstruct->p_internal_struct->ivar2, buff+(sizeof(pstruct->var1)+sizeof(pstruct->var2)+sizeof(pstruct->p_internal_struct->ivar1)), sizeof(pstruct->p_internal_struct->ivar2));
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t marshal_retval_and_output_parameters_e1_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval, external_param_struct_t *p_struct_var, size_t len_data, size_t len_ptr_data)
|
|
||||||
{
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
size_t param_len, ms_len, ret_param_len;;
|
|
||||||
char *temp_buff;
|
|
||||||
int* addr;
|
|
||||||
char* struct_data;
|
|
||||||
size_t retval_len;
|
|
||||||
|
|
||||||
if(!resp_length || !p_struct_var)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
|
|
||||||
retval_len = sizeof(retval);
|
|
||||||
struct_data = (char*)p_struct_var;
|
|
||||||
param_len = len_data + len_ptr_data;
|
|
||||||
ret_param_len = param_len + retval_len;
|
|
||||||
addr = *(int **)(struct_data + len_data);
|
|
||||||
temp_buff = (char*)malloc(ret_param_len);
|
|
||||||
if(!temp_buff)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
memcpy(temp_buff, &retval, sizeof(retval));
|
|
||||||
memcpy(temp_buff + sizeof(retval), struct_data, len_data);
|
|
||||||
memcpy(temp_buff + sizeof(retval) + len_data, addr, len_ptr_data);
|
|
||||||
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
|
|
||||||
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
{
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
ms->retval_len = (uint32_t)retval_len;
|
|
||||||
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
|
|
||||||
memcpy(&ms->ret_outparam_buff, temp_buff, ret_param_len);
|
|
||||||
*resp_buffer = (char*)ms;
|
|
||||||
*resp_length = ms_len;
|
|
||||||
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
size_t secret_data_len, ms_len;
|
|
||||||
if(!marshalled_buff_len)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
secret_data_len = sizeof(secret_data);
|
|
||||||
ms_len = sizeof(ms_in_msg_exchange_t) + secret_data_len;
|
|
||||||
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
ms->msg_type = msg_type;
|
|
||||||
ms->target_fn_id = target_fn_id;
|
|
||||||
ms->inparam_buff_len = (uint32_t)secret_data_len;
|
|
||||||
memcpy(&ms->inparam_buff, &secret_data, secret_data_len);
|
|
||||||
*marshalled_buff = (char*)ms;
|
|
||||||
*marshalled_buff_len = ms_len;
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms)
|
|
||||||
{
|
|
||||||
char* buff;
|
|
||||||
size_t len;
|
|
||||||
if(!inp_secret_data || !ms)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
buff = ms->inparam_buff;
|
|
||||||
len = ms->inparam_buff_len;
|
|
||||||
if(len != sizeof(uint32_t))
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
|
|
||||||
memcpy(inp_secret_data, buff, sizeof(uint32_t));
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response)
|
|
||||||
{
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
size_t secret_response_len, ms_len;
|
|
||||||
size_t retval_len, ret_param_len;
|
|
||||||
if(!resp_length)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
secret_response_len = sizeof(secret_response);
|
|
||||||
retval_len = secret_response_len;
|
|
||||||
ret_param_len = secret_response_len;
|
|
||||||
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
|
|
||||||
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
ms->retval_len = (uint32_t)retval_len;
|
|
||||||
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
|
|
||||||
memcpy(&ms->ret_outparam_buff, &secret_response, secret_response_len);
|
|
||||||
*resp_buffer = (char*)ms;
|
|
||||||
*resp_length = ms_len;
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response)
|
|
||||||
{
|
|
||||||
size_t retval_len;
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
if(!out_buff)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
ms = (ms_out_msg_exchange_t *)out_buff;
|
|
||||||
retval_len = ms->retval_len;
|
|
||||||
*secret_response = (char*)malloc(retval_len);
|
|
||||||
if(!*secret_response)
|
|
||||||
{
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
memcpy(*secret_response, ms->ret_outparam_buff, retval_len);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,65 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
#ifndef UTILITY_E1_H__
|
|
||||||
#define UTILITY_E1_H__
|
|
||||||
|
|
||||||
#include "stdint.h"
|
|
||||||
|
|
||||||
typedef struct _internal_param_struct_t
|
|
||||||
{
|
|
||||||
uint32_t ivar1;
|
|
||||||
uint32_t ivar2;
|
|
||||||
}internal_param_struct_t;
|
|
||||||
|
|
||||||
typedef struct _external_param_struct_t
|
|
||||||
{
|
|
||||||
uint32_t var1;
|
|
||||||
uint32_t var2;
|
|
||||||
internal_param_struct_t *p_internal_struct;
|
|
||||||
}external_param_struct_t;
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
extern "C" {
|
|
||||||
#endif
|
|
||||||
|
|
||||||
uint32_t marshal_input_parameters_e2_foo1(uint32_t target_fn_id, uint32_t msg_type, uint32_t var1, uint32_t var2, char** marshalled_buff, size_t* marshalled_buff_len);
|
|
||||||
uint32_t unmarshal_retval_and_output_parameters_e2_foo1(char* out_buff, char** retval);
|
|
||||||
uint32_t unmarshal_input_parameters_e1_foo1(external_param_struct_t *pstruct, ms_in_msg_exchange_t* ms);
|
|
||||||
uint32_t marshal_retval_and_output_parameters_e1_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval, external_param_struct_t *p_struct_var, size_t len_data, size_t len_ptr_data);
|
|
||||||
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len);
|
|
||||||
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms);
|
|
||||||
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response);
|
|
||||||
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response);
|
|
||||||
#ifdef __cplusplus
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
#endif
|
|
|
@ -1,12 +0,0 @@
|
||||||
<EnclaveConfiguration>
|
|
||||||
<ProdID>0</ProdID>
|
|
||||||
<ISVSVN>0</ISVSVN>
|
|
||||||
<StackMaxSize>0x40000</StackMaxSize>
|
|
||||||
<HeapMaxSize>0x100000</HeapMaxSize>
|
|
||||||
<TCSNum>1</TCSNum>
|
|
||||||
<TCSPolicy>1</TCSPolicy>
|
|
||||||
<!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
|
|
||||||
<DisableDebug>0</DisableDebug>
|
|
||||||
<MiscSelect>0</MiscSelect>
|
|
||||||
<MiscMask>0xFFFFFFFF</MiscMask>
|
|
||||||
</EnclaveConfiguration>
|
|
|
@ -1,339 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
// Enclave2.cpp : Defines the exported functions for the DLL application
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "Enclave2_t.h"
|
|
||||||
#include "EnclaveMessageExchange.h"
|
|
||||||
#include "error_codes.h"
|
|
||||||
#include "Utility_E2.h"
|
|
||||||
#include "sgx_thread.h"
|
|
||||||
#include "sgx_dh.h"
|
|
||||||
#include <map>
|
|
||||||
|
|
||||||
#define UNUSED(val) (void)(val)
|
|
||||||
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>g_src_session_info_map;
|
|
||||||
|
|
||||||
static uint32_t e2_foo1_wrapper(ms_in_msg_exchange_t *ms, size_t param_lenth, char** resp_buffer, size_t* resp_length);
|
|
||||||
|
|
||||||
//Function pointer table containing the list of functions that the enclave exposes
|
|
||||||
const struct {
|
|
||||||
size_t num_funcs;
|
|
||||||
const void* table[1];
|
|
||||||
} func_table = {
|
|
||||||
1,
|
|
||||||
{
|
|
||||||
(const void*)e2_foo1_wrapper,
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
//Makes use of the sample code function to establish a secure channel with the destination enclave
|
|
||||||
uint32_t test_create_session(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
dh_session_t dest_session_info;
|
|
||||||
//Core reference code function for creating a session
|
|
||||||
ke_status = create_session(src_enclave_id, dest_enclave_id,&dest_session_info);
|
|
||||||
if(ke_status == SUCCESS)
|
|
||||||
{
|
|
||||||
//Insert the session information into the map under the corresponding destination enclave id
|
|
||||||
g_src_session_info_map.insert(std::pair<sgx_enclave_id_t, dh_session_t>(dest_enclave_id, dest_session_info));
|
|
||||||
}
|
|
||||||
memset(&dest_session_info, 0, sizeof(dh_session_t));
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Makes use of the sample code function to do an enclave to enclave call (Test Vector)
|
|
||||||
uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
param_struct_t *p_struct_var, struct_var;
|
|
||||||
uint32_t target_fn_id, msg_type;
|
|
||||||
char* marshalled_inp_buff;
|
|
||||||
size_t marshalled_inp_buff_len;
|
|
||||||
char* out_buff;
|
|
||||||
size_t out_buff_len;
|
|
||||||
dh_session_t *dest_session_info;
|
|
||||||
size_t max_out_buff_size;
|
|
||||||
char* retval;
|
|
||||||
|
|
||||||
max_out_buff_size = 50;
|
|
||||||
target_fn_id = 0;
|
|
||||||
msg_type = ENCLAVE_TO_ENCLAVE_CALL;
|
|
||||||
|
|
||||||
struct_var.var1 = 0x3;
|
|
||||||
struct_var.var2 = 0x4;
|
|
||||||
p_struct_var = &struct_var;
|
|
||||||
|
|
||||||
//Marshals the input parameters for calling function foo1 in Enclave3 into a input buffer
|
|
||||||
ke_status = marshal_input_parameters_e3_foo1(target_fn_id, msg_type, p_struct_var, &marshalled_inp_buff, &marshalled_inp_buff_len);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Search the map for the session information associated with the destination enclave id passed in
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
|
|
||||||
if(it != g_src_session_info_map.end())
|
|
||||||
{
|
|
||||||
dest_session_info = &it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Core Reference Code function
|
|
||||||
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
|
|
||||||
marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
|
|
||||||
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Un-marshal the return value and output parameters from foo1 of Enclave3
|
|
||||||
ke_status = unmarshal_retval_and_output_parameters_e3_foo1(out_buff, p_struct_var, &retval);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
SAFE_FREE(retval);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Makes use of the sample code function to do a generic secret message exchange (Test Vector)
|
|
||||||
uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
uint32_t target_fn_id, msg_type;
|
|
||||||
char* marshalled_inp_buff;
|
|
||||||
size_t marshalled_inp_buff_len;
|
|
||||||
char* out_buff;
|
|
||||||
size_t out_buff_len;
|
|
||||||
dh_session_t *dest_session_info;
|
|
||||||
size_t max_out_buff_size;
|
|
||||||
char* secret_response;
|
|
||||||
uint32_t secret_data;
|
|
||||||
|
|
||||||
target_fn_id = 0;
|
|
||||||
msg_type = MESSAGE_EXCHANGE;
|
|
||||||
max_out_buff_size = 50;
|
|
||||||
secret_data = 0x12345678; //Secret Data here is shown only for purpose of demonstration.
|
|
||||||
|
|
||||||
//Marshals the secret data into a buffer
|
|
||||||
ke_status = marshal_message_exchange_request(target_fn_id, msg_type, secret_data, &marshalled_inp_buff, &marshalled_inp_buff_len);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
//Search the map for the session information associated with the destination enclave id passed in
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
|
|
||||||
if(it != g_src_session_info_map.end())
|
|
||||||
{
|
|
||||||
dest_session_info = &it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Core Reference Code function
|
|
||||||
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
|
|
||||||
marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Un-marshal the secret response data
|
|
||||||
ke_status = umarshal_message_exchange_response(out_buff, &secret_response);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
SAFE_FREE(secret_response);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
//Makes use of the sample code function to close a current session
|
|
||||||
uint32_t test_close_session(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
dh_session_t dest_session_info;
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
//Search the map for the session information associated with the destination enclave id passed in
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
|
|
||||||
if(it != g_src_session_info_map.end())
|
|
||||||
{
|
|
||||||
dest_session_info = it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
//Core reference code function for closing a session
|
|
||||||
ke_status = close_session(src_enclave_id, dest_enclave_id);
|
|
||||||
|
|
||||||
//Erase the session information associated with the destination enclave id
|
|
||||||
g_src_session_info_map.erase(dest_enclave_id);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Function that is used to verify the trust of the other enclave
|
|
||||||
//Each enclave can have its own way verifying the peer enclave identity
|
|
||||||
extern "C" uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity)
|
|
||||||
{
|
|
||||||
if(!peer_enclave_identity)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
if(peer_enclave_identity->isv_prod_id != 0 || !(peer_enclave_identity->attributes.flags & SGX_FLAGS_INITTED))
|
|
||||||
// || peer_enclave_identity->attributes.xfrm !=3)// || peer_enclave_identity->mr_signer != xx //TODO: To be hardcoded with values to check
|
|
||||||
{
|
|
||||||
return ENCLAVE_TRUST_ERROR;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
//Dispatch function that calls the approriate enclave function based on the function id
|
|
||||||
//Each enclave can have its own way of dispatching the calls from other enclave
|
|
||||||
extern "C" uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data,
|
|
||||||
size_t decrypted_data_length,
|
|
||||||
char** resp_buffer,
|
|
||||||
size_t* resp_length)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
uint32_t (*fn1)(ms_in_msg_exchange_t *ms, size_t, char**, size_t*);
|
|
||||||
if(!decrypted_data || !resp_length)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
ms = (ms_in_msg_exchange_t *)decrypted_data;
|
|
||||||
if(ms->target_fn_id >= func_table.num_funcs)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
fn1 = (uint32_t (*)(ms_in_msg_exchange_t*, size_t, char**, size_t*))func_table.table[ms->target_fn_id];
|
|
||||||
return fn1(ms, decrypted_data_length, resp_buffer, resp_length);
|
|
||||||
}
|
|
||||||
|
|
||||||
//Operates on the input secret and generates the output secret
|
|
||||||
uint32_t get_message_exchange_response(uint32_t inp_secret_data)
|
|
||||||
{
|
|
||||||
uint32_t secret_response;
|
|
||||||
|
|
||||||
//User should use more complex encryption method to protect their secret, below is just a simple example
|
|
||||||
secret_response = inp_secret_data & 0x11111111;
|
|
||||||
|
|
||||||
return secret_response;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
//Generates the response from the request message
|
|
||||||
extern "C" uint32_t message_exchange_response_generator(char* decrypted_data,
|
|
||||||
char** resp_buffer,
|
|
||||||
size_t* resp_length)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
uint32_t inp_secret_data;
|
|
||||||
uint32_t out_secret_data;
|
|
||||||
if(!decrypted_data || !resp_length)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
ms = (ms_in_msg_exchange_t *)decrypted_data;
|
|
||||||
|
|
||||||
if(umarshal_message_exchange_request(&inp_secret_data,ms) != SUCCESS)
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
|
|
||||||
out_secret_data = get_message_exchange_response(inp_secret_data);
|
|
||||||
|
|
||||||
if(marshal_message_exchange_response(resp_buffer, resp_length, out_secret_data) != SUCCESS)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
static uint32_t e2_foo1(uint32_t var1, uint32_t var2)
|
|
||||||
{
|
|
||||||
return(var1 + var2);
|
|
||||||
}
|
|
||||||
|
|
||||||
//Function which is executed on request from the source enclave
|
|
||||||
static uint32_t e2_foo1_wrapper(ms_in_msg_exchange_t *ms,
|
|
||||||
size_t param_lenth,
|
|
||||||
char** resp_buffer,
|
|
||||||
size_t* resp_length)
|
|
||||||
{
|
|
||||||
UNUSED(param_lenth);
|
|
||||||
|
|
||||||
uint32_t var1,var2,ret;
|
|
||||||
if(!ms || !resp_length)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
if(unmarshal_input_parameters_e2_foo1(&var1, &var2, ms) != SUCCESS)
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
|
|
||||||
ret = e2_foo1(var1, var2);
|
|
||||||
|
|
||||||
if(marshal_retval_and_output_parameters_e2_foo1(resp_buffer, resp_length, ret) != SUCCESS )
|
|
||||||
return MALLOC_ERROR; //can set resp buffer to null here
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
|
@ -1,43 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
enclave {
|
|
||||||
include "sgx_eid.h"
|
|
||||||
from "../LocalAttestationCode/LocalAttestationCode.edl" import *;
|
|
||||||
from "sgx_tstdc.edl" import *;
|
|
||||||
trusted{
|
|
||||||
public uint32_t test_create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
public uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
public uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
public uint32_t test_close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
};
|
|
||||||
};
|
|
|
@ -1,10 +0,0 @@
|
||||||
Enclave2.so
|
|
||||||
{
|
|
||||||
global:
|
|
||||||
g_global_data_sim;
|
|
||||||
g_global_data;
|
|
||||||
enclave_entry;
|
|
||||||
g_peak_heap_used;
|
|
||||||
local:
|
|
||||||
*;
|
|
||||||
};
|
|
|
@ -1,39 +0,0 @@
|
||||||
-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIIG4gIBAAKCAYEAroOogvsj/fZDZY8XFdkl6dJmky0lRvnWMmpeH41Bla6U1qLZ
|
|
||||||
AmZuyIF+mQC/cgojIsrBMzBxb1kKqzATF4+XwPwgKz7fmiddmHyYz2WDJfAjIveJ
|
|
||||||
ZjdMjM4+EytGlkkJ52T8V8ds0/L2qKexJ+NBLxkeQLfV8n1mIk7zX7jguwbCG1Pr
|
|
||||||
nEMdJ3Sew20vnje+RsngAzdPChoJpVsWi/K7cettX/tbnre1DL02GXc5qJoQYk7b
|
|
||||||
3zkmhz31TgFrd9VVtmUGyFXAysuSAb3EN+5VnHGr0xKkeg8utErea2FNtNIgua8H
|
|
||||||
ONfm9Eiyaav1SVKzPHlyqLtcdxH3I8Wg7yqMsaprZ1n5A1v/levxnL8+It02KseD
|
|
||||||
5HqV4rf/cImSlCt3lpRg8U5E1pyFQ2IVEC/XTDMiI3c+AR+w2jSRB3Bwn9zJtFlW
|
|
||||||
KHG3m1xGI4ck+Lci1JvWWLXQagQSPtZTsubxTQNx1gsgZhgv1JHVZMdbVlAbbRMC
|
|
||||||
1nSuJNl7KPAS/VfzAgEDAoIBgHRXxaynbVP5gkO0ug6Qw/E27wzIw4SmjsxG6Wpe
|
|
||||||
K7kfDeRskKxESdsA/xCrKkwGwhcx1iIgS5+Qscd1Yg+1D9X9asd/P7waPmWoZd+Z
|
|
||||||
AhlKwhdPsO7PiF3e1AzHhGQwsUTt/Y/aSI1MpHBvy2/s1h9mFCslOUxTmWw0oj/Q
|
|
||||||
ldIEgWeNR72CE2+jFIJIyml6ftnb6qzPiga8Bm48ubKh0kvySOqnkmnPzgh+JBD6
|
|
||||||
JnBmtZbfPT97bwTT+N6rnPqOOApvfHPf15kWI8yDbprG1l4OCUaIUH1AszxLd826
|
|
||||||
5IPM+8gINLRDP1MA6azECPjTyHXhtnSIBZCyWSVkc05vYmNXYUNiXWMajcxW9M02
|
|
||||||
wKzFELO8NCEAkaTPxwo4SCyIjUxiK1LbQ9h8PSy4c1+gGP4LAMR8xqP4QKg6zdu9
|
|
||||||
osUGG/xRe/uufgTBFkcjqBHtK5L5VI0jeNIUAgW/6iNbYXjBMJ0GfauLs+g1VsOm
|
|
||||||
WfdgXzsb9DYdMa0OXXHypmV4GwKBwQDUwQj8RKJ6c8cT4vcWCoJvJF00+RFL+P3i
|
|
||||||
Gx2DLERxRrDa8AVGfqaCjsR+3vLgG8V/py+z+dxZYSqeB80Qeo6PDITcRKoeAYh9
|
|
||||||
xlT3LJOS+k1cJcEmlbbO2IjLkTmzSwa80fWexKu8/Xv6vv15gpqYl1ngYoqJM3pd
|
|
||||||
vzmTIOi7MKSZ0WmEQavrZj8zK4endE3v0eAEeQ55j1GImbypSf7Idh7wOXtjZ7WD
|
|
||||||
Dg6yWDrri+AP/L3gClMj8wsAxMV4ZR8CgcEA0fzDHkFa6raVOxWnObmRoDhAtE0a
|
|
||||||
cjUj976NM5yyfdf2MrKy4/RhdTiPZ6b08/lBC/+xRfV3xKVGzacm6QjqjZrUpgHC
|
|
||||||
0LKiZaMtccCJjLtPwQd0jGQEnKfMFaPsnhOc5y8qVkCzVOSthY5qhz0XNotHHFmJ
|
|
||||||
gffVgB0iqrMTvSL7IA2yqqpOqNRlhaYhNl8TiFP3gIeMtVa9rZy31JPgT2uJ+kfo
|
|
||||||
gV7sdTPEjPWZd7OshGxWpT6QfVDj/T9T7L6tAoHBAI3WBf2DFvxNL2KXT2QHAZ9t
|
|
||||||
k3imC4f7U+wSE6zILaDZyzygA4RUbwG0gv8/TJVn2P/Eynf76DuWHGlaiLWnCbSz
|
|
||||||
Az2DHBQBBaku409zDQym3j1ugMRjzzSQWzJg0SIyBH3hTmnYcn3+Uqcp/lEBvGW6
|
|
||||||
O+rsXFt3pukqJmIV8HzLGGaLm62BHUeZf3dyWm+i3p/hQAL7Xvu04QW70xuGqdr5
|
|
||||||
afV7p5eaeQIJXyGQJ0eylV/90+qxjMKiB1XYg6WYvwKBwQCL/ddpgOdHJGN8uRom
|
|
||||||
e7Zq0Csi3hGheMKlKbN3vcxT5U7MdyHtTZZOJbTvxKNNUNYH/8uD+PqDGNneb29G
|
|
||||||
BfGzvI3EASyLIcGZF3OhKwZd0jUrWk2y7Vhob91jwp2+t73vdMbkKyI4mHOuXvGv
|
|
||||||
fg95si9oO7EBT+Oqvhccd2J+F1IVXncccYnF4u5ZGWt5lLewN/pVr7MjjykeaHqN
|
|
||||||
t+rfnQam2psA6fL4zS2zTmZPzR2tnY8Y1GBTi0Ko1OKd1HMCgcAb5cB/7/AQlhP9
|
|
||||||
yQa04PLH9ygQkKKptZp7dy5WcWRx0K/hAHRoi2aw1wZqfm7VBNu2SLcs90kCCCxp
|
|
||||||
6C5sfJi6b8NpNbIPC+sc9wsFr7pGo9SFzQ78UlcWYK2Gu2FxlMjonhka5hvo4zvg
|
|
||||||
WxlpXKEkaFt3gLd92m/dMqBrHfafH7VwOJY2zT3WIpjwuk0ZzmRg5p0pG/svVQEH
|
|
||||||
NZmwRwlopysbR69B/n1nefJ84UO50fLh5s5Zr3gBRwbWNZyzhXk=
|
|
||||||
-----END RSA PRIVATE KEY-----
|
|
|
@ -1,213 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "EnclaveMessageExchange.h"
|
|
||||||
#include "error_codes.h"
|
|
||||||
#include "Utility_E2.h"
|
|
||||||
#include "stdlib.h"
|
|
||||||
#include "string.h"
|
|
||||||
|
|
||||||
uint32_t marshal_input_parameters_e3_foo1(uint32_t target_fn_id, uint32_t msg_type, param_struct_t *p_struct_var, char** marshalled_buff, size_t* marshalled_buff_len)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
size_t param_len, ms_len;
|
|
||||||
char *temp_buff;
|
|
||||||
if(!p_struct_var || !marshalled_buff_len)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
param_len = sizeof(param_struct_t);
|
|
||||||
temp_buff = (char*)malloc(param_len);
|
|
||||||
if(!temp_buff)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
memcpy(temp_buff, p_struct_var, sizeof(param_struct_t)); //can be optimized
|
|
||||||
ms_len = sizeof(ms_in_msg_exchange_t) + param_len;
|
|
||||||
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
{
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
ms->msg_type = msg_type;
|
|
||||||
ms->target_fn_id = target_fn_id;
|
|
||||||
ms->inparam_buff_len = (uint32_t)param_len;
|
|
||||||
memcpy(&ms->inparam_buff, temp_buff, param_len);
|
|
||||||
*marshalled_buff = (char*)ms;
|
|
||||||
*marshalled_buff_len = ms_len;
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t unmarshal_retval_and_output_parameters_e3_foo1(char* out_buff, param_struct_t *p_struct_var, char** retval)
|
|
||||||
{
|
|
||||||
size_t retval_len;
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
if(!out_buff)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
ms = (ms_out_msg_exchange_t *)out_buff;
|
|
||||||
retval_len = ms->retval_len;
|
|
||||||
*retval = (char*)malloc(retval_len);
|
|
||||||
if(!*retval)
|
|
||||||
{
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
memcpy(*retval, ms->ret_outparam_buff, retval_len);
|
|
||||||
memcpy(&p_struct_var->var1, (ms->ret_outparam_buff) + retval_len, sizeof(p_struct_var->var1));
|
|
||||||
memcpy(&p_struct_var->var2, (ms->ret_outparam_buff) + retval_len + sizeof(p_struct_var->var1), sizeof(p_struct_var->var2));
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
uint32_t unmarshal_input_parameters_e2_foo1(uint32_t* var1, uint32_t* var2, ms_in_msg_exchange_t* ms)
|
|
||||||
{
|
|
||||||
char* buff;
|
|
||||||
size_t len;
|
|
||||||
if(!var1 || !var2 || !ms)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
|
|
||||||
buff = ms->inparam_buff;
|
|
||||||
len = ms->inparam_buff_len;
|
|
||||||
|
|
||||||
if(len != (sizeof(*var1) + sizeof(*var2)))
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
|
|
||||||
memcpy(var1, buff, sizeof(*var1));
|
|
||||||
memcpy(var2, buff + sizeof(*var1), sizeof(*var2));
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t marshal_retval_and_output_parameters_e2_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval)
|
|
||||||
{
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
size_t ret_param_len, ms_len;
|
|
||||||
char *temp_buff;
|
|
||||||
size_t retval_len;
|
|
||||||
if(!resp_length)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
retval_len = sizeof(retval);
|
|
||||||
ret_param_len = retval_len; //no out parameters
|
|
||||||
temp_buff = (char*)malloc(ret_param_len);
|
|
||||||
if(!temp_buff)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
memcpy(temp_buff, &retval, sizeof(retval));
|
|
||||||
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
|
|
||||||
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
{
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
ms->retval_len = (uint32_t)retval_len;
|
|
||||||
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
|
|
||||||
memcpy(&ms->ret_outparam_buff, temp_buff, ret_param_len);
|
|
||||||
*resp_buffer = (char*)ms;
|
|
||||||
*resp_length = ms_len;
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
size_t secret_data_len, ms_len;
|
|
||||||
if(!marshalled_buff_len)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
secret_data_len = sizeof(secret_data);
|
|
||||||
ms_len = sizeof(ms_in_msg_exchange_t) + secret_data_len;
|
|
||||||
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
ms->msg_type = msg_type;
|
|
||||||
ms->target_fn_id = target_fn_id;
|
|
||||||
ms->inparam_buff_len = (uint32_t)secret_data_len;
|
|
||||||
memcpy(&ms->inparam_buff, &secret_data, secret_data_len);
|
|
||||||
*marshalled_buff = (char*)ms;
|
|
||||||
*marshalled_buff_len = ms_len;
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms)
|
|
||||||
{
|
|
||||||
char* buff;
|
|
||||||
size_t len;
|
|
||||||
if(!inp_secret_data || !ms)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
buff = ms->inparam_buff;
|
|
||||||
len = ms->inparam_buff_len;
|
|
||||||
if(len != sizeof(uint32_t))
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
|
|
||||||
memcpy(inp_secret_data, buff, sizeof(uint32_t));
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response)
|
|
||||||
{
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
size_t secret_response_len, ms_len;
|
|
||||||
size_t retval_len, ret_param_len;
|
|
||||||
if(!resp_length)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
secret_response_len = sizeof(secret_response);
|
|
||||||
retval_len = secret_response_len;
|
|
||||||
ret_param_len = secret_response_len;
|
|
||||||
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
|
|
||||||
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
ms->retval_len = (uint32_t)retval_len;
|
|
||||||
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
|
|
||||||
memcpy(&ms->ret_outparam_buff, &secret_response, secret_response_len);
|
|
||||||
*resp_buffer = (char*)ms;
|
|
||||||
*resp_length = ms_len;
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response)
|
|
||||||
{
|
|
||||||
size_t retval_len;
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
if(!out_buff)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
ms = (ms_out_msg_exchange_t *)out_buff;
|
|
||||||
retval_len = ms->retval_len;
|
|
||||||
*secret_response = (char*)malloc(retval_len);
|
|
||||||
if(!*secret_response)
|
|
||||||
{
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
memcpy(*secret_response, ms->ret_outparam_buff, retval_len);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
|
@ -1,59 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
#ifndef UTILITY_E2_H__
|
|
||||||
#define UTILITY_E2_H__
|
|
||||||
#include "stdint.h"
|
|
||||||
|
|
||||||
typedef struct _param_struct_t
|
|
||||||
{
|
|
||||||
uint32_t var1;
|
|
||||||
uint32_t var2;
|
|
||||||
}param_struct_t;
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
extern "C" {
|
|
||||||
#endif
|
|
||||||
|
|
||||||
uint32_t marshal_input_parameters_e3_foo1(uint32_t target_fn_id, uint32_t msg_type, param_struct_t *p_struct_var, char** marshalled_buff, size_t* marshalled_buff_len);
|
|
||||||
uint32_t unmarshal_retval_and_output_parameters_e3_foo1(char* out_buff, param_struct_t *p_struct_var, char** retval);
|
|
||||||
uint32_t unmarshal_input_parameters_e2_foo1(uint32_t* var1, uint32_t* var2, ms_in_msg_exchange_t* ms);
|
|
||||||
uint32_t marshal_retval_and_output_parameters_e2_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval);
|
|
||||||
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len);
|
|
||||||
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms);
|
|
||||||
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response);
|
|
||||||
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response);
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
|
|
|
@ -1,12 +0,0 @@
|
||||||
<EnclaveConfiguration>
|
|
||||||
<ProdID>0</ProdID>
|
|
||||||
<ISVSVN>0</ISVSVN>
|
|
||||||
<StackMaxSize>0x40000</StackMaxSize>
|
|
||||||
<HeapMaxSize>0x100000</HeapMaxSize>
|
|
||||||
<TCSNum>1</TCSNum>
|
|
||||||
<TCSPolicy>1</TCSPolicy>
|
|
||||||
<!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
|
|
||||||
<DisableDebug>0</DisableDebug>
|
|
||||||
<MiscSelect>0</MiscSelect>
|
|
||||||
<MiscMask>0xFFFFFFFF</MiscMask>
|
|
||||||
</EnclaveConfiguration>
|
|
|
@ -1,366 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
// Enclave3.cpp : Defines the exported functions for the DLL application
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "Enclave3_t.h"
|
|
||||||
#include "EnclaveMessageExchange.h"
|
|
||||||
#include "error_codes.h"
|
|
||||||
#include "Utility_E3.h"
|
|
||||||
#include "sgx_thread.h"
|
|
||||||
#include "sgx_dh.h"
|
|
||||||
#include <map>
|
|
||||||
|
|
||||||
#define UNUSED(val) (void)(val)
|
|
||||||
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>g_src_session_info_map;
|
|
||||||
|
|
||||||
static uint32_t e3_foo1_wrapper(ms_in_msg_exchange_t *ms, size_t param_lenth, char** resp_buffer, size_t* resp_length);
|
|
||||||
|
|
||||||
//Function pointer table containing the list of functions that the enclave exposes
|
|
||||||
const struct {
|
|
||||||
size_t num_funcs;
|
|
||||||
const void* table[1];
|
|
||||||
} func_table = {
|
|
||||||
1,
|
|
||||||
{
|
|
||||||
(const void*)e3_foo1_wrapper,
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
//Makes use of the sample code function to establish a secure channel with the destination enclave
|
|
||||||
uint32_t test_create_session(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
dh_session_t dest_session_info;
|
|
||||||
//Core reference code function for creating a session
|
|
||||||
ke_status = create_session(src_enclave_id, dest_enclave_id,&dest_session_info);
|
|
||||||
if(ke_status == SUCCESS)
|
|
||||||
{
|
|
||||||
//Insert the session information into the map under the corresponding destination enclave id
|
|
||||||
g_src_session_info_map.insert(std::pair<sgx_enclave_id_t, dh_session_t>(dest_enclave_id, dest_session_info));
|
|
||||||
}
|
|
||||||
memset(&dest_session_info, 0, sizeof(dh_session_t));
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Makes use of the sample code function to do an enclave to enclave call (Test Vector)
|
|
||||||
uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
external_param_struct_t *p_struct_var, struct_var;
|
|
||||||
internal_param_struct_t internal_struct_var;
|
|
||||||
uint32_t target_fn_id, msg_type;
|
|
||||||
char* marshalled_inp_buff;
|
|
||||||
size_t marshalled_inp_buff_len;
|
|
||||||
char* out_buff;
|
|
||||||
size_t out_buff_len;
|
|
||||||
dh_session_t *dest_session_info;
|
|
||||||
size_t max_out_buff_size;
|
|
||||||
char* retval;
|
|
||||||
|
|
||||||
max_out_buff_size = 50;
|
|
||||||
msg_type = ENCLAVE_TO_ENCLAVE_CALL;
|
|
||||||
target_fn_id = 0;
|
|
||||||
internal_struct_var.ivar1 = 0x5;
|
|
||||||
internal_struct_var.ivar2 = 0x6;
|
|
||||||
struct_var.var1 = 0x3;
|
|
||||||
struct_var.var2 = 0x4;
|
|
||||||
struct_var.p_internal_struct = &internal_struct_var;
|
|
||||||
p_struct_var = &struct_var;
|
|
||||||
|
|
||||||
size_t len_data = sizeof(struct_var) - sizeof(struct_var.p_internal_struct);
|
|
||||||
size_t len_ptr_data = sizeof(internal_struct_var);
|
|
||||||
|
|
||||||
//Marshals the input parameters for calling function foo1 in Enclave1 into a input buffer
|
|
||||||
ke_status = marshal_input_parameters_e1_foo1(target_fn_id, msg_type, p_struct_var, len_data,
|
|
||||||
len_ptr_data, &marshalled_inp_buff, &marshalled_inp_buff_len);
|
|
||||||
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Search the map for the session information associated with the destination enclave id passed in
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
|
|
||||||
if(it != g_src_session_info_map.end())
|
|
||||||
{
|
|
||||||
dest_session_info = &it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Core Reference Code function
|
|
||||||
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info,
|
|
||||||
marshalled_inp_buff, marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
|
|
||||||
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
////Un-marshal the return value and output parameters from foo1 of Enclave1
|
|
||||||
ke_status = unmarshal_retval_and_output_parameters_e1_foo1(out_buff, p_struct_var, &retval);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
SAFE_FREE(retval);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Makes use of the sample code function to do a generic secret message exchange (Test Vector)
|
|
||||||
uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
uint32_t target_fn_id, msg_type;
|
|
||||||
char* marshalled_inp_buff;
|
|
||||||
size_t marshalled_inp_buff_len;
|
|
||||||
char* out_buff;
|
|
||||||
size_t out_buff_len;
|
|
||||||
dh_session_t *dest_session_info;
|
|
||||||
size_t max_out_buff_size;
|
|
||||||
char* secret_response;
|
|
||||||
uint32_t secret_data;
|
|
||||||
|
|
||||||
target_fn_id = 0;
|
|
||||||
msg_type = MESSAGE_EXCHANGE;
|
|
||||||
max_out_buff_size = 50;
|
|
||||||
secret_data = 0x12345678; //Secret Data here is shown only for purpose of demonstration.
|
|
||||||
|
|
||||||
//Marshals the parameters into a buffer
|
|
||||||
ke_status = marshal_message_exchange_request(target_fn_id, msg_type, secret_data, &marshalled_inp_buff, &marshalled_inp_buff_len);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
//Search the map for the session information associated with the destination enclave id passed in
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
|
|
||||||
if(it != g_src_session_info_map.end())
|
|
||||||
{
|
|
||||||
dest_session_info = &it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Core Reference Code function
|
|
||||||
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
|
|
||||||
marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
|
|
||||||
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
//Un-marshal the secret response data
|
|
||||||
ke_status = umarshal_message_exchange_response(out_buff, &secret_response);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
SAFE_FREE(secret_response);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
//Makes use of the sample code function to close a current session
|
|
||||||
uint32_t test_close_session(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
dh_session_t dest_session_info;
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
//Search the map for the session information associated with the destination enclave id passed in
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
|
|
||||||
if(it != g_src_session_info_map.end())
|
|
||||||
{
|
|
||||||
dest_session_info = it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
//Core reference code function for closing a session
|
|
||||||
ke_status = close_session(src_enclave_id, dest_enclave_id);
|
|
||||||
|
|
||||||
//Erase the session information associated with the destination enclave id
|
|
||||||
g_src_session_info_map.erase(dest_enclave_id);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Function that is used to verify the trust of the other enclave
|
|
||||||
//Each enclave can have its own way verifying the peer enclave identity
|
|
||||||
extern "C" uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity)
|
|
||||||
{
|
|
||||||
if(!peer_enclave_identity)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
if(peer_enclave_identity->isv_prod_id != 0 || !(peer_enclave_identity->attributes.flags & SGX_FLAGS_INITTED))
|
|
||||||
// || peer_enclave_identity->attributes.xfrm !=3)// || peer_enclave_identity->mr_signer != xx //TODO: To be hardcoded with values to check
|
|
||||||
{
|
|
||||||
return ENCLAVE_TRUST_ERROR;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
//Dispatch function that calls the approriate enclave function based on the function id
|
|
||||||
//Each enclave can have its own way of dispatching the calls from other enclave
|
|
||||||
extern "C" uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data,
|
|
||||||
size_t decrypted_data_length,
|
|
||||||
char** resp_buffer,
|
|
||||||
size_t* resp_length)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
uint32_t (*fn1)(ms_in_msg_exchange_t *ms, size_t, char**, size_t*);
|
|
||||||
if(!decrypted_data || !resp_length)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
ms = (ms_in_msg_exchange_t *)decrypted_data;
|
|
||||||
if(ms->target_fn_id >= func_table.num_funcs)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
fn1 = (uint32_t (*)(ms_in_msg_exchange_t*, size_t, char**, size_t*))func_table.table[ms->target_fn_id];
|
|
||||||
return fn1(ms, decrypted_data_length, resp_buffer, resp_length);
|
|
||||||
}
|
|
||||||
|
|
||||||
//Operates on the input secret and generates the output secret
|
|
||||||
uint32_t get_message_exchange_response(uint32_t inp_secret_data)
|
|
||||||
{
|
|
||||||
uint32_t secret_response;
|
|
||||||
|
|
||||||
//User should use more complex encryption method to protect their secret, below is just a simple example
|
|
||||||
secret_response = inp_secret_data & 0x11111111;
|
|
||||||
|
|
||||||
return secret_response;
|
|
||||||
|
|
||||||
}
|
|
||||||
//Generates the response from the request message
|
|
||||||
extern "C" uint32_t message_exchange_response_generator(char* decrypted_data,
|
|
||||||
char** resp_buffer,
|
|
||||||
size_t* resp_length)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
uint32_t inp_secret_data;
|
|
||||||
uint32_t out_secret_data;
|
|
||||||
if(!decrypted_data || !resp_length)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
ms = (ms_in_msg_exchange_t *)decrypted_data;
|
|
||||||
|
|
||||||
if(umarshal_message_exchange_request(&inp_secret_data,ms) != SUCCESS)
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
|
|
||||||
out_secret_data = get_message_exchange_response(inp_secret_data);
|
|
||||||
|
|
||||||
if(marshal_message_exchange_response(resp_buffer, resp_length, out_secret_data) != SUCCESS)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
static uint32_t e3_foo1(param_struct_t *p_struct_var)
|
|
||||||
{
|
|
||||||
if(!p_struct_var)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
p_struct_var->var1++;
|
|
||||||
p_struct_var->var2++;
|
|
||||||
|
|
||||||
return(p_struct_var->var1 * p_struct_var->var2);
|
|
||||||
}
|
|
||||||
|
|
||||||
//Function which is executed on request from the source enclave
|
|
||||||
static uint32_t e3_foo1_wrapper(ms_in_msg_exchange_t *ms,
|
|
||||||
size_t param_lenth,
|
|
||||||
char** resp_buffer,
|
|
||||||
size_t* resp_length)
|
|
||||||
{
|
|
||||||
UNUSED(param_lenth);
|
|
||||||
|
|
||||||
uint32_t ret;
|
|
||||||
param_struct_t *p_struct_var;
|
|
||||||
if(!ms || !resp_length)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
p_struct_var = (param_struct_t*)malloc(sizeof(param_struct_t));
|
|
||||||
if(!p_struct_var)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
if(unmarshal_input_parameters_e3_foo1(p_struct_var, ms) != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(p_struct_var);
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = e3_foo1(p_struct_var);
|
|
||||||
|
|
||||||
if(marshal_retval_and_output_parameters_e3_foo1(resp_buffer, resp_length, ret, p_struct_var) != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(p_struct_var);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
SAFE_FREE(p_struct_var);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
|
@ -1,42 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
enclave {
|
|
||||||
include "sgx_eid.h"
|
|
||||||
from "../LocalAttestationCode/LocalAttestationCode.edl" import *;
|
|
||||||
from "sgx_tstdc.edl" import *;
|
|
||||||
trusted{
|
|
||||||
public uint32_t test_create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
public uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
public uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
public uint32_t test_close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
};
|
|
||||||
};
|
|
|
@ -1,10 +0,0 @@
|
||||||
Enclave3.so
|
|
||||||
{
|
|
||||||
global:
|
|
||||||
g_global_data_sim;
|
|
||||||
g_global_data;
|
|
||||||
enclave_entry;
|
|
||||||
g_peak_heap_used;
|
|
||||||
local:
|
|
||||||
*;
|
|
||||||
};
|
|
|
@ -1,39 +0,0 @@
|
||||||
-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIIG4wIBAAKCAYEA0MvI9NpdP4GEqCvtlJQv00OybzTXzxBhPu/257VYt9cYw/ph
|
|
||||||
BN1WRyxBBcrZs15xmcvlb3xNmFGWs4w5oUgrFBNgi6g+CUOCsj0cM8xw7P/y3K0H
|
|
||||||
XaZUf+T3CXCp8NvlkZHzfdWAFA5lGGR9g6kmuk7SojE3h87Zm1KjPU/PvAe+BaMU
|
|
||||||
trlRr4gPNVnu19Vho60xwuswPxfl/pBFUIk7qWEUR3l2hiqWMeLgf3Ays/WSnkXA
|
|
||||||
uijwPt5g0hxsgIlyDrI3jKbf0zkFB56jvPwSykfU8aw4Gkbo5qSZxUAKnwH2L8Uf
|
|
||||||
yM6inBaaYtM79icRwsu45Yt6X0GAt7CSb/1TKBrnm5exmK1sug3YSQ/YuK1FYawU
|
|
||||||
vIaDD0YfzOndTNVBewA+Hr5xNPvqGJoRKHuGbyu2lI9jrKYpVxQWsmx38wnxF6kE
|
|
||||||
zX6N4m7KZiLeLpDdBVQtLuOzIdIE4wT3t/ckeqElxO/1Ut9bj765GcTTrYwMKHRw
|
|
||||||
ukWIH7ZtHtAjj0KzAgEDAoIBgQCLMoX4kZN/q63Fcp5jDXU3gnb0zeU0tZYp9U9F
|
|
||||||
I5B6j2XX/ECt6OQvctYD3JEiPvZmh+5KUt5li7nNCCZrhXINYkBdGtQGLQHMKL13
|
|
||||||
3aCd//c9yK+TxDhVQ09boHFLPUO2YUz+jlVitENlmFOtG28m3zcWy3paieZnjGzT
|
|
||||||
iop9Wn6ubLh50OEfsAojkUnlOOvCc3aB8iAqD+6ptYOLBifGQLgvpk8EHGQhQer/
|
|
||||||
oCHNTmG+2SsmxfV/Pus2vZ2rBkrUbZU0hwrnvKOIPhnt3Qwtmx9xsC67jF+MpWko
|
|
||||||
UisJXC27FAGz2gpIGMhBp35HEppwG9hhCuMQdK2g62bvweyr1tC4qOVdQrKvhksN
|
|
||||||
r6CMjS9eSXvmWdF7lU4oxStN0V56/LICSIsLbggUaxTPKhAVEgfTSqwEJoQuFA3Q
|
|
||||||
4GmgTydPhcRH1L/lhbWJqZQm7V1Gt+5i5J6iATD32uNQQ2iZi5GsUhr+jZC+WlE5
|
|
||||||
6lS813cRNiaK52HIk62bG7IXOksCgcEA+6RxZhQ5GaCPYZNsk7TqxqsKopXKoYAr
|
|
||||||
2R4KWuexJTd+1kcNMk0ETX8OSgpY2cYL2uPFWmdutxPpLfpr8S2u92Da/Wxs70Ti
|
|
||||||
QSb0426ybTmnS5L7nOnGOHiddXILhW175liAszTeoR7nQ6vpr9YjfcnrXiB8bKIm
|
|
||||||
akft2DQoxrBPzEe9tA8gfkyDTsSG2j7kncSbvYRtkKcJOmmypotVU6uhRPSrSXCc
|
|
||||||
J59uBQkg6Bk4CKA1mz8ctG07MluFY0/ZAoHBANRpZlfIFl39gFmuEER7lb80GySO
|
|
||||||
J190LbqOca3dGOvAMsDgEAi6juJyX7ZNpbHFHj++LvmTtw9+kxhVDBcswS7304kt
|
|
||||||
7J2EfnGdctEZtXif1wiq30YWAp1tjRpQENKtt9wssmgcwgK39rZNiEHmStHGv3l+
|
|
||||||
5TnKPKeuFCDnsLvi5lQYoK2wTYvZtsjf+Rnt7H17q90IV54pMjTS8BkGskCkKf2A
|
|
||||||
IYuaZkqX0T3cM6ovoYYDAU6rWL5rrYPLEwkbawKBwQCnwvZEDXtmawpBDPMNI0cv
|
|
||||||
HLHBuTHBAB07aVw8mnYYz6nkL14hiK2I/17cBuXmhAfnQoORmknPYptz/Ef2HnSk
|
|
||||||
6zyo8vNKLewrb03s9Hbze8TdDKe98S7QUGj49rJY86fu5asiIz8WFJotHUZ1OWz+
|
|
||||||
hpzpav2dwW7xhUk6zXCEdYqIL9PNX2r+3azfLa88Ke2+gxJ+WEkLGgYm8SHEXOON
|
|
||||||
HRYt+HIw9b1vv56uBhXwENAFwCO81L3Nnid2565CNTsCgcEAjZuZj9q5k/5VkR61
|
|
||||||
gv0Of3gSGF7E6k1z0bRLyT4QnSrMgJVgBdG0lvbqeYkZIS4UKn7J+7fPX6m3ZY4I
|
|
||||||
D3MrdKU3sMlIaQL+9mj3NhEjpb/ksHHqLrlXE55eEYq14cklPXMhmr3WrHqkeYkF
|
|
||||||
gUQx4S8qUP9De9wob8liwJp10pdEOBBrHnWJB+Z52z/7Zp6dqP0dPgWPvsYheIyg
|
|
||||||
EK8hgG1xU6rBB7xEMbqLfpLNHB/BBAIA3xzl1EfJAodiBhJHAoHAeTS2znDHYayI
|
|
||||||
TvK86tBAPVORiBVTSdRUONdGF3dipo24hyeyrI5MtiOoMc3sKWXnSTkDQWa3WiPx
|
|
||||||
qStBmmO/SbGTuz7T6+oOwGeMiYzYBe87Ayn8Y0KYYshFikieJbGusHjUlIGmCVPy
|
|
||||||
UHrDMYGwFGUGBwW47gBsnZa+YPHtxWCPDe/U80et2Trx0RXJJQPmupAVMSiJWObI
|
|
||||||
9k5gRU+xDqkHanyD1gkGGwhFTUNX94EJEOdQEWw3hxLnVtePoke/
|
|
||||||
-----END RSA PRIVATE KEY-----
|
|
|
@ -1,223 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "EnclaveMessageExchange.h"
|
|
||||||
#include "error_codes.h"
|
|
||||||
#include "Utility_E3.h"
|
|
||||||
#include "stdlib.h"
|
|
||||||
#include "string.h"
|
|
||||||
|
|
||||||
uint32_t marshal_input_parameters_e1_foo1(uint32_t target_fn_id, uint32_t msg_type, external_param_struct_t *p_struct_var, size_t len_data, size_t len_ptr_data, char** marshalled_buff, size_t* marshalled_buff_len)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
size_t param_len, ms_len;
|
|
||||||
char *temp_buff;
|
|
||||||
int* addr;
|
|
||||||
char* struct_data;
|
|
||||||
if(!p_struct_var || !marshalled_buff_len)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
struct_data = (char*)p_struct_var;
|
|
||||||
temp_buff = (char*)malloc(len_data + len_ptr_data);
|
|
||||||
if(!temp_buff)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
memcpy(temp_buff, struct_data, len_data);
|
|
||||||
addr = *(int **)(struct_data + len_data);
|
|
||||||
memcpy(temp_buff + len_data, addr, len_ptr_data); //can be optimized
|
|
||||||
param_len = len_data + len_ptr_data;
|
|
||||||
ms_len = sizeof(ms_in_msg_exchange_t) + param_len;
|
|
||||||
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
{
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
ms->msg_type = msg_type;
|
|
||||||
ms->target_fn_id = target_fn_id;
|
|
||||||
ms->inparam_buff_len = (uint32_t)param_len;
|
|
||||||
memcpy(&ms->inparam_buff, temp_buff, param_len);
|
|
||||||
*marshalled_buff = (char*)ms;
|
|
||||||
*marshalled_buff_len = ms_len;
|
|
||||||
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t marshal_retval_and_output_parameters_e3_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval, param_struct_t *p_struct_var)
|
|
||||||
{
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
size_t ret_param_len, ms_len;
|
|
||||||
char *temp_buff;
|
|
||||||
size_t retval_len;
|
|
||||||
if(!resp_length || !p_struct_var)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
retval_len = sizeof(retval);
|
|
||||||
ret_param_len = sizeof(retval) + sizeof(param_struct_t);
|
|
||||||
temp_buff = (char*)malloc(ret_param_len);
|
|
||||||
if(!temp_buff)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
memcpy(temp_buff, &retval, sizeof(retval));
|
|
||||||
memcpy(temp_buff + sizeof(retval), p_struct_var, sizeof(param_struct_t));
|
|
||||||
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
|
|
||||||
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
{
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
ms->retval_len = (uint32_t)retval_len;
|
|
||||||
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
|
|
||||||
memcpy(&ms->ret_outparam_buff, temp_buff, ret_param_len);
|
|
||||||
*resp_buffer = (char*)ms;
|
|
||||||
*resp_length = ms_len;
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t unmarshal_input_parameters_e3_foo1(param_struct_t *pstruct, ms_in_msg_exchange_t* ms)
|
|
||||||
{
|
|
||||||
char* buff;
|
|
||||||
size_t len;
|
|
||||||
if(!pstruct || !ms)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
buff = ms->inparam_buff;
|
|
||||||
len = ms->inparam_buff_len;
|
|
||||||
|
|
||||||
if(len != (sizeof(pstruct->var1) + sizeof(pstruct->var2)))
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
|
|
||||||
memcpy(&pstruct->var1, buff, sizeof(pstruct->var1));
|
|
||||||
memcpy(&pstruct->var2, buff + sizeof(pstruct->var1), sizeof(pstruct->var2));
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
uint32_t unmarshal_retval_and_output_parameters_e1_foo1(char* out_buff, external_param_struct_t *p_struct_var, char** retval)
|
|
||||||
{
|
|
||||||
size_t retval_len;
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
if(!out_buff || !p_struct_var)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
ms = (ms_out_msg_exchange_t *)out_buff;
|
|
||||||
retval_len = ms->retval_len;
|
|
||||||
*retval = (char*)malloc(retval_len);
|
|
||||||
if(!*retval)
|
|
||||||
{
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
memcpy(*retval, ms->ret_outparam_buff, retval_len);
|
|
||||||
memcpy(&p_struct_var->var1, (ms->ret_outparam_buff) + retval_len, sizeof(p_struct_var->var1));
|
|
||||||
memcpy(&p_struct_var->var2, (ms->ret_outparam_buff) + retval_len + sizeof(p_struct_var->var1), sizeof(p_struct_var->var2));
|
|
||||||
memcpy(&p_struct_var->p_internal_struct->ivar1, (ms->ret_outparam_buff) + retval_len + sizeof(p_struct_var->var1)+ sizeof(p_struct_var->var2), sizeof(p_struct_var->p_internal_struct->ivar1));
|
|
||||||
memcpy(&p_struct_var->p_internal_struct->ivar2, (ms->ret_outparam_buff) + retval_len + sizeof(p_struct_var->var1)+ sizeof(p_struct_var->var2) + sizeof(p_struct_var->p_internal_struct->ivar1), sizeof(p_struct_var->p_internal_struct->ivar2));
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
size_t secret_data_len, ms_len;
|
|
||||||
if(!marshalled_buff_len)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
secret_data_len = sizeof(secret_data);
|
|
||||||
ms_len = sizeof(ms_in_msg_exchange_t) + secret_data_len;
|
|
||||||
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
ms->msg_type = msg_type;
|
|
||||||
ms->target_fn_id = target_fn_id;
|
|
||||||
ms->inparam_buff_len = (uint32_t)secret_data_len;
|
|
||||||
memcpy(&ms->inparam_buff, &secret_data, secret_data_len);
|
|
||||||
|
|
||||||
*marshalled_buff = (char*)ms;
|
|
||||||
*marshalled_buff_len = ms_len;
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms)
|
|
||||||
{
|
|
||||||
char* buff;
|
|
||||||
size_t len;
|
|
||||||
if(!inp_secret_data || !ms)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
buff = ms->inparam_buff;
|
|
||||||
len = ms->inparam_buff_len;
|
|
||||||
|
|
||||||
if(len != sizeof(uint32_t))
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
|
|
||||||
memcpy(inp_secret_data, buff, sizeof(uint32_t));
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response)
|
|
||||||
{
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
size_t secret_response_len, ms_len;
|
|
||||||
size_t retval_len, ret_param_len;
|
|
||||||
if(!resp_length)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
secret_response_len = sizeof(secret_response);
|
|
||||||
retval_len = secret_response_len;
|
|
||||||
ret_param_len = secret_response_len;
|
|
||||||
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
|
|
||||||
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
ms->retval_len = (uint32_t)retval_len;
|
|
||||||
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
|
|
||||||
memcpy(&ms->ret_outparam_buff, &secret_response, secret_response_len);
|
|
||||||
*resp_buffer = (char*)ms;
|
|
||||||
*resp_length = ms_len;
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response)
|
|
||||||
{
|
|
||||||
size_t retval_len;
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
if(!out_buff)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
ms = (ms_out_msg_exchange_t *)out_buff;
|
|
||||||
retval_len = ms->retval_len;
|
|
||||||
*secret_response = (char*)malloc(retval_len);
|
|
||||||
if(!*secret_response)
|
|
||||||
{
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
memcpy(*secret_response, ms->ret_outparam_buff, retval_len);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,73 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
#ifndef UTILITY_E3_H__
|
|
||||||
#define UTILITY_E3_H__
|
|
||||||
|
|
||||||
#include "stdint.h"
|
|
||||||
|
|
||||||
|
|
||||||
typedef struct _internal_param_struct_t
|
|
||||||
{
|
|
||||||
uint32_t ivar1;
|
|
||||||
uint32_t ivar2;
|
|
||||||
}internal_param_struct_t;
|
|
||||||
|
|
||||||
typedef struct _external_param_struct_t
|
|
||||||
{
|
|
||||||
uint32_t var1;
|
|
||||||
uint32_t var2;
|
|
||||||
internal_param_struct_t *p_internal_struct;
|
|
||||||
}external_param_struct_t;
|
|
||||||
|
|
||||||
typedef struct _param_struct_t
|
|
||||||
{
|
|
||||||
uint32_t var1;
|
|
||||||
uint32_t var2;
|
|
||||||
}param_struct_t;
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
extern "C" {
|
|
||||||
#endif
|
|
||||||
|
|
||||||
uint32_t marshal_input_parameters_e1_foo1(uint32_t target_fn_id, uint32_t msg_type, external_param_struct_t *p_struct_var, size_t len_data, size_t len_ptr_data, char** marshalled_buff, size_t* marshalled_buff_len);
|
|
||||||
uint32_t unmarshal_retval_and_output_parameters_e1_foo1(char* out_buff, external_param_struct_t *p_struct_var, char** retval);
|
|
||||||
uint32_t unmarshal_input_parameters_e3_foo1(param_struct_t *pstruct, ms_in_msg_exchange_t* ms);
|
|
||||||
uint32_t marshal_retval_and_output_parameters_e3_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval, param_struct_t *p_struct_var);
|
|
||||||
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len);
|
|
||||||
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms);
|
|
||||||
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response);
|
|
||||||
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response);
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
#endif
|
|
|
@ -1,68 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
#ifndef _DH_SESSION_PROROCOL_H
|
|
||||||
#define _DH_SESSION_PROROCOL_H
|
|
||||||
|
|
||||||
#include "sgx_ecp_types.h"
|
|
||||||
#include "sgx_key.h"
|
|
||||||
#include "sgx_report.h"
|
|
||||||
#include "sgx_attributes.h"
|
|
||||||
|
|
||||||
#define NONCE_SIZE 16
|
|
||||||
#define MAC_SIZE 16
|
|
||||||
|
|
||||||
#define MSG_BUF_LEN sizeof(ec_pub_t)*2
|
|
||||||
#define MSG_HASH_SZ 32
|
|
||||||
|
|
||||||
|
|
||||||
//Session information structure
|
|
||||||
typedef struct _la_dh_session_t
|
|
||||||
{
|
|
||||||
uint32_t session_id; //Identifies the current session
|
|
||||||
uint32_t status; //Indicates session is in progress, active or closed
|
|
||||||
union
|
|
||||||
{
|
|
||||||
struct
|
|
||||||
{
|
|
||||||
sgx_dh_session_t dh_session;
|
|
||||||
}in_progress;
|
|
||||||
|
|
||||||
struct
|
|
||||||
{
|
|
||||||
sgx_key_128bit_t AEK; //Session Key
|
|
||||||
uint32_t counter; //Used to store Message Sequence Number
|
|
||||||
}active;
|
|
||||||
};
|
|
||||||
} dh_session_t;
|
|
||||||
|
|
||||||
|
|
||||||
#endif
|
|
|
@ -1,760 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
#include "sgx_trts.h"
|
|
||||||
#include "sgx_utils.h"
|
|
||||||
#include "EnclaveMessageExchange.h"
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "error_codes.h"
|
|
||||||
#include "sgx_ecp_types.h"
|
|
||||||
#include "sgx_thread.h"
|
|
||||||
#include <map>
|
|
||||||
#include "dh_session_protocol.h"
|
|
||||||
#include "sgx_dh.h"
|
|
||||||
#include "sgx_tcrypto.h"
|
|
||||||
#include "LocalAttestationCode_t.h"
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
extern "C" {
|
|
||||||
#endif
|
|
||||||
|
|
||||||
uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data, size_t decrypted_data_length, char** resp_buffer, size_t* resp_length);
|
|
||||||
uint32_t message_exchange_response_generator(char* decrypted_data, char** resp_buffer, size_t* resp_length);
|
|
||||||
uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity);
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#define MAX_SESSION_COUNT 16
|
|
||||||
|
|
||||||
//number of open sessions
|
|
||||||
uint32_t g_session_count = 0;
|
|
||||||
|
|
||||||
ATTESTATION_STATUS generate_session_id(uint32_t *session_id);
|
|
||||||
ATTESTATION_STATUS end_session(sgx_enclave_id_t src_enclave_id);
|
|
||||||
|
|
||||||
//Array of open session ids
|
|
||||||
session_id_tracker_t *g_session_id_tracker[MAX_SESSION_COUNT];
|
|
||||||
|
|
||||||
//Map between the source enclave id and the session information associated with that particular session
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>g_dest_session_info_map;
|
|
||||||
|
|
||||||
//Create a session with the destination enclave
|
|
||||||
ATTESTATION_STATUS create_session(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id,
|
|
||||||
dh_session_t *session_info)
|
|
||||||
{
|
|
||||||
ocall_print_string("[ECALL] create_session()\n");
|
|
||||||
sgx_dh_msg1_t dh_msg1; //Diffie-Hellman Message 1
|
|
||||||
sgx_key_128bit_t dh_aek; // Session Key
|
|
||||||
sgx_dh_msg2_t dh_msg2; //Diffie-Hellman Message 2
|
|
||||||
sgx_dh_msg3_t dh_msg3; //Diffie-Hellman Message 3
|
|
||||||
uint32_t session_id;
|
|
||||||
uint32_t retstatus;
|
|
||||||
sgx_status_t status = SGX_SUCCESS;
|
|
||||||
sgx_dh_session_t sgx_dh_session;
|
|
||||||
sgx_dh_session_enclave_identity_t responder_identity;
|
|
||||||
// for exchange report
|
|
||||||
// ATTESTATION_STATUS status = SUCCESS;
|
|
||||||
sgx_dh_session_enclave_identity_t initiator_identity;
|
|
||||||
|
|
||||||
if(!session_info)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
|
|
||||||
memset(&dh_msg1, 0, sizeof(sgx_dh_msg1_t));
|
|
||||||
memset(&dh_msg2, 0, sizeof(sgx_dh_msg2_t));
|
|
||||||
memset(&dh_msg3, 0, sizeof(sgx_dh_msg3_t));
|
|
||||||
memset(session_info, 0, sizeof(dh_session_t));
|
|
||||||
|
|
||||||
//Intialize the session as a session responder
|
|
||||||
ocall_print_string("[ECALL] Initializing the session as session responder...\n");
|
|
||||||
status = sgx_dh_init_session(SGX_DH_SESSION_RESPONDER, &sgx_dh_session);
|
|
||||||
if(SGX_SUCCESS != status)
|
|
||||||
{
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//get a new SessionID
|
|
||||||
ocall_print_string("[ECALL] Getting a new SessionID\n");
|
|
||||||
if ((status = (sgx_status_t)generate_session_id(&session_id)) != SUCCESS)
|
|
||||||
return status; //no more sessions available
|
|
||||||
|
|
||||||
//Allocate memory for the session id tracker
|
|
||||||
g_session_id_tracker[session_id] = (session_id_tracker_t *)malloc(sizeof(session_id_tracker_t));
|
|
||||||
if(!g_session_id_tracker[session_id])
|
|
||||||
{
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(g_session_id_tracker[session_id], 0, sizeof(session_id_tracker_t));
|
|
||||||
g_session_id_tracker[session_id]->session_id = session_id;
|
|
||||||
session_info->status = IN_PROGRESS;
|
|
||||||
|
|
||||||
//Generate Message1 that will be returned to Source Enclave
|
|
||||||
ocall_print_string("[ECALL] Generating message1 that will be passed to session initiator\n");
|
|
||||||
status = sgx_dh_responder_gen_msg1((sgx_dh_msg1_t*)&dh_msg1, &sgx_dh_session);
|
|
||||||
if(SGX_SUCCESS != status)
|
|
||||||
{
|
|
||||||
SAFE_FREE(g_session_id_tracker[session_id]);
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
memcpy(&session_info->in_progress.dh_session, &sgx_dh_session, sizeof(sgx_dh_session_t));
|
|
||||||
//Store the session information under the correspoding source enlave id key
|
|
||||||
g_dest_session_info_map.insert(std::pair<sgx_enclave_id_t, dh_session_t>(0, *session_info));
|
|
||||||
|
|
||||||
// pass session id and msg1 to shared memory
|
|
||||||
// ocall_print_string("Entering session_request_ocall for IPC\n");
|
|
||||||
status = session_request_ocall(&retstatus, src_enclave_id, dest_enclave_id, &dh_msg1, &session_id);
|
|
||||||
if (status == SGX_SUCCESS)
|
|
||||||
{
|
|
||||||
if ((ATTESTATION_STATUS)retstatus != SUCCESS)
|
|
||||||
return ((ATTESTATION_STATUS)retstatus);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return ATTESTATION_SE_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
// starts report exchange
|
|
||||||
|
|
||||||
//first retrieve msg2 from initiator
|
|
||||||
status = exchange_report_ocall(&retstatus, src_enclave_id, dest_enclave_id, &dh_msg2, NULL, session_id);
|
|
||||||
|
|
||||||
dh_msg3.msg3_body.additional_prop_length = 0;
|
|
||||||
//Process message 2 from source enclave and obtain message 3
|
|
||||||
ocall_print_string("[ECALL] Processing message2 from Enclave1(Initiator) and obtain message3\n");
|
|
||||||
sgx_status_t se_ret = sgx_dh_responder_proc_msg2(&dh_msg2,
|
|
||||||
&dh_msg3,
|
|
||||||
&sgx_dh_session,
|
|
||||||
&dh_aek,
|
|
||||||
&initiator_identity);
|
|
||||||
|
|
||||||
if(SGX_SUCCESS != se_ret)
|
|
||||||
{
|
|
||||||
status = se_ret;
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Verify source enclave's trust
|
|
||||||
ocall_print_string("[ECALL] Verifying Enclave1(Initiator)'s trust\n");
|
|
||||||
if(verify_peer_enclave_trust(&initiator_identity) != SUCCESS)
|
|
||||||
{
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
status = exchange_report_ocall(&retstatus, src_enclave_id, dest_enclave_id, &dh_msg2, &dh_msg3, session_id);
|
|
||||||
|
|
||||||
if (status == SGX_SUCCESS)
|
|
||||||
{
|
|
||||||
if ((ATTESTATION_STATUS)retstatus != SUCCESS)
|
|
||||||
return ((ATTESTATION_STATUS)retstatus);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return ATTESTATION_SE_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Handle the request from Source Enclave for a session
|
|
||||||
ATTESTATION_STATUS session_request(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_dh_msg1_t *dh_msg1,
|
|
||||||
uint32_t *session_id )
|
|
||||||
{
|
|
||||||
ocall_print_string("Testing session_request()\n");
|
|
||||||
dh_session_t session_info;
|
|
||||||
sgx_dh_session_t sgx_dh_session;
|
|
||||||
sgx_status_t status = SGX_SUCCESS;
|
|
||||||
|
|
||||||
if(!session_id || !dh_msg1)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
//Intialize the session as a session responder
|
|
||||||
status = sgx_dh_init_session(SGX_DH_SESSION_RESPONDER, &sgx_dh_session);
|
|
||||||
if(SGX_SUCCESS != status)
|
|
||||||
{
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//get a new SessionID
|
|
||||||
if ((status = (sgx_status_t)generate_session_id(session_id)) != SUCCESS)
|
|
||||||
return status; //no more sessions available
|
|
||||||
|
|
||||||
//Allocate memory for the session id tracker
|
|
||||||
g_session_id_tracker[*session_id] = (session_id_tracker_t *)malloc(sizeof(session_id_tracker_t));
|
|
||||||
if(!g_session_id_tracker[*session_id])
|
|
||||||
{
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(g_session_id_tracker[*session_id], 0, sizeof(session_id_tracker_t));
|
|
||||||
g_session_id_tracker[*session_id]->session_id = *session_id;
|
|
||||||
session_info.status = IN_PROGRESS;
|
|
||||||
|
|
||||||
//Generate Message1 that will be returned to Source Enclave
|
|
||||||
status = sgx_dh_responder_gen_msg1((sgx_dh_msg1_t*)dh_msg1, &sgx_dh_session);
|
|
||||||
if(SGX_SUCCESS != status)
|
|
||||||
{
|
|
||||||
SAFE_FREE(g_session_id_tracker[*session_id]);
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
memcpy(&session_info.in_progress.dh_session, &sgx_dh_session, sizeof(sgx_dh_session_t));
|
|
||||||
//Store the session information under the correspoding source enlave id key
|
|
||||||
g_dest_session_info_map.insert(std::pair<sgx_enclave_id_t, dh_session_t>(src_enclave_id, session_info));
|
|
||||||
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Verify Message 2, generate Message3 and exchange Message 3 with Source Enclave
|
|
||||||
ATTESTATION_STATUS exchange_report(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_dh_msg2_t *dh_msg2,
|
|
||||||
sgx_dh_msg3_t *dh_msg3,
|
|
||||||
uint32_t session_id)
|
|
||||||
{
|
|
||||||
|
|
||||||
sgx_key_128bit_t dh_aek; // Session key
|
|
||||||
dh_session_t *session_info;
|
|
||||||
ATTESTATION_STATUS status = SUCCESS;
|
|
||||||
sgx_dh_session_t sgx_dh_session;
|
|
||||||
sgx_dh_session_enclave_identity_t initiator_identity;
|
|
||||||
|
|
||||||
if(!dh_msg2 || !dh_msg3)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
|
|
||||||
do
|
|
||||||
{
|
|
||||||
//Retreive the session information for the corresponding source enclave id
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_dest_session_info_map.find(src_enclave_id);
|
|
||||||
if(it != g_dest_session_info_map.end())
|
|
||||||
{
|
|
||||||
session_info = &it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
status = INVALID_SESSION;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(session_info->status != IN_PROGRESS)
|
|
||||||
{
|
|
||||||
status = INVALID_SESSION;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
memcpy(&sgx_dh_session, &session_info->in_progress.dh_session, sizeof(sgx_dh_session_t));
|
|
||||||
|
|
||||||
dh_msg3->msg3_body.additional_prop_length = 0;
|
|
||||||
//Process message 2 from source enclave and obtain message 3
|
|
||||||
sgx_status_t se_ret = sgx_dh_responder_proc_msg2(dh_msg2,
|
|
||||||
dh_msg3,
|
|
||||||
&sgx_dh_session,
|
|
||||||
&dh_aek,
|
|
||||||
&initiator_identity);
|
|
||||||
if(SGX_SUCCESS != se_ret)
|
|
||||||
{
|
|
||||||
status = se_ret;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Verify source enclave's trust
|
|
||||||
if(verify_peer_enclave_trust(&initiator_identity) != SUCCESS)
|
|
||||||
{
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
//save the session ID, status and initialize the session nonce
|
|
||||||
session_info->session_id = session_id;
|
|
||||||
session_info->status = ACTIVE;
|
|
||||||
session_info->active.counter = 0;
|
|
||||||
memcpy(session_info->active.AEK, &dh_aek, sizeof(sgx_key_128bit_t));
|
|
||||||
memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
|
|
||||||
g_session_count++;
|
|
||||||
}while(0);
|
|
||||||
|
|
||||||
if(status != SUCCESS)
|
|
||||||
{
|
|
||||||
end_session(src_enclave_id);
|
|
||||||
}
|
|
||||||
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Request for the response size, send the request message to the destination enclave and receive the response message back
|
|
||||||
ATTESTATION_STATUS send_request_receive_response(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id,
|
|
||||||
dh_session_t *session_info,
|
|
||||||
char *inp_buff,
|
|
||||||
size_t inp_buff_len,
|
|
||||||
size_t max_out_buff_size,
|
|
||||||
char **out_buff,
|
|
||||||
size_t* out_buff_len)
|
|
||||||
{
|
|
||||||
const uint8_t* plaintext;
|
|
||||||
uint32_t plaintext_length;
|
|
||||||
sgx_status_t status;
|
|
||||||
uint32_t retstatus;
|
|
||||||
secure_message_t* req_message;
|
|
||||||
secure_message_t* resp_message;
|
|
||||||
uint8_t *decrypted_data;
|
|
||||||
uint32_t decrypted_data_length;
|
|
||||||
uint32_t plain_text_offset;
|
|
||||||
uint8_t l_tag[TAG_SIZE];
|
|
||||||
size_t max_resp_message_length;
|
|
||||||
plaintext = (const uint8_t*)(" ");
|
|
||||||
plaintext_length = 0;
|
|
||||||
|
|
||||||
if(!session_info || !inp_buff)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
//Check if the nonce for the session has not exceeded 2^32-2 if so end session and start a new session
|
|
||||||
if(session_info->active.counter == ((uint32_t) - 2))
|
|
||||||
{
|
|
||||||
close_session(src_enclave_id, dest_enclave_id);
|
|
||||||
create_session(src_enclave_id, dest_enclave_id, session_info);
|
|
||||||
}
|
|
||||||
|
|
||||||
//Allocate memory for the AES-GCM request message
|
|
||||||
req_message = (secure_message_t*)malloc(sizeof(secure_message_t)+ inp_buff_len);
|
|
||||||
if(!req_message)
|
|
||||||
{
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(req_message,0,sizeof(secure_message_t)+ inp_buff_len);
|
|
||||||
const uint32_t data2encrypt_length = (uint32_t)inp_buff_len;
|
|
||||||
//Set the payload size to data to encrypt length
|
|
||||||
req_message->message_aes_gcm_data.payload_size = data2encrypt_length;
|
|
||||||
|
|
||||||
//Use the session nonce as the payload IV
|
|
||||||
memcpy(req_message->message_aes_gcm_data.reserved,&session_info->active.counter,sizeof(session_info->active.counter));
|
|
||||||
|
|
||||||
//Set the session ID of the message to the current session id
|
|
||||||
req_message->session_id = session_info->session_id;
|
|
||||||
|
|
||||||
//Prepare the request message with the encrypted payload
|
|
||||||
status = sgx_rijndael128GCM_encrypt(&session_info->active.AEK, (uint8_t*)inp_buff, data2encrypt_length,
|
|
||||||
reinterpret_cast<uint8_t *>(&(req_message->message_aes_gcm_data.payload)),
|
|
||||||
reinterpret_cast<uint8_t *>(&(req_message->message_aes_gcm_data.reserved)),
|
|
||||||
sizeof(req_message->message_aes_gcm_data.reserved), plaintext, plaintext_length,
|
|
||||||
&(req_message->message_aes_gcm_data.payload_tag));
|
|
||||||
|
|
||||||
if(SGX_SUCCESS != status)
|
|
||||||
{
|
|
||||||
SAFE_FREE(req_message);
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Allocate memory for the response payload to be copied
|
|
||||||
*out_buff = (char*)malloc(max_out_buff_size);
|
|
||||||
if(!*out_buff)
|
|
||||||
{
|
|
||||||
SAFE_FREE(req_message);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(*out_buff, 0, max_out_buff_size);
|
|
||||||
|
|
||||||
//Allocate memory for the response message
|
|
||||||
resp_message = (secure_message_t*)malloc(sizeof(secure_message_t)+ max_out_buff_size);
|
|
||||||
if(!resp_message)
|
|
||||||
{
|
|
||||||
SAFE_FREE(req_message);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(resp_message, 0, sizeof(secure_message_t)+ max_out_buff_size);
|
|
||||||
|
|
||||||
//Ocall to send the request to the Destination Enclave and get the response message back
|
|
||||||
status = send_request_ocall(&retstatus, src_enclave_id, dest_enclave_id, req_message,
|
|
||||||
(sizeof(secure_message_t)+ inp_buff_len), max_out_buff_size,
|
|
||||||
resp_message, (sizeof(secure_message_t)+ max_out_buff_size));
|
|
||||||
if (status == SGX_SUCCESS)
|
|
||||||
{
|
|
||||||
if ((ATTESTATION_STATUS)retstatus != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(req_message);
|
|
||||||
SAFE_FREE(resp_message);
|
|
||||||
return ((ATTESTATION_STATUS)retstatus);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
SAFE_FREE(req_message);
|
|
||||||
SAFE_FREE(resp_message);
|
|
||||||
return ATTESTATION_SE_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
max_resp_message_length = sizeof(secure_message_t)+ max_out_buff_size;
|
|
||||||
|
|
||||||
if(sizeof(resp_message) > max_resp_message_length)
|
|
||||||
{
|
|
||||||
SAFE_FREE(req_message);
|
|
||||||
SAFE_FREE(resp_message);
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Code to process the response message from the Destination Enclave
|
|
||||||
|
|
||||||
decrypted_data_length = resp_message->message_aes_gcm_data.payload_size;
|
|
||||||
plain_text_offset = decrypted_data_length;
|
|
||||||
decrypted_data = (uint8_t*)malloc(decrypted_data_length);
|
|
||||||
if(!decrypted_data)
|
|
||||||
{
|
|
||||||
SAFE_FREE(req_message);
|
|
||||||
SAFE_FREE(resp_message);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
memset(&l_tag, 0, 16);
|
|
||||||
|
|
||||||
memset(decrypted_data, 0, decrypted_data_length);
|
|
||||||
|
|
||||||
//Decrypt the response message payload
|
|
||||||
status = sgx_rijndael128GCM_decrypt(&session_info->active.AEK, resp_message->message_aes_gcm_data.payload,
|
|
||||||
decrypted_data_length, decrypted_data,
|
|
||||||
reinterpret_cast<uint8_t *>(&(resp_message->message_aes_gcm_data.reserved)),
|
|
||||||
sizeof(resp_message->message_aes_gcm_data.reserved), &(resp_message->message_aes_gcm_data.payload[plain_text_offset]), plaintext_length,
|
|
||||||
&resp_message->message_aes_gcm_data.payload_tag);
|
|
||||||
|
|
||||||
if(SGX_SUCCESS != status)
|
|
||||||
{
|
|
||||||
SAFE_FREE(req_message);
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
SAFE_FREE(resp_message);
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Verify if the nonce obtained in the response is equal to the session nonce + 1 (Prevents replay attacks)
|
|
||||||
if(*(resp_message->message_aes_gcm_data.reserved) != (session_info->active.counter + 1 ))
|
|
||||||
{
|
|
||||||
SAFE_FREE(req_message);
|
|
||||||
SAFE_FREE(resp_message);
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Update the value of the session nonce in the source enclave
|
|
||||||
session_info->active.counter = session_info->active.counter + 1;
|
|
||||||
|
|
||||||
memcpy(out_buff_len, &decrypted_data_length, sizeof(decrypted_data_length));
|
|
||||||
memcpy(*out_buff, decrypted_data, decrypted_data_length);
|
|
||||||
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
SAFE_FREE(req_message);
|
|
||||||
SAFE_FREE(resp_message);
|
|
||||||
return SUCCESS;
|
|
||||||
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
//Process the request from the Source enclave and send the response message back to the Source enclave
|
|
||||||
ATTESTATION_STATUS generate_response(sgx_enclave_id_t src_enclave_id,
|
|
||||||
secure_message_t* req_message,
|
|
||||||
size_t req_message_size,
|
|
||||||
size_t max_payload_size,
|
|
||||||
secure_message_t* resp_message,
|
|
||||||
size_t resp_message_size)
|
|
||||||
{
|
|
||||||
const uint8_t* plaintext;
|
|
||||||
uint32_t plaintext_length;
|
|
||||||
uint8_t *decrypted_data;
|
|
||||||
uint32_t decrypted_data_length;
|
|
||||||
uint32_t plain_text_offset;
|
|
||||||
ms_in_msg_exchange_t * ms;
|
|
||||||
size_t resp_data_length;
|
|
||||||
size_t resp_message_calc_size;
|
|
||||||
char* resp_data;
|
|
||||||
uint8_t l_tag[TAG_SIZE];
|
|
||||||
size_t header_size, expected_payload_size;
|
|
||||||
dh_session_t *session_info;
|
|
||||||
secure_message_t* temp_resp_message;
|
|
||||||
uint32_t ret;
|
|
||||||
sgx_status_t status;
|
|
||||||
|
|
||||||
plaintext = (const uint8_t*)(" ");
|
|
||||||
plaintext_length = 0;
|
|
||||||
|
|
||||||
if(!req_message || !resp_message)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Get the session information from the map corresponding to the source enclave id
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_dest_session_info_map.find(src_enclave_id);
|
|
||||||
if(it != g_dest_session_info_map.end())
|
|
||||||
{
|
|
||||||
session_info = &it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(session_info->status != ACTIVE)
|
|
||||||
{
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Set the decrypted data length to the payload size obtained from the message
|
|
||||||
decrypted_data_length = req_message->message_aes_gcm_data.payload_size;
|
|
||||||
|
|
||||||
header_size = sizeof(secure_message_t);
|
|
||||||
expected_payload_size = req_message_size - header_size;
|
|
||||||
|
|
||||||
//Verify the size of the payload
|
|
||||||
if(expected_payload_size != decrypted_data_length)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
|
|
||||||
memset(&l_tag, 0, 16);
|
|
||||||
plain_text_offset = decrypted_data_length;
|
|
||||||
decrypted_data = (uint8_t*)malloc(decrypted_data_length);
|
|
||||||
if(!decrypted_data)
|
|
||||||
{
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(decrypted_data, 0, decrypted_data_length);
|
|
||||||
|
|
||||||
//Decrypt the request message payload from source enclave
|
|
||||||
status = sgx_rijndael128GCM_decrypt(&session_info->active.AEK, req_message->message_aes_gcm_data.payload,
|
|
||||||
decrypted_data_length, decrypted_data,
|
|
||||||
reinterpret_cast<uint8_t *>(&(req_message->message_aes_gcm_data.reserved)),
|
|
||||||
sizeof(req_message->message_aes_gcm_data.reserved), &(req_message->message_aes_gcm_data.payload[plain_text_offset]), plaintext_length,
|
|
||||||
&req_message->message_aes_gcm_data.payload_tag);
|
|
||||||
|
|
||||||
if(SGX_SUCCESS != status)
|
|
||||||
{
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Casting the decrypted data to the marshaling structure type to obtain type of request (generic message exchange/enclave to enclave call)
|
|
||||||
ms = (ms_in_msg_exchange_t *)decrypted_data;
|
|
||||||
|
|
||||||
|
|
||||||
// Verify if the nonce obtained in the request is equal to the session nonce
|
|
||||||
if((uint32_t)*(req_message->message_aes_gcm_data.reserved) != session_info->active.counter || *(req_message->message_aes_gcm_data.reserved) > ((2^32)-2))
|
|
||||||
{
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(ms->msg_type == MESSAGE_EXCHANGE)
|
|
||||||
{
|
|
||||||
//Call the generic secret response generator for message exchange
|
|
||||||
ret = message_exchange_response_generator((char*)decrypted_data, &resp_data, &resp_data_length);
|
|
||||||
if(ret !=0)
|
|
||||||
{
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
SAFE_FREE(resp_data);
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else if(ms->msg_type == ENCLAVE_TO_ENCLAVE_CALL)
|
|
||||||
{
|
|
||||||
//Call the destination enclave's dispatcher to call the appropriate function in the destination enclave
|
|
||||||
ret = enclave_to_enclave_call_dispatcher((char*)decrypted_data, decrypted_data_length, &resp_data, &resp_data_length);
|
|
||||||
if(ret !=0)
|
|
||||||
{
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
SAFE_FREE(resp_data);
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
return INVALID_REQUEST_TYPE_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
if(resp_data_length > max_payload_size)
|
|
||||||
{
|
|
||||||
SAFE_FREE(resp_data);
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
return OUT_BUFFER_LENGTH_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
resp_message_calc_size = sizeof(secure_message_t)+ resp_data_length;
|
|
||||||
|
|
||||||
if(resp_message_calc_size > resp_message_size)
|
|
||||||
{
|
|
||||||
SAFE_FREE(resp_data);
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
return OUT_BUFFER_LENGTH_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Code to build the response back to the Source Enclave
|
|
||||||
temp_resp_message = (secure_message_t*)malloc(resp_message_calc_size);
|
|
||||||
if(!temp_resp_message)
|
|
||||||
{
|
|
||||||
SAFE_FREE(resp_data);
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(temp_resp_message,0,sizeof(secure_message_t)+ resp_data_length);
|
|
||||||
const uint32_t data2encrypt_length = (uint32_t)resp_data_length;
|
|
||||||
temp_resp_message->session_id = session_info->session_id;
|
|
||||||
temp_resp_message->message_aes_gcm_data.payload_size = data2encrypt_length;
|
|
||||||
|
|
||||||
//Increment the Session Nonce (Replay Protection)
|
|
||||||
session_info->active.counter = session_info->active.counter + 1;
|
|
||||||
|
|
||||||
//Set the response nonce as the session nonce
|
|
||||||
memcpy(&temp_resp_message->message_aes_gcm_data.reserved,&session_info->active.counter,sizeof(session_info->active.counter));
|
|
||||||
|
|
||||||
//Prepare the response message with the encrypted payload
|
|
||||||
status = sgx_rijndael128GCM_encrypt(&session_info->active.AEK, (uint8_t*)resp_data, data2encrypt_length,
|
|
||||||
reinterpret_cast<uint8_t *>(&(temp_resp_message->message_aes_gcm_data.payload)),
|
|
||||||
reinterpret_cast<uint8_t *>(&(temp_resp_message->message_aes_gcm_data.reserved)),
|
|
||||||
sizeof(temp_resp_message->message_aes_gcm_data.reserved), plaintext, plaintext_length,
|
|
||||||
&(temp_resp_message->message_aes_gcm_data.payload_tag));
|
|
||||||
|
|
||||||
if(SGX_SUCCESS != status)
|
|
||||||
{
|
|
||||||
SAFE_FREE(resp_data);
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
SAFE_FREE(temp_resp_message);
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(resp_message, 0, sizeof(secure_message_t)+ resp_data_length);
|
|
||||||
memcpy(resp_message, temp_resp_message, sizeof(secure_message_t)+ resp_data_length);
|
|
||||||
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
SAFE_FREE(resp_data);
|
|
||||||
SAFE_FREE(temp_resp_message);
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Close a current session
|
|
||||||
ATTESTATION_STATUS close_session(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
sgx_status_t status;
|
|
||||||
|
|
||||||
uint32_t retstatus;
|
|
||||||
|
|
||||||
//Ocall to ask the destination enclave to end the session
|
|
||||||
status = end_session_ocall(&retstatus, src_enclave_id, dest_enclave_id);
|
|
||||||
if (status == SGX_SUCCESS)
|
|
||||||
{
|
|
||||||
if ((ATTESTATION_STATUS)retstatus != SUCCESS)
|
|
||||||
return ((ATTESTATION_STATUS)retstatus);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return ATTESTATION_SE_ERROR;
|
|
||||||
}
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Respond to the request from the Source Enclave to close the session
|
|
||||||
ATTESTATION_STATUS end_session(sgx_enclave_id_t src_enclave_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS status = SUCCESS;
|
|
||||||
int i;
|
|
||||||
dh_session_t session_info;
|
|
||||||
uint32_t session_id;
|
|
||||||
|
|
||||||
//Get the session information from the map corresponding to the source enclave id
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_dest_session_info_map.find(src_enclave_id);
|
|
||||||
if(it != g_dest_session_info_map.end())
|
|
||||||
{
|
|
||||||
session_info = it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
session_id = session_info.session_id;
|
|
||||||
//Erase the session information for the current session
|
|
||||||
g_dest_session_info_map.erase(src_enclave_id);
|
|
||||||
|
|
||||||
//Update the session id tracker
|
|
||||||
if (g_session_count > 0)
|
|
||||||
{
|
|
||||||
//check if session exists
|
|
||||||
for (i=1; i <= MAX_SESSION_COUNT; i++)
|
|
||||||
{
|
|
||||||
if(g_session_id_tracker[i-1] != NULL && g_session_id_tracker[i-1]->session_id == session_id)
|
|
||||||
{
|
|
||||||
memset(g_session_id_tracker[i-1], 0, sizeof(session_id_tracker_t));
|
|
||||||
SAFE_FREE(g_session_id_tracker[i-1]);
|
|
||||||
g_session_count--;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return status;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
//Returns a new sessionID for the source destination session
|
|
||||||
ATTESTATION_STATUS generate_session_id(uint32_t *session_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS status = SUCCESS;
|
|
||||||
|
|
||||||
if(!session_id)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
//if the session structure is untintialized, set that as the next session ID
|
|
||||||
for (int i = 0; i < MAX_SESSION_COUNT; i++)
|
|
||||||
{
|
|
||||||
if (g_session_id_tracker[i] == NULL)
|
|
||||||
{
|
|
||||||
*session_id = i;
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
status = NO_AVAILABLE_SESSION_ERROR;
|
|
||||||
|
|
||||||
return status;
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,54 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
#include "datatypes.h"
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "sgx_trts.h"
|
|
||||||
#include <map>
|
|
||||||
#include "dh_session_protocol.h"
|
|
||||||
|
|
||||||
#ifndef LOCALATTESTATION_H_
|
|
||||||
#define LOCALATTESTATION_H_
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
extern "C" {
|
|
||||||
#endif
|
|
||||||
|
|
||||||
uint32_t SGXAPI create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, dh_session_t *p_session_info);
|
|
||||||
uint32_t SGXAPI send_request_receive_response(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, dh_session_t *p_session_info, char *inp_buff, size_t inp_buff_len, size_t max_out_buff_size, char **out_buff, size_t* out_buff_len);
|
|
||||||
uint32_t SGXAPI close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#endif
|
|
|
@ -1,50 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
enclave {
|
|
||||||
include "sgx_eid.h"
|
|
||||||
include "datatypes.h"
|
|
||||||
include "../Include/dh_session_protocol.h"
|
|
||||||
trusted{
|
|
||||||
public uint32_t session_request(sgx_enclave_id_t src_enclave_id, [out] sgx_dh_msg1_t *dh_msg1, [out] uint32_t *session_id);
|
|
||||||
public uint32_t exchange_report(sgx_enclave_id_t src_enclave_id, [in] sgx_dh_msg2_t *dh_msg2, [out] sgx_dh_msg3_t *dh_msg3, uint32_t session_id);
|
|
||||||
public uint32_t generate_response(sgx_enclave_id_t src_enclave_id, [in, size = req_message_size] secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, [out, size=resp_message_size] secure_message_t* resp_message, size_t resp_message_size );
|
|
||||||
public uint32_t end_session(sgx_enclave_id_t src_enclave_id);
|
|
||||||
};
|
|
||||||
|
|
||||||
untrusted{
|
|
||||||
uint32_t session_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [in, out] sgx_dh_msg1_t *dh_msg1,[in, out] uint32_t *session_id);
|
|
||||||
uint32_t exchange_report_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [in, out] sgx_dh_msg2_t *dh_msg2, [in, out] sgx_dh_msg3_t *dh_msg3, uint32_t session_id);
|
|
||||||
uint32_t send_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [in, size = req_message_size] secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, [out, size=resp_message_size] secure_message_t* resp_message, size_t resp_message_size);
|
|
||||||
uint32_t end_session_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
void ocall_print_string([in, string] const char *str);
|
|
||||||
};
|
|
||||||
};
|
|
|
@ -1,105 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include "sgx_report.h"
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "sgx_ecp_types.h"
|
|
||||||
#include "sgx_dh.h"
|
|
||||||
#include "sgx_tseal.h"
|
|
||||||
|
|
||||||
#ifndef DATATYPES_H_
|
|
||||||
#define DATATYPES_H_
|
|
||||||
|
|
||||||
#define DH_KEY_SIZE 20
|
|
||||||
#define NONCE_SIZE 16
|
|
||||||
#define MAC_SIZE 16
|
|
||||||
#define MAC_KEY_SIZE 16
|
|
||||||
#define PADDING_SIZE 16
|
|
||||||
|
|
||||||
#define TAG_SIZE 16
|
|
||||||
#define IV_SIZE 12
|
|
||||||
|
|
||||||
#define DERIVE_MAC_KEY 0x0
|
|
||||||
#define DERIVE_SESSION_KEY 0x1
|
|
||||||
#define DERIVE_VK1_KEY 0x3
|
|
||||||
#define DERIVE_VK2_KEY 0x4
|
|
||||||
|
|
||||||
#define CLOSED 0x0
|
|
||||||
#define IN_PROGRESS 0x1
|
|
||||||
#define ACTIVE 0x2
|
|
||||||
|
|
||||||
#define MESSAGE_EXCHANGE 0x0
|
|
||||||
#define ENCLAVE_TO_ENCLAVE_CALL 0x1
|
|
||||||
|
|
||||||
#define INVALID_ARGUMENT -2 ///< Invalid function argument
|
|
||||||
#define LOGIC_ERROR -3 ///< Functional logic error
|
|
||||||
#define FILE_NOT_FOUND -4 ///< File not found
|
|
||||||
|
|
||||||
#define SAFE_FREE(ptr) {if (NULL != (ptr)) {free(ptr); (ptr)=NULL;}}
|
|
||||||
|
|
||||||
#define VMC_ATTRIBUTE_MASK 0xFFFFFFFFFFFFFFCB
|
|
||||||
|
|
||||||
typedef uint8_t dh_nonce[NONCE_SIZE];
|
|
||||||
typedef uint8_t cmac_128[MAC_SIZE];
|
|
||||||
|
|
||||||
#pragma pack(push, 1)
|
|
||||||
|
|
||||||
//Format of the AES-GCM message being exchanged between the source and the destination enclaves
|
|
||||||
typedef struct _secure_message_t
|
|
||||||
{
|
|
||||||
uint32_t session_id; //Session ID identifyting the session to which the message belongs
|
|
||||||
sgx_aes_gcm_data_t message_aes_gcm_data;
|
|
||||||
}secure_message_t;
|
|
||||||
|
|
||||||
//Format of the input function parameter structure
|
|
||||||
typedef struct _ms_in_msg_exchange_t {
|
|
||||||
uint32_t msg_type; //Type of Call E2E or general message exchange
|
|
||||||
uint32_t target_fn_id; //Function Id to be called in Destination. Is valid only when msg_type=ENCLAVE_TO_ENCLAVE_CALL
|
|
||||||
uint32_t inparam_buff_len; //Length of the serialized input parameters
|
|
||||||
char inparam_buff[]; //Serialized input parameters
|
|
||||||
} ms_in_msg_exchange_t;
|
|
||||||
|
|
||||||
//Format of the return value and output function parameter structure
|
|
||||||
typedef struct _ms_out_msg_exchange_t {
|
|
||||||
uint32_t retval_len; //Length of the return value
|
|
||||||
uint32_t ret_outparam_buff_len; //Length of the serialized return value and output parameters
|
|
||||||
char ret_outparam_buff[]; //Serialized return value and output parameters
|
|
||||||
} ms_out_msg_exchange_t;
|
|
||||||
|
|
||||||
//Session Tracker to generate session ids
|
|
||||||
typedef struct _session_id_tracker_t
|
|
||||||
{
|
|
||||||
uint32_t session_id;
|
|
||||||
}session_id_tracker_t;
|
|
||||||
|
|
||||||
#pragma pack(pop)
|
|
||||||
|
|
||||||
#endif
|
|
|
@ -1,53 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
#ifndef ERROR_CODES_H_
|
|
||||||
#define ERROR_CODES_H_
|
|
||||||
|
|
||||||
typedef uint32_t ATTESTATION_STATUS;
|
|
||||||
|
|
||||||
#define SUCCESS 0x00
|
|
||||||
#define INVALID_PARAMETER 0xE1
|
|
||||||
#define VALID_SESSION 0xE2
|
|
||||||
#define INVALID_SESSION 0xE3
|
|
||||||
#define ATTESTATION_ERROR 0xE4
|
|
||||||
#define ATTESTATION_SE_ERROR 0xE5
|
|
||||||
#define IPP_ERROR 0xE6
|
|
||||||
#define NO_AVAILABLE_SESSION_ERROR 0xE7
|
|
||||||
#define MALLOC_ERROR 0xE8
|
|
||||||
#define ERROR_TAG_MISMATCH 0xE9
|
|
||||||
#define OUT_BUFFER_LENGTH_ERROR 0xEA
|
|
||||||
#define INVALID_REQUEST_TYPE_ERROR 0xEB
|
|
||||||
#define INVALID_PARAMETER_ERROR 0xEC
|
|
||||||
#define ENCLAVE_TRUST_ERROR 0xED
|
|
||||||
#define ENCRYPT_DECRYPT_ERROR 0xEE
|
|
||||||
#define DUPLICATE_SESSION 0xEF
|
|
||||||
#endif
|
|
|
@ -1,346 +0,0 @@
|
||||||
#
|
|
||||||
# Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
#
|
|
||||||
# Redistribution and use in source and binary forms, with or without
|
|
||||||
# modification, are permitted provided that the following conditions
|
|
||||||
# are met:
|
|
||||||
#
|
|
||||||
# * Redistributions of source code must retain the above copyright
|
|
||||||
# notice, this list of conditions and the following disclaimer.
|
|
||||||
# * Redistributions in binary form must reproduce the above copyright
|
|
||||||
# notice, this list of conditions and the following disclaimer in
|
|
||||||
# the documentation and/or other materials provided with the
|
|
||||||
# distribution.
|
|
||||||
# * Neither the name of Intel Corporation nor the names of its
|
|
||||||
# contributors may be used to endorse or promote products derived
|
|
||||||
# from this software without specific prior written permission.
|
|
||||||
#
|
|
||||||
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
#
|
|
||||||
#
|
|
||||||
|
|
||||||
######## SGX SDK Settings ########
|
|
||||||
|
|
||||||
SGX_SDK ?= /opt/intel/sgxsdk
|
|
||||||
SGX_MODE ?= HW
|
|
||||||
SGX_ARCH ?= x64
|
|
||||||
SGX_DEBUG ?= 1
|
|
||||||
|
|
||||||
ifeq ($(shell getconf LONG_BIT), 32)
|
|
||||||
SGX_ARCH := x86
|
|
||||||
else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32)
|
|
||||||
SGX_ARCH := x86
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifeq ($(SGX_ARCH), x86)
|
|
||||||
SGX_COMMON_CFLAGS := -m32
|
|
||||||
SGX_LIBRARY_PATH := $(SGX_SDK)/lib
|
|
||||||
SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign
|
|
||||||
SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r
|
|
||||||
else
|
|
||||||
SGX_COMMON_CFLAGS := -m64
|
|
||||||
SGX_LIBRARY_PATH := $(SGX_SDK)/lib64
|
|
||||||
SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign
|
|
||||||
SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifeq ($(SGX_DEBUG), 1)
|
|
||||||
ifeq ($(SGX_PRERELEASE), 1)
|
|
||||||
$(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!)
|
|
||||||
endif
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifeq ($(SGX_DEBUG), 1)
|
|
||||||
SGX_COMMON_CFLAGS += -O0 -g
|
|
||||||
else
|
|
||||||
SGX_COMMON_CFLAGS += -O2
|
|
||||||
endif
|
|
||||||
|
|
||||||
######## Library Settings ########
|
|
||||||
|
|
||||||
Trust_Lib_Name := libLocalAttestation_Trusted.a
|
|
||||||
TrustLib_Cpp_Files := $(wildcard LocalAttestationCode/*.cpp)
|
|
||||||
TrustLib_Cpp_Objects := $(TrustLib_Cpp_Files:.cpp=.o)
|
|
||||||
TrustLib_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx -I$(SGX_SDK)/include/epid -I./Include
|
|
||||||
TrustLib_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector $(TrustLib_Include_Paths)
|
|
||||||
TrustLib_Compile_Cxx_Flags := -std=c++11 -nostdinc++
|
|
||||||
|
|
||||||
UnTrustLib_Name := libLocalAttestation_unTrusted.a
|
|
||||||
UnTrustLib_Cpp_Files := $(wildcard Untrusted_LocalAttestation/*.cpp)
|
|
||||||
UnTrustLib_Cpp_Objects := $(UnTrustLib_Cpp_Files:.cpp=.o)
|
|
||||||
UnTrustLib_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/ippcp -I./Include -I./LocalAttestationCode
|
|
||||||
UnTrustLib_Compile_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes -std=c++11 $(UnTrustLib_Include_Paths)
|
|
||||||
|
|
||||||
######## App Settings ########
|
|
||||||
|
|
||||||
ifneq ($(SGX_MODE), HW)
|
|
||||||
Urts_Library_Name := sgx_urts_sim
|
|
||||||
else
|
|
||||||
Urts_Library_Name := sgx_urts
|
|
||||||
endif
|
|
||||||
|
|
||||||
App_Cpp_Files := $(wildcard App/*.cpp)
|
|
||||||
App_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/ippcp -I./Include -I./LocalAttestationCode
|
|
||||||
|
|
||||||
App_Compile_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths)
|
|
||||||
# Three configuration modes - Debug, prerelease, release
|
|
||||||
# Debug - Macro DEBUG enabled.
|
|
||||||
# Prerelease - Macro NDEBUG and EDEBUG enabled.
|
|
||||||
# Release - Macro NDEBUG enabled.
|
|
||||||
ifeq ($(SGX_DEBUG), 1)
|
|
||||||
App_Compile_Flags += -DDEBUG -UNDEBUG -UEDEBUG
|
|
||||||
else ifeq ($(SGX_PRERELEASE), 1)
|
|
||||||
App_Compile_Flags += -DNDEBUG -DEDEBUG -UDEBUG
|
|
||||||
else
|
|
||||||
App_Compile_Flags += -DNDEBUG -UEDEBUG -UDEBUG
|
|
||||||
endif
|
|
||||||
|
|
||||||
App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -L. -lpthread -lLocalAttestation_unTrusted
|
|
||||||
|
|
||||||
ifneq ($(SGX_MODE), HW)
|
|
||||||
App_Link_Flags += -lsgx_uae_service_sim
|
|
||||||
else
|
|
||||||
App_Link_Flags += -lsgx_uae_service
|
|
||||||
endif
|
|
||||||
|
|
||||||
App_Cpp_Objects := $(App_Cpp_Files:.cpp=.o)
|
|
||||||
App_Name := app
|
|
||||||
|
|
||||||
######## Enclave Settings ########
|
|
||||||
|
|
||||||
Enclave1_Version_Script := Enclave1/Enclave1.lds
|
|
||||||
Enclave2_Version_Script := Enclave2/Enclave2.lds
|
|
||||||
Enclave3_Version_Script := Enclave3/Enclave3.lds
|
|
||||||
|
|
||||||
ifneq ($(SGX_MODE), HW)
|
|
||||||
Trts_Library_Name := sgx_trts_sim
|
|
||||||
Service_Library_Name := sgx_tservice_sim
|
|
||||||
else
|
|
||||||
Trts_Library_Name := sgx_trts
|
|
||||||
Service_Library_Name := sgx_tservice
|
|
||||||
endif
|
|
||||||
Crypto_Library_Name := sgx_tcrypto
|
|
||||||
|
|
||||||
Enclave_Cpp_Files_1 := $(wildcard Enclave1/*.cpp)
|
|
||||||
Enclave_Cpp_Files_2 := $(wildcard Enclave2/*.cpp)
|
|
||||||
Enclave_Cpp_Files_3 := $(wildcard Enclave3/*.cpp)
|
|
||||||
Enclave_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx -I./LocalAttestationCode -I./Include
|
|
||||||
|
|
||||||
CC_BELOW_4_9 := $(shell expr "`$(CC) -dumpversion`" \< "4.9")
|
|
||||||
ifeq ($(CC_BELOW_4_9), 1)
|
|
||||||
Enclave_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -ffunction-sections -fdata-sections -fstack-protector
|
|
||||||
else
|
|
||||||
Enclave_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -ffunction-sections -fdata-sections -fstack-protector-strong
|
|
||||||
endif
|
|
||||||
|
|
||||||
Enclave_Compile_Flags += $(Enclave_Include_Paths)
|
|
||||||
|
|
||||||
# To generate a proper enclave, it is recommended to follow below guideline to link the trusted libraries:
|
|
||||||
# 1. Link sgx_trts with the `--whole-archive' and `--no-whole-archive' options,
|
|
||||||
# so that the whole content of trts is included in the enclave.
|
|
||||||
# 2. For other libraries, you just need to pull the required symbols.
|
|
||||||
# Use `--start-group' and `--end-group' to link these libraries.
|
|
||||||
# Do NOT move the libraries linked with `--start-group' and `--end-group' within `--whole-archive' and `--no-whole-archive' options.
|
|
||||||
# Otherwise, you may get some undesirable errors.
|
|
||||||
Common_Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \
|
|
||||||
-Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
|
|
||||||
-Wl,--start-group -lsgx_tstdc -lsgx_tcxx -l$(Crypto_Library_Name) -L. -lLocalAttestation_Trusted -l$(Service_Library_Name) -Wl,--end-group \
|
|
||||||
-Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
|
|
||||||
-Wl,-pie,-eenclave_entry -Wl,--export-dynamic \
|
|
||||||
-Wl,--defsym,__ImageBase=0 -Wl,--gc-sections
|
|
||||||
Enclave1_Link_Flags := $(Common_Enclave_Link_Flags) -Wl,--version-script=$(Enclave1_Version_Script)
|
|
||||||
Enclave2_Link_Flags := $(Common_Enclave_Link_Flags) -Wl,--version-script=$(Enclave2_Version_Script)
|
|
||||||
Enclave3_Link_Flags := $(Common_Enclave_Link_Flags) -Wl,--version-script=$(Enclave3_Version_Script)
|
|
||||||
|
|
||||||
Enclave_Cpp_Objects_1 := $(Enclave_Cpp_Files_1:.cpp=.o)
|
|
||||||
Enclave_Cpp_Objects_2 := $(Enclave_Cpp_Files_2:.cpp=.o)
|
|
||||||
Enclave_Cpp_Objects_3 := $(Enclave_Cpp_Files_3:.cpp=.o)
|
|
||||||
|
|
||||||
Enclave_Name_1 := libenclave1.so
|
|
||||||
Enclave_Name_2 := libenclave2.so
|
|
||||||
Enclave_Name_3 := libenclave3.so
|
|
||||||
|
|
||||||
ifeq ($(SGX_MODE), HW)
|
|
||||||
ifeq ($(SGX_DEBUG), 1)
|
|
||||||
Build_Mode = HW_DEBUG
|
|
||||||
else ifeq ($(SGX_PRERELEASE), 1)
|
|
||||||
Build_Mode = HW_PRERELEASE
|
|
||||||
else
|
|
||||||
Build_Mode = HW_RELEASE
|
|
||||||
endif
|
|
||||||
else
|
|
||||||
ifeq ($(SGX_DEBUG), 1)
|
|
||||||
Build_Mode = SIM_DEBUG
|
|
||||||
else ifeq ($(SGX_PRERELEASE), 1)
|
|
||||||
Build_Mode = SIM_PRERELEASE
|
|
||||||
else
|
|
||||||
Build_Mode = SIM_RELEASE
|
|
||||||
endif
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifeq ($(Build_Mode), HW_RELEASE)
|
|
||||||
all: .config_$(Build_Mode)_$(SGX_ARCH) $(Trust_Lib_Name) $(UnTrustLib_Name) Enclave1.so Enclave2.so Enclave3.so $(App_Name)
|
|
||||||
@echo "The project has been built in release hardware mode."
|
|
||||||
@echo "Please sign the enclaves (Enclave1.so, Enclave2.so, Enclave3.so) first with your signing keys before you run the $(App_Name) to launch and access the enclave."
|
|
||||||
@echo "To sign the enclaves use the following commands:"
|
|
||||||
@echo " $(SGX_ENCLAVE_SIGNER) sign -key <key1> -enclave Enclave1.so -out <$(Enclave_Name_1)> -config Enclave1/Enclave1.config.xml"
|
|
||||||
@echo " $(SGX_ENCLAVE_SIGNER) sign -key <key2> -enclave Enclave2.so -out <$(Enclave_Name_2)> -config Enclave2/Enclave2.config.xml"
|
|
||||||
@echo " $(SGX_ENCLAVE_SIGNER) sign -key <key3> -enclave Enclave3.so -out <$(Enclave_Name_3)> -config Enclave3/Enclave3.config.xml"
|
|
||||||
@echo "You can also sign the enclaves using an external signing tool."
|
|
||||||
@echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW."
|
|
||||||
else
|
|
||||||
all: .config_$(Build_Mode)_$(SGX_ARCH) $(Trust_Lib_Name) $(UnTrustLib_Name) $(Enclave_Name_1) $(Enclave_Name_2) $(Enclave_Name_3) $(App_Name)
|
|
||||||
ifeq ($(Build_Mode), HW_DEBUG)
|
|
||||||
@echo "The project has been built in debug hardware mode."
|
|
||||||
else ifeq ($(Build_Mode), SIM_DEBUG)
|
|
||||||
@echo "The project has been built in debug simulation mode."
|
|
||||||
else ifeq ($(Build_Mode), HW_PRERELEASE)
|
|
||||||
@echo "The project has been built in pre-release hardware mode."
|
|
||||||
else ifeq ($(Build_Mode), SIM_PRERELEASE)
|
|
||||||
@echo "The project has been built in pre-release simulation mode."
|
|
||||||
else
|
|
||||||
@echo "The project has been built in release simulation mode."
|
|
||||||
endif
|
|
||||||
endif
|
|
||||||
|
|
||||||
.config_$(Build_Mode)_$(SGX_ARCH):
|
|
||||||
@rm -rf .config_* $(App_Name) *.so *.a App/*.o Enclave1/*.o Enclave1/*_t.* Enclave1/*_u.* Enclave2/*.o Enclave2/*_t.* Enclave2/*_u.* Enclave3/*.o Enclave3/*_t.* Enclave3/*_u.* LocalAttestationCode/*.o Untrusted_LocalAttestation/*.o LocalAttestationCode/*_t.*
|
|
||||||
@touch .config_$(Build_Mode)_$(SGX_ARCH)
|
|
||||||
|
|
||||||
######## Library Objects ########
|
|
||||||
|
|
||||||
LocalAttestationCode/LocalAttestationCode_t.c LocalAttestationCode/LocalAttestationCode_t.h : $(SGX_EDGER8R) LocalAttestationCode/LocalAttestationCode.edl
|
|
||||||
@cd LocalAttestationCode && $(SGX_EDGER8R) --trusted ../LocalAttestationCode/LocalAttestationCode.edl --search-path $(SGX_SDK)/include
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
LocalAttestationCode/LocalAttestationCode_t.o: LocalAttestationCode/LocalAttestationCode_t.c
|
|
||||||
@$(CC) $(TrustLib_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
LocalAttestationCode/%.o: LocalAttestationCode/%.cpp LocalAttestationCode/LocalAttestationCode_t.h
|
|
||||||
@$(CXX) $(TrustLib_Compile_Flags) $(TrustLib_Compile_Cxx_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
$(Trust_Lib_Name): LocalAttestationCode/LocalAttestationCode_t.o $(TrustLib_Cpp_Objects)
|
|
||||||
@$(AR) rcs $@ $^
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
Untrusted_LocalAttestation/%.o: Untrusted_LocalAttestation/%.cpp
|
|
||||||
@$(CXX) $(UnTrustLib_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
$(UnTrustLib_Name): $(UnTrustLib_Cpp_Objects)
|
|
||||||
@$(AR) rcs $@ $^
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
######## App Objects ########
|
|
||||||
Enclave1/Enclave1_u.c Enclave1/Enclave1_u.h: $(SGX_EDGER8R) Enclave1/Enclave1.edl
|
|
||||||
@cd Enclave1 && $(SGX_EDGER8R) --use-prefix --untrusted ../Enclave1/Enclave1.edl --search-path $(SGX_SDK)/include
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
App/Enclave1_u.o: Enclave1/Enclave1_u.c
|
|
||||||
@$(CC) $(App_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
Enclave2/Enclave2_u.c Enclave2/Enclave2_u.h: $(SGX_EDGER8R) Enclave2/Enclave2.edl
|
|
||||||
@cd Enclave2 && $(SGX_EDGER8R) --use-prefix --untrusted ../Enclave2/Enclave2.edl --search-path $(SGX_SDK)/include
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
App/Enclave2_u.o: Enclave2/Enclave2_u.c
|
|
||||||
@$(CC) $(App_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
Enclave3/Enclave3_u.c Enclave3/Enclave3_u.h: $(SGX_EDGER8R) Enclave3/Enclave3.edl
|
|
||||||
@cd Enclave3 && $(SGX_EDGER8R) --use-prefix --untrusted ../Enclave3/Enclave3.edl --search-path $(SGX_SDK)/include
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
App/Enclave3_u.o: Enclave3/Enclave3_u.c
|
|
||||||
@$(CC) $(App_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
App/%.o: App/%.cpp Enclave1/Enclave1_u.h Enclave2/Enclave2_u.h Enclave3/Enclave3_u.h
|
|
||||||
@$(CXX) $(App_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CXX <= $<"
|
|
||||||
|
|
||||||
$(App_Name): App/Enclave1_u.o App/Enclave2_u.o App/Enclave3_u.o $(App_Cpp_Objects) $(UnTrustLib_Name)
|
|
||||||
@$(CXX) $^ -o $@ $(App_Link_Flags)
|
|
||||||
@echo "LINK => $@"
|
|
||||||
|
|
||||||
|
|
||||||
######## Enclave Objects ########
|
|
||||||
|
|
||||||
Enclave1/Enclave1_t.c Enclave1/Enclave1_t.h: $(SGX_EDGER8R) Enclave1/Enclave1.edl
|
|
||||||
@cd Enclave1 && $(SGX_EDGER8R) --use-prefix --trusted ../Enclave1/Enclave1.edl --search-path $(SGX_SDK)/include
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
Enclave1/Enclave1_t.o: Enclave1/Enclave1_t.c
|
|
||||||
@$(CC) $(Enclave_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
Enclave1/%.o: Enclave1/%.cpp Enclave1/Enclave1_t.h
|
|
||||||
@$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CXX <= $<"
|
|
||||||
|
|
||||||
Enclave1.so: Enclave1/Enclave1_t.o $(Enclave_Cpp_Objects_1) $(Trust_Lib_Name)
|
|
||||||
@$(CXX) Enclave1/Enclave1_t.o $(Enclave_Cpp_Objects_1) -o $@ $(Enclave1_Link_Flags)
|
|
||||||
@echo "LINK => $@"
|
|
||||||
|
|
||||||
$(Enclave_Name_1): Enclave1.so
|
|
||||||
@$(SGX_ENCLAVE_SIGNER) sign -key Enclave1/Enclave1_private.pem -enclave Enclave1.so -out $@ -config Enclave1/Enclave1.config.xml
|
|
||||||
@echo "SIGN => $@"
|
|
||||||
|
|
||||||
Enclave2/Enclave2_t.c: $(SGX_EDGER8R) Enclave2/Enclave2.edl
|
|
||||||
@cd Enclave2 && $(SGX_EDGER8R) --use-prefix --trusted ../Enclave2/Enclave2.edl --search-path $(SGX_SDK)/include
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
Enclave2/Enclave2_t.o: Enclave2/Enclave2_t.c
|
|
||||||
@$(CC) $(Enclave_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
Enclave2/%.o: Enclave2/%.cpp
|
|
||||||
@$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CXX <= $<"
|
|
||||||
|
|
||||||
Enclave2.so: Enclave2/Enclave2_t.o $(Enclave_Cpp_Objects_2) $(Trust_Lib_Name)
|
|
||||||
@$(CXX) Enclave2/Enclave2_t.o $(Enclave_Cpp_Objects_2) -o $@ $(Enclave2_Link_Flags)
|
|
||||||
@echo "LINK => $@"
|
|
||||||
|
|
||||||
$(Enclave_Name_2): Enclave2.so
|
|
||||||
@$(SGX_ENCLAVE_SIGNER) sign -key Enclave2/Enclave2_private.pem -enclave Enclave2.so -out $@ -config Enclave2/Enclave2.config.xml
|
|
||||||
@echo "SIGN => $@"
|
|
||||||
|
|
||||||
Enclave3/Enclave3_t.c: $(SGX_EDGER8R) Enclave3/Enclave3.edl
|
|
||||||
@cd Enclave3 && $(SGX_EDGER8R) --use-prefix --trusted ../Enclave3/Enclave3.edl --search-path $(SGX_SDK)/include
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
Enclave3/Enclave3_t.o: Enclave3/Enclave3_t.c
|
|
||||||
@$(CC) $(Enclave_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
Enclave3/%.o: Enclave3/%.cpp
|
|
||||||
@$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CXX <= $<"
|
|
||||||
|
|
||||||
Enclave3.so: Enclave3/Enclave3_t.o $(Enclave_Cpp_Objects_3) $(Trust_Lib_Name)
|
|
||||||
@$(CXX) Enclave3/Enclave3_t.o $(Enclave_Cpp_Objects_3) -o $@ $(Enclave3_Link_Flags)
|
|
||||||
@echo "LINK => $@"
|
|
||||||
|
|
||||||
$(Enclave_Name_3): Enclave3.so
|
|
||||||
@$(SGX_ENCLAVE_SIGNER) sign -key Enclave3/Enclave3_private.pem -enclave Enclave3.so -out $@ -config Enclave3/Enclave3.config.xml
|
|
||||||
@echo "SIGN => $@"
|
|
||||||
|
|
||||||
######## Clean ########
|
|
||||||
.PHONY: clean
|
|
||||||
|
|
||||||
clean:
|
|
||||||
@rm -rf .config_* $(App_Name) *.so *.a App/*.o Enclave1/*.o Enclave1/*_t.* Enclave1/*_u.* Enclave2/*.o Enclave2/*_t.* Enclave2/*_u.* Enclave3/*.o Enclave3/*_t.* Enclave3/*_u.* LocalAttestationCode/*.o Untrusted_LocalAttestation/*.o LocalAttestationCode/*_t.*
|
|
|
@ -1,29 +0,0 @@
|
||||||
---------------------------
|
|
||||||
Purpose of LocalAttestation
|
|
||||||
---------------------------
|
|
||||||
The project demonstrates:
|
|
||||||
- How to establish a protected channel
|
|
||||||
- Secret message exchange using enclave to enclave function calls
|
|
||||||
|
|
||||||
------------------------------------
|
|
||||||
How to Build/Execute the Sample Code
|
|
||||||
------------------------------------
|
|
||||||
1. Install Intel(R) Software Guard Extensions (Intel(R) SGX) SDK for Linux* OS
|
|
||||||
2. Make sure your environment is set:
|
|
||||||
$ source ${sgx-sdk-install-path}/environment
|
|
||||||
3. Build the project with the prepared Makefile:
|
|
||||||
a. Hardware Mode, Debug build:
|
|
||||||
$ make
|
|
||||||
b. Hardware Mode, Pre-release build:
|
|
||||||
$ make SGX_PRERELEASE=1 SGX_DEBUG=0
|
|
||||||
c. Hardware Mode, Release build:
|
|
||||||
$ make SGX_DEBUG=0
|
|
||||||
d. Simulation Mode, Debug build:
|
|
||||||
$ make SGX_MODE=SIM
|
|
||||||
e. Simulation Mode, Pre-release build:
|
|
||||||
$ make SGX_MODE=SIM SGX_PRERELEASE=1 SGX_DEBUG=0
|
|
||||||
f. Simulation Mode, Release build:
|
|
||||||
$ make SGX_MODE=SIM SGX_DEBUG=0
|
|
||||||
4. Execute the binary directly:
|
|
||||||
$ ./app
|
|
||||||
5. Remember to "make clean" before switching build mode
|
|
|
@ -1,200 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "error_codes.h"
|
|
||||||
#include "datatypes.h"
|
|
||||||
#include "sgx_urts.h"
|
|
||||||
#include "UntrustedEnclaveMessageExchange.h"
|
|
||||||
#include "sgx_dh.h"
|
|
||||||
#include <map>
|
|
||||||
#include <sys/ipc.h>
|
|
||||||
#include <sys/shm.h>
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <unistd.h>
|
|
||||||
|
|
||||||
std::map<sgx_enclave_id_t, uint32_t>g_enclave_id_map;
|
|
||||||
extern sgx_enclave_id_t e1_enclave_id;
|
|
||||||
|
|
||||||
//Makes an sgx_ecall to the destination enclave to get session id and message1
|
|
||||||
ATTESTATION_STATUS session_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id)
|
|
||||||
{
|
|
||||||
uint32_t status = 0;
|
|
||||||
sgx_status_t ret = SGX_SUCCESS;
|
|
||||||
|
|
||||||
// printf("[OCALL IPC] Generating msg1 and session_id for Enclave1\n");
|
|
||||||
// for session_id
|
|
||||||
printf("[OCALL IPC] Passing SessionID to shared memory for Enclave1\n");
|
|
||||||
key_t key_session_id = ftok("../..", 3);
|
|
||||||
int shmid_session_id = shmget(key_session_id, sizeof(uint32_t), 0666|IPC_CREAT);
|
|
||||||
uint32_t* tmp_session_id = (uint32_t*)shmat(shmid_session_id, (void*)0, 0);
|
|
||||||
memcpy(tmp_session_id, session_id, sizeof(uint32_t));
|
|
||||||
|
|
||||||
// for msg1
|
|
||||||
printf("[OCALL IPC] Passing message1 to shared memory for Enclave1\n");
|
|
||||||
key_t key_msg1 = ftok("../..", 2);
|
|
||||||
int shmid_msg1 = shmget(key_msg1, sizeof(sgx_dh_msg1_t), 0666|IPC_CREAT);
|
|
||||||
sgx_dh_msg1_t* tmp_msg1 = (sgx_dh_msg1_t *)shmat(shmid_msg1, (void*)0, 0);
|
|
||||||
memcpy(tmp_msg1, dh_msg1, sizeof(sgx_dh_msg1_t));
|
|
||||||
|
|
||||||
shmdt(tmp_msg1);
|
|
||||||
shmdt(tmp_session_id);
|
|
||||||
|
|
||||||
// let enclave1 to receive msg1
|
|
||||||
printf("[OCALL IPC] Waiting for Enclave1 to process SessionID and message1...\n");
|
|
||||||
sleep(5);
|
|
||||||
|
|
||||||
if (ret == SGX_SUCCESS)
|
|
||||||
return (ATTESTATION_STATUS)status;
|
|
||||||
else
|
|
||||||
return INVALID_SESSION;
|
|
||||||
|
|
||||||
}
|
|
||||||
//Makes an sgx_ecall to the destination enclave sends message2 from the source enclave and gets message 3 from the destination enclave
|
|
||||||
ATTESTATION_STATUS exchange_report_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t session_id)
|
|
||||||
{
|
|
||||||
uint32_t status = 0;
|
|
||||||
sgx_status_t ret = SGX_SUCCESS;
|
|
||||||
|
|
||||||
if (dh_msg3 == NULL)
|
|
||||||
{
|
|
||||||
// get msg2 from Enclave1
|
|
||||||
printf("[OCALL IPC] Message2 should be ready\n");
|
|
||||||
printf("[OCALL IPC] Retrieving message2 from shared memory\n");
|
|
||||||
key_t key_msg2 = ftok("../..", 4);
|
|
||||||
int shmid_msg2 = shmget(key_msg2, sizeof(sgx_dh_msg2_t), 0666|IPC_CREAT);
|
|
||||||
sgx_dh_msg2_t* tmp_msg2 = (sgx_dh_msg2_t *)shmat(shmid_msg2, (void*)0, 0);
|
|
||||||
memcpy(dh_msg2, tmp_msg2, sizeof(sgx_dh_msg2_t));
|
|
||||||
shmdt(tmp_msg2);
|
|
||||||
}
|
|
||||||
|
|
||||||
// ret = Enclave1_exchange_report(src_enclave_id, &status, 0, dh_msg2, dh_msg3, session_id);
|
|
||||||
|
|
||||||
else
|
|
||||||
{
|
|
||||||
// pass msg3 to shm for Enclave
|
|
||||||
printf("[OCALL IPC] Passing message3 to shared memory for Enclave1\n");
|
|
||||||
key_t key_msg3 = ftok("../..", 5);
|
|
||||||
int shmid_msg3 = shmget(key_msg3, sizeof(sgx_dh_msg3_t), 0666|IPC_CREAT);
|
|
||||||
sgx_dh_msg3_t* tmp_msg3 = (sgx_dh_msg3_t *)shmat(shmid_msg3, (void*)0, 0);
|
|
||||||
memcpy(tmp_msg3, dh_msg3, sizeof(sgx_dh_msg3_t));
|
|
||||||
shmdt(tmp_msg3);
|
|
||||||
|
|
||||||
// wait for Enclave1 to process msg3
|
|
||||||
printf("[OCALL IPC] Waiting for Enclave1 to process message3...\n");
|
|
||||||
sleep(5);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (ret == SGX_SUCCESS)
|
|
||||||
return (ATTESTATION_STATUS)status;
|
|
||||||
else
|
|
||||||
return INVALID_SESSION;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
//Make an sgx_ecall to the destination enclave function that generates the actual response
|
|
||||||
ATTESTATION_STATUS send_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id,secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size)
|
|
||||||
{
|
|
||||||
uint32_t status = 0;
|
|
||||||
sgx_status_t ret = SGX_SUCCESS;
|
|
||||||
uint32_t temp_enclave_no;
|
|
||||||
|
|
||||||
std::map<sgx_enclave_id_t, uint32_t>::iterator it = g_enclave_id_map.find(dest_enclave_id);
|
|
||||||
if(it != g_enclave_id_map.end())
|
|
||||||
{
|
|
||||||
temp_enclave_no = it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
switch(temp_enclave_no)
|
|
||||||
{
|
|
||||||
case 1:
|
|
||||||
ret = Enclave1_generate_response(dest_enclave_id, &status, src_enclave_id, req_message, req_message_size, max_payload_size, resp_message, resp_message_size);
|
|
||||||
break;
|
|
||||||
case 2:
|
|
||||||
ret = Enclave2_generate_response(dest_enclave_id, &status, src_enclave_id, req_message, req_message_size, max_payload_size, resp_message, resp_message_size);
|
|
||||||
break;
|
|
||||||
case 3:
|
|
||||||
ret = Enclave3_generate_response(dest_enclave_id, &status, src_enclave_id, req_message, req_message_size, max_payload_size, resp_message, resp_message_size);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
if (ret == SGX_SUCCESS)
|
|
||||||
return (ATTESTATION_STATUS)status;
|
|
||||||
else
|
|
||||||
return INVALID_SESSION;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
//Make an sgx_ecall to the destination enclave to close the session
|
|
||||||
ATTESTATION_STATUS end_session_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
uint32_t status = 0;
|
|
||||||
sgx_status_t ret = SGX_SUCCESS;
|
|
||||||
uint32_t temp_enclave_no;
|
|
||||||
|
|
||||||
std::map<sgx_enclave_id_t, uint32_t>::iterator it = g_enclave_id_map.find(dest_enclave_id);
|
|
||||||
if(it != g_enclave_id_map.end())
|
|
||||||
{
|
|
||||||
temp_enclave_no = it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
switch(temp_enclave_no)
|
|
||||||
{
|
|
||||||
case 1:
|
|
||||||
ret = Enclave1_end_session(dest_enclave_id, &status, src_enclave_id);
|
|
||||||
break;
|
|
||||||
case 2:
|
|
||||||
ret = Enclave2_end_session(dest_enclave_id, &status, src_enclave_id);
|
|
||||||
break;
|
|
||||||
case 3:
|
|
||||||
ret = Enclave3_end_session(dest_enclave_id, &status, src_enclave_id);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
if (ret == SGX_SUCCESS)
|
|
||||||
return (ATTESTATION_STATUS)status;
|
|
||||||
else
|
|
||||||
return INVALID_SESSION;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
void ocall_print_string(const char *str)
|
|
||||||
{
|
|
||||||
printf("%s", str);
|
|
||||||
}
|
|
|
@ -1,74 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "error_codes.h"
|
|
||||||
#include "datatypes.h"
|
|
||||||
#include "sgx_urts.h"
|
|
||||||
#include "dh_session_protocol.h"
|
|
||||||
#include "sgx_dh.h"
|
|
||||||
#include <cstddef>
|
|
||||||
|
|
||||||
|
|
||||||
#ifndef ULOCALATTESTATION_H_
|
|
||||||
#define ULOCALATTESTATION_H_
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
extern "C" {
|
|
||||||
#endif
|
|
||||||
|
|
||||||
sgx_status_t Enclave1_session_request(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id);
|
|
||||||
sgx_status_t Enclave1_exchange_report(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id);
|
|
||||||
sgx_status_t Enclave1_generate_response(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size);
|
|
||||||
sgx_status_t Enclave1_end_session(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id);
|
|
||||||
|
|
||||||
sgx_status_t Enclave2_session_request(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id);
|
|
||||||
sgx_status_t Enclave2_exchange_report(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id);
|
|
||||||
sgx_status_t Enclave2_generate_response(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size);
|
|
||||||
sgx_status_t Enclave2_end_session(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id);
|
|
||||||
|
|
||||||
sgx_status_t Enclave3_session_request(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id);
|
|
||||||
sgx_status_t Enclave3_exchange_report(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id);
|
|
||||||
sgx_status_t Enclave3_generate_response(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size);
|
|
||||||
sgx_status_t Enclave3_end_session(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id);
|
|
||||||
|
|
||||||
uint32_t session_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id);
|
|
||||||
uint32_t exchange_report_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id);
|
|
||||||
uint32_t send_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size);
|
|
||||||
uint32_t end_session_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
void ocall_print_string(const char *str);
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#endif
|
|
|
@ -1,211 +0,0 @@
|
||||||
######## SGX SDK Settings ########
|
|
||||||
SGX_SDK ?= /opt/intel/sgxsdk
|
|
||||||
SGX_MODE ?= SIM
|
|
||||||
SGX_ARCH ?= x64
|
|
||||||
|
|
||||||
ifeq ($(shell getconf LONG_BIT), 32)
|
|
||||||
SGX_ARCH := x86
|
|
||||||
else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32)
|
|
||||||
SGX_ARCH := x86
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifeq ($(SGX_ARCH), x86)
|
|
||||||
SGX_COMMON_CFLAGS := -m32
|
|
||||||
SGX_LIBRARY_PATH := $(SGX_SDK)/lib
|
|
||||||
SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign
|
|
||||||
SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r
|
|
||||||
else
|
|
||||||
SGX_COMMON_CFLAGS := -m64
|
|
||||||
SGX_LIBRARY_PATH := $(SGX_SDK)/lib64
|
|
||||||
SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign
|
|
||||||
SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifeq ($(SGX_DEBUG), 1)
|
|
||||||
ifeq ($(SGX_PRERELEASE), 1)
|
|
||||||
$(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!)
|
|
||||||
endif
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifeq ($(SGX_DEBUG), 1)
|
|
||||||
SGX_COMMON_CFLAGS += -O0 -g
|
|
||||||
else
|
|
||||||
SGX_COMMON_CFLAGS += -O2
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifeq ($(SUPPLIED_KEY_DERIVATION), 1)
|
|
||||||
SGX_COMMON_CFLAGS += -DSUPPLIED_KEY_DERIVATION
|
|
||||||
endif
|
|
||||||
|
|
||||||
######## App Settings ########
|
|
||||||
|
|
||||||
ifneq ($(SGX_MODE), HW)
|
|
||||||
Urts_Library_Name := sgx_urts_sim
|
|
||||||
else
|
|
||||||
Urts_Library_Name := sgx_urts
|
|
||||||
endif
|
|
||||||
|
|
||||||
|
|
||||||
App_Cpp_Files := isv_app/isv_app.cpp ../Util/LogBase.cpp ../Networking/NetworkManager.cpp ../Networking/Session.cpp ../Networking/Server.cpp \
|
|
||||||
../Networking/Client.cpp ../Networking/NetworkManagerServer.cpp ../GoogleMessages/Messages.pb.cpp ../Networking/AbstractNetworkOps.cpp \
|
|
||||||
../Util/UtilityFunctions.cpp ../Enclave/Enclave.cpp ../MessageHandler/MessageHandler.cpp ../Util/Base64.cpp
|
|
||||||
|
|
||||||
App_Include_Paths := -I../Util -Iservice_provider -I$(SGX_SDK)/include -Iheaders -I../Networking -Iisv_app -I../GoogleMessages -I/usr/local/include -I../Enclave \
|
|
||||||
-I../MessageHandler
|
|
||||||
|
|
||||||
App_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths)
|
|
||||||
|
|
||||||
# Three configuration modes - Debug, prerelease, release
|
|
||||||
# Debug - Macro DEBUG enabled.
|
|
||||||
# Prerelease - Macro NDEBUG and EDEBUG enabled.
|
|
||||||
# Release - Macro NDEBUG enabled.
|
|
||||||
ifeq ($(SGX_DEBUG), 1)
|
|
||||||
App_C_Flags += -DDEBUG -UNDEBUG -UEDEBUG
|
|
||||||
else ifeq ($(SGX_PRERELEASE), 1)
|
|
||||||
App_C_Flags += -DNDEBUG -DEDEBUG -UDEBUG
|
|
||||||
else
|
|
||||||
App_C_Flags += -DNDEBUG -UEDEBUG -UDEBUG
|
|
||||||
endif
|
|
||||||
|
|
||||||
App_Cpp_Flags := $(App_C_Flags) -std=c++11 -DEnableServer
|
|
||||||
App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -L. -lsgx_ukey_exchange -lpthread -Wl,-rpath=$(CURDIR)/../sample_libcrypto -Wl,-rpath=$(CURDIR) -llog4cpp -lboost_system -lssl -lcrypto -lboost_thread -lprotobuf -L /usr/local/lib -ljsoncpp
|
|
||||||
|
|
||||||
ifneq ($(SGX_MODE), HW)
|
|
||||||
App_Link_Flags += -lsgx_uae_service_sim
|
|
||||||
else
|
|
||||||
App_Link_Flags += -lsgx_uae_service
|
|
||||||
endif
|
|
||||||
|
|
||||||
App_Cpp_Objects := $(App_Cpp_Files:.cpp=.o)
|
|
||||||
|
|
||||||
App_Name := app
|
|
||||||
|
|
||||||
|
|
||||||
######## Enclave Settings ########
|
|
||||||
ifneq ($(SGX_MODE), HW)
|
|
||||||
Trts_Library_Name := sgx_trts_sim
|
|
||||||
Service_Library_Name := sgx_tservice_sim
|
|
||||||
else
|
|
||||||
Trts_Library_Name := sgx_trts
|
|
||||||
Service_Library_Name := sgx_tservice
|
|
||||||
endif
|
|
||||||
Crypto_Library_Name := sgx_tcrypto
|
|
||||||
|
|
||||||
Enclave_Cpp_Files := isv_enclave/isv_enclave.cpp
|
|
||||||
Enclave_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/stlport -I$(SGX_SDK)/include/crypto_px/include -I../Enclave/
|
|
||||||
|
|
||||||
Enclave_C_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector $(Enclave_Include_Paths)
|
|
||||||
Enclave_Cpp_Flags := $(Enclave_C_Flags) -std=c++11 -nostdinc++
|
|
||||||
|
|
||||||
# To generate a proper enclave, it is recommended to follow below guideline to link the trusted libraries:
|
|
||||||
# 1. Link sgx_trts with the `--whole-archive' and `--no-whole-archive' options,
|
|
||||||
# so that the whole content of trts is included in the enclave.
|
|
||||||
# 2. For other libraries, you just need to pull the required symbols.
|
|
||||||
# Use `--start-group' and `--end-group' to link these libraries.
|
|
||||||
# Do NOT move the libraries linked with `--start-group' and `--end-group' within `--whole-archive' and `--no-whole-archive' options.
|
|
||||||
# Otherwise, you may get some undesirable errors.
|
|
||||||
Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \
|
|
||||||
-Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
|
|
||||||
-Wl,--start-group -lsgx_tstdc -lsgx_tstdcxx -lsgx_tkey_exchange -l$(Crypto_Library_Name) -l$(Service_Library_Name) -Wl,--end-group \
|
|
||||||
-Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
|
|
||||||
-Wl,-pie,-eenclave_entry -Wl,--export-dynamic \
|
|
||||||
-Wl,--defsym,__ImageBase=0 \
|
|
||||||
-Wl,--version-script=isv_enclave/isv_enclave.lds
|
|
||||||
|
|
||||||
Enclave_Cpp_Objects := $(Enclave_Cpp_Files:.cpp=.o)
|
|
||||||
|
|
||||||
Enclave_Name := isv_enclave.so
|
|
||||||
Signed_Enclave_Name := isv_enclave.signed.so
|
|
||||||
Enclave_Config_File := isv_enclave/isv_enclave.config.xml
|
|
||||||
|
|
||||||
ifeq ($(SGX_MODE), HW)
|
|
||||||
ifneq ($(SGX_DEBUG), 1)
|
|
||||||
ifneq ($(SGX_PRERELEASE), 1)
|
|
||||||
Build_Mode = HW_RELEASE
|
|
||||||
endif
|
|
||||||
endif
|
|
||||||
endif
|
|
||||||
|
|
||||||
|
|
||||||
.PHONY: all run
|
|
||||||
|
|
||||||
ifeq ($(Build_Mode), HW_RELEASE)
|
|
||||||
all: $(App_Name) $(Enclave_Name)
|
|
||||||
@echo "The project has been built in release hardware mode."
|
|
||||||
@echo "Please sign the $(Enclave_Name) first with your signing key before you run the $(App_Name) to launch and access the enclave."
|
|
||||||
@echo "To sign the enclave use the command:"
|
|
||||||
@echo " $(SGX_ENCLAVE_SIGNER) sign -key <your key> -enclave $(Enclave_Name) -out <$(Signed_Enclave_Name)> -config $(Enclave_Config_File)"
|
|
||||||
@echo "You can also sign the enclave using an external signing tool."
|
|
||||||
@echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW."
|
|
||||||
else
|
|
||||||
all: $(App_Name) $(Signed_Enclave_Name)
|
|
||||||
endif
|
|
||||||
|
|
||||||
run: all
|
|
||||||
ifneq ($(Build_Mode), HW_RELEASE)
|
|
||||||
@$(CURDIR)/$(App_Name)
|
|
||||||
@echo "RUN => $(App_Name) [$(SGX_MODE)|$(SGX_ARCH), OK]"
|
|
||||||
endif
|
|
||||||
|
|
||||||
|
|
||||||
######## App Objects ########
|
|
||||||
|
|
||||||
isv_app/isv_enclave_u.c: $(SGX_EDGER8R) isv_enclave/isv_enclave.edl
|
|
||||||
@cd isv_app && $(SGX_EDGER8R) --untrusted ../isv_enclave/isv_enclave.edl --search-path ../isv_enclave --search-path $(SGX_SDK)/include
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
isv_app/isv_enclave_u.o: isv_app/isv_enclave_u.c
|
|
||||||
@$(CC) $(App_C_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
isv_app/%.o: isv_app/%.cpp
|
|
||||||
@$(CXX) $(App_Cpp_Flags) -c $< -o $@
|
|
||||||
@echo "CXX <= $<"
|
|
||||||
|
|
||||||
../MessageHandler/%.o: ../MessageHandler/%.cpp
|
|
||||||
@$(CXX) $(App_Cpp_Flags) -c $< -o $@
|
|
||||||
@echo "CXX <= $<"
|
|
||||||
|
|
||||||
../Util/%.o: ../Util/%.cpp
|
|
||||||
@$(CXX) $(App_Cpp_Flags) -c $< -o $@
|
|
||||||
@echo "CXX <= $<"
|
|
||||||
|
|
||||||
../Networking/%.o: ../Networking/%.cpp
|
|
||||||
@$(CXX) $(App_Cpp_Flags) -c $< -o $@
|
|
||||||
@echo "CXX <= $<"
|
|
||||||
|
|
||||||
../Enclave/%.o: ../Enclave/%.cpp
|
|
||||||
@$(CXX) $(App_Cpp_Flags) -c $< -o $@
|
|
||||||
@echo "CXX <= $<"
|
|
||||||
|
|
||||||
$(App_Name): isv_app/isv_enclave_u.o $(App_Cpp_Objects)
|
|
||||||
@$(CXX) $^ -o $@ $(App_Link_Flags)
|
|
||||||
@echo "LINK => $@"
|
|
||||||
|
|
||||||
|
|
||||||
######## Enclave Objects ########
|
|
||||||
|
|
||||||
isv_enclave/isv_enclave_t.c: $(SGX_EDGER8R) isv_enclave/isv_enclave.edl
|
|
||||||
@cd isv_enclave && $(SGX_EDGER8R) --trusted ../isv_enclave/isv_enclave.edl --search-path ../isv_enclave --search-path $(SGX_SDK)/include
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
isv_enclave/isv_enclave_t.o: isv_enclave/isv_enclave_t.c
|
|
||||||
@$(CC) $(Enclave_C_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
isv_enclave/%.o: isv_enclave/%.cpp
|
|
||||||
@$(CXX) $(Enclave_Cpp_Flags) -c $< -o $@
|
|
||||||
@echo "CXX <= $<"
|
|
||||||
|
|
||||||
$(Enclave_Name): isv_enclave/isv_enclave_t.o $(Enclave_Cpp_Objects)
|
|
||||||
@$(CXX) $^ -o $@ $(Enclave_Link_Flags)
|
|
||||||
@echo "LINK => $@"
|
|
||||||
|
|
||||||
$(Signed_Enclave_Name): $(Enclave_Name)
|
|
||||||
@$(SGX_ENCLAVE_SIGNER) sign -key isv_enclave/isv_enclave_private.pem -enclave $(Enclave_Name) -out $@ -config $(Enclave_Config_File)
|
|
||||||
@echo "SIGN => $@"
|
|
||||||
|
|
||||||
.PHONY: clean
|
|
||||||
|
|
||||||
clean:
|
|
||||||
@rm -f $(App_Name) $(Enclave_Name) $(Signed_Enclave_Name) $(App_Cpp_Objects) isv_app/isv_enclave_u.* $(Enclave_Cpp_Objects) isv_enclave/isv_enclave_t.* libservice_provider.* $(ServiceProvider_Cpp_Objects)
|
|
|
@ -1,40 +0,0 @@
|
||||||
#include <iostream>
|
|
||||||
#include <unistd.h>
|
|
||||||
|
|
||||||
#include "LogBase.h"
|
|
||||||
|
|
||||||
using namespace util;
|
|
||||||
|
|
||||||
#include "MessageHandler.h"
|
|
||||||
|
|
||||||
int Main(int argc, char* argv[]) {
|
|
||||||
LogBase::Inst();
|
|
||||||
|
|
||||||
int ret = 0;
|
|
||||||
|
|
||||||
MessageHandler msg;
|
|
||||||
msg.init();
|
|
||||||
msg.start();
|
|
||||||
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
int main( int argc, char **argv ) {
|
|
||||||
try {
|
|
||||||
return Main(argc, argv);
|
|
||||||
} catch (std::exception& e) {
|
|
||||||
Log("exception: %s", e.what());
|
|
||||||
} catch (...) {
|
|
||||||
Log("unexpected exception") ;
|
|
||||||
}
|
|
||||||
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,11 +0,0 @@
|
||||||
<EnclaveConfiguration>
|
|
||||||
<ProdID>0</ProdID>
|
|
||||||
<ISVSVN>0</ISVSVN>
|
|
||||||
<StackMaxSize>0x40000</StackMaxSize>
|
|
||||||
<HeapMaxSize>0x100000</HeapMaxSize>
|
|
||||||
<TCSNum>1</TCSNum>
|
|
||||||
<TCSPolicy>1</TCSPolicy>
|
|
||||||
<DisableDebug>0</DisableDebug>
|
|
||||||
<MiscSelect>0</MiscSelect>
|
|
||||||
<MiscMask>0xFFFFFFFF</MiscMask>
|
|
||||||
</EnclaveConfiguration>
|
|
|
@ -1,311 +0,0 @@
|
||||||
#include <stdarg.h>
|
|
||||||
#include <stdio.h>
|
|
||||||
|
|
||||||
#include <assert.h>
|
|
||||||
#include "isv_enclave_t.h"
|
|
||||||
#include "sgx_tkey_exchange.h"
|
|
||||||
#include "sgx_tcrypto.h"
|
|
||||||
#include "string.h"
|
|
||||||
|
|
||||||
// This is the public EC key of the SP. The corresponding private EC key is
|
|
||||||
// used by the SP to sign data used in the remote attestation SIGMA protocol
|
|
||||||
// to sign channel binding data in MSG2. A successful verification of the
|
|
||||||
// signature confirms the identity of the SP to the ISV app in remote
|
|
||||||
// attestation secure channel binding. The public EC key should be hardcoded in
|
|
||||||
// the enclave or delivered in a trustworthy manner. The use of a spoofed public
|
|
||||||
// EC key in the remote attestation with secure channel binding session may lead
|
|
||||||
// to a security compromise. Every different SP the enlcave communicates to
|
|
||||||
// must have a unique SP public key. Delivery of the SP public key is
|
|
||||||
// determined by the ISV. The TKE SIGMA protocl expects an Elliptical Curve key
|
|
||||||
// based on NIST P-256
|
|
||||||
static const sgx_ec256_public_t g_sp_pub_key = {
|
|
||||||
{
|
|
||||||
0x72, 0x12, 0x8a, 0x7a, 0x17, 0x52, 0x6e, 0xbf,
|
|
||||||
0x85, 0xd0, 0x3a, 0x62, 0x37, 0x30, 0xae, 0xad,
|
|
||||||
0x3e, 0x3d, 0xaa, 0xee, 0x9c, 0x60, 0x73, 0x1d,
|
|
||||||
0xb0, 0x5b, 0xe8, 0x62, 0x1c, 0x4b, 0xeb, 0x38
|
|
||||||
},
|
|
||||||
{
|
|
||||||
0xd4, 0x81, 0x40, 0xd9, 0x50, 0xe2, 0x57, 0x7b,
|
|
||||||
0x26, 0xee, 0xb7, 0x41, 0xe7, 0xc6, 0x14, 0xe2,
|
|
||||||
0x24, 0xb7, 0xbd, 0xc9, 0x03, 0xf2, 0x9a, 0x28,
|
|
||||||
0xa8, 0x3c, 0xc8, 0x10, 0x11, 0x14, 0x5e, 0x06
|
|
||||||
}
|
|
||||||
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
#ifdef SUPPLIED_KEY_DERIVATION
|
|
||||||
|
|
||||||
#pragma message ("Supplied key derivation function is used.")
|
|
||||||
|
|
||||||
typedef struct _hash_buffer_t {
|
|
||||||
uint8_t counter[4];
|
|
||||||
sgx_ec256_dh_shared_t shared_secret;
|
|
||||||
uint8_t algorithm_id[4];
|
|
||||||
} hash_buffer_t;
|
|
||||||
|
|
||||||
const char ID_U[] = "SGXRAENCLAVE";
|
|
||||||
const char ID_V[] = "SGXRASERVER";
|
|
||||||
|
|
||||||
// Derive two keys from shared key and key id.
|
|
||||||
bool derive_key(
|
|
||||||
const sgx_ec256_dh_shared_t *p_shared_key,
|
|
||||||
uint8_t key_id,
|
|
||||||
sgx_ec_key_128bit_t *first_derived_key,
|
|
||||||
sgx_ec_key_128bit_t *second_derived_key) {
|
|
||||||
sgx_status_t sgx_ret = SGX_SUCCESS;
|
|
||||||
hash_buffer_t hash_buffer;
|
|
||||||
sgx_sha_state_handle_t sha_context;
|
|
||||||
sgx_sha256_hash_t key_material;
|
|
||||||
|
|
||||||
memset(&hash_buffer, 0, sizeof(hash_buffer_t));
|
|
||||||
/* counter in big endian */
|
|
||||||
hash_buffer.counter[3] = key_id;
|
|
||||||
|
|
||||||
/*convert from little endian to big endian */
|
|
||||||
for (size_t i = 0; i < sizeof(sgx_ec256_dh_shared_t); i++) {
|
|
||||||
hash_buffer.shared_secret.s[i] = p_shared_key->s[sizeof(p_shared_key->s)-1 - i];
|
|
||||||
}
|
|
||||||
|
|
||||||
sgx_ret = sgx_sha256_init(&sha_context);
|
|
||||||
if (sgx_ret != SGX_SUCCESS) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
sgx_ret = sgx_sha256_update((uint8_t*)&hash_buffer, sizeof(hash_buffer_t), sha_context);
|
|
||||||
if (sgx_ret != SGX_SUCCESS) {
|
|
||||||
sgx_sha256_close(sha_context);
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
sgx_ret = sgx_sha256_update((uint8_t*)&ID_U, sizeof(ID_U), sha_context);
|
|
||||||
if (sgx_ret != SGX_SUCCESS) {
|
|
||||||
sgx_sha256_close(sha_context);
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
sgx_ret = sgx_sha256_update((uint8_t*)&ID_V, sizeof(ID_V), sha_context);
|
|
||||||
if (sgx_ret != SGX_SUCCESS) {
|
|
||||||
sgx_sha256_close(sha_context);
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
sgx_ret = sgx_sha256_get_hash(sha_context, &key_material);
|
|
||||||
if (sgx_ret != SGX_SUCCESS) {
|
|
||||||
sgx_sha256_close(sha_context);
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
sgx_ret = sgx_sha256_close(sha_context);
|
|
||||||
|
|
||||||
assert(sizeof(sgx_ec_key_128bit_t)* 2 == sizeof(sgx_sha256_hash_t));
|
|
||||||
memcpy(first_derived_key, &key_material, sizeof(sgx_ec_key_128bit_t));
|
|
||||||
memcpy(second_derived_key, (uint8_t*)&key_material + sizeof(sgx_ec_key_128bit_t), sizeof(sgx_ec_key_128bit_t));
|
|
||||||
|
|
||||||
// memset here can be optimized away by compiler, so please use memset_s on
|
|
||||||
// windows for production code and similar functions on other OSes.
|
|
||||||
memset(&key_material, 0, sizeof(sgx_sha256_hash_t));
|
|
||||||
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
//isv defined key derivation function id
|
|
||||||
#define ISV_KDF_ID 2
|
|
||||||
|
|
||||||
typedef enum _derive_key_type_t {
|
|
||||||
DERIVE_KEY_SMK_SK = 0,
|
|
||||||
DERIVE_KEY_MK_VK,
|
|
||||||
} derive_key_type_t;
|
|
||||||
|
|
||||||
sgx_status_t key_derivation(const sgx_ec256_dh_shared_t* shared_key,
|
|
||||||
uint16_t kdf_id,
|
|
||||||
sgx_ec_key_128bit_t* smk_key,
|
|
||||||
sgx_ec_key_128bit_t* sk_key,
|
|
||||||
sgx_ec_key_128bit_t* mk_key,
|
|
||||||
sgx_ec_key_128bit_t* vk_key) {
|
|
||||||
bool derive_ret = false;
|
|
||||||
|
|
||||||
if (NULL == shared_key) {
|
|
||||||
return SGX_ERROR_INVALID_PARAMETER;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (ISV_KDF_ID != kdf_id) {
|
|
||||||
//fprintf(stderr, "\nError, key derivation id mismatch in [%s].", __FUNCTION__);
|
|
||||||
return SGX_ERROR_KDF_MISMATCH;
|
|
||||||
}
|
|
||||||
|
|
||||||
derive_ret = derive_key(shared_key, DERIVE_KEY_SMK_SK,
|
|
||||||
smk_key, sk_key);
|
|
||||||
if (derive_ret != true) {
|
|
||||||
//fprintf(stderr, "\nError, derive key fail in [%s].", __FUNCTION__);
|
|
||||||
return SGX_ERROR_UNEXPECTED;
|
|
||||||
}
|
|
||||||
|
|
||||||
derive_ret = derive_key(shared_key, DERIVE_KEY_MK_VK,
|
|
||||||
mk_key, vk_key);
|
|
||||||
if (derive_ret != true) {
|
|
||||||
//fprintf(stderr, "\nError, derive key fail in [%s].", __FUNCTION__);
|
|
||||||
return SGX_ERROR_UNEXPECTED;
|
|
||||||
}
|
|
||||||
return SGX_SUCCESS;
|
|
||||||
}
|
|
||||||
#else
|
|
||||||
#pragma message ("Default key derivation function is used.")
|
|
||||||
#endif
|
|
||||||
|
|
||||||
// This ecall is a wrapper of sgx_ra_init to create the trusted
|
|
||||||
// KE exchange key context needed for the remote attestation
|
|
||||||
// SIGMA API's. Input pointers aren't checked since the trusted stubs
|
|
||||||
// copy them into EPC memory.
|
|
||||||
//
|
|
||||||
// @param b_pse Indicates whether the ISV app is using the
|
|
||||||
// platform services.
|
|
||||||
// @param p_context Pointer to the location where the returned
|
|
||||||
// key context is to be copied.
|
|
||||||
//
|
|
||||||
// @return Any error return from the create PSE session if b_pse
|
|
||||||
// is true.
|
|
||||||
// @return Any error returned from the trusted key exchange API
|
|
||||||
// for creating a key context.
|
|
||||||
|
|
||||||
sgx_status_t enclave_init_ra(
|
|
||||||
int b_pse,
|
|
||||||
sgx_ra_context_t *p_context) {
|
|
||||||
// isv enclave call to trusted key exchange library.
|
|
||||||
sgx_status_t ret;
|
|
||||||
if(b_pse) {
|
|
||||||
int busy_retry_times = 2;
|
|
||||||
do {
|
|
||||||
ret = sgx_create_pse_session();
|
|
||||||
} while (ret == SGX_ERROR_BUSY && busy_retry_times--);
|
|
||||||
if (ret != SGX_SUCCESS)
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
#ifdef SUPPLIED_KEY_DERIVATION
|
|
||||||
ret = sgx_ra_init_ex(&g_sp_pub_key, b_pse, key_derivation, p_context);
|
|
||||||
#else
|
|
||||||
ret = sgx_ra_init(&g_sp_pub_key, b_pse, p_context);
|
|
||||||
#endif
|
|
||||||
if(b_pse) {
|
|
||||||
sgx_close_pse_session();
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// Closes the tKE key context used during the SIGMA key
|
|
||||||
// exchange.
|
|
||||||
//
|
|
||||||
// @param context The trusted KE library key context.
|
|
||||||
//
|
|
||||||
// @return Return value from the key context close API
|
|
||||||
|
|
||||||
sgx_status_t SGXAPI enclave_ra_close(
|
|
||||||
sgx_ra_context_t context) {
|
|
||||||
sgx_status_t ret;
|
|
||||||
ret = sgx_ra_close(context);
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// Verify the mac sent in att_result_msg from the SP using the
|
|
||||||
// MK key. Input pointers aren't checked since the trusted stubs
|
|
||||||
// copy them into EPC memory.
|
|
||||||
//
|
|
||||||
//
|
|
||||||
// @param context The trusted KE library key context.
|
|
||||||
// @param p_message Pointer to the message used to produce MAC
|
|
||||||
// @param message_size Size in bytes of the message.
|
|
||||||
// @param p_mac Pointer to the MAC to compare to.
|
|
||||||
// @param mac_size Size in bytes of the MAC
|
|
||||||
//
|
|
||||||
// @return SGX_ERROR_INVALID_PARAMETER - MAC size is incorrect.
|
|
||||||
// @return Any error produced by tKE API to get SK key.
|
|
||||||
// @return Any error produced by the AESCMAC function.
|
|
||||||
// @return SGX_ERROR_MAC_MISMATCH - MAC compare fails.
|
|
||||||
|
|
||||||
sgx_status_t verify_att_result_mac(sgx_ra_context_t context,
|
|
||||||
uint8_t* p_message,
|
|
||||||
size_t message_size,
|
|
||||||
uint8_t* p_mac,
|
|
||||||
size_t mac_size) {
|
|
||||||
sgx_status_t ret;
|
|
||||||
sgx_ec_key_128bit_t mk_key;
|
|
||||||
|
|
||||||
if(mac_size != sizeof(sgx_mac_t)) {
|
|
||||||
ret = SGX_ERROR_INVALID_PARAMETER;
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
if(message_size > UINT32_MAX) {
|
|
||||||
ret = SGX_ERROR_INVALID_PARAMETER;
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
do {
|
|
||||||
uint8_t mac[SGX_CMAC_MAC_SIZE] = {0};
|
|
||||||
|
|
||||||
ret = sgx_ra_get_keys(context, SGX_RA_KEY_MK, &mk_key);
|
|
||||||
if(SGX_SUCCESS != ret) {
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
ret = sgx_rijndael128_cmac_msg(&mk_key,
|
|
||||||
p_message,
|
|
||||||
(uint32_t)message_size,
|
|
||||||
&mac);
|
|
||||||
if(SGX_SUCCESS != ret) {
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
if(0 == consttime_memequal(p_mac, mac, sizeof(mac))) {
|
|
||||||
ret = SGX_ERROR_MAC_MISMATCH;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
} while(0);
|
|
||||||
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
sgx_status_t verify_secret_data (
|
|
||||||
sgx_ra_context_t context,
|
|
||||||
uint8_t *p_secret,
|
|
||||||
uint32_t secret_size,
|
|
||||||
uint8_t *p_gcm_mac,
|
|
||||||
uint32_t max_verification_length,
|
|
||||||
uint8_t *p_ret) {
|
|
||||||
sgx_status_t ret = SGX_SUCCESS;
|
|
||||||
sgx_ec_key_128bit_t sk_key;
|
|
||||||
|
|
||||||
do {
|
|
||||||
ret = sgx_ra_get_keys(context, SGX_RA_KEY_SK, &sk_key);
|
|
||||||
if (SGX_SUCCESS != ret) {
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint8_t *decrypted = (uint8_t*) malloc(sizeof(uint8_t) * secret_size);
|
|
||||||
uint8_t aes_gcm_iv[12] = {0};
|
|
||||||
|
|
||||||
ret = sgx_rijndael128GCM_decrypt(&sk_key,
|
|
||||||
p_secret,
|
|
||||||
secret_size,
|
|
||||||
decrypted,
|
|
||||||
&aes_gcm_iv[0],
|
|
||||||
12,
|
|
||||||
NULL,
|
|
||||||
0,
|
|
||||||
(const sgx_aes_gcm_128bit_tag_t *) (p_gcm_mac));
|
|
||||||
|
|
||||||
if (SGX_SUCCESS == ret) {
|
|
||||||
if (decrypted[0] == 0) {
|
|
||||||
if (decrypted[1] != 1) {
|
|
||||||
ret = SGX_ERROR_INVALID_SIGNATURE;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
ret = SGX_ERROR_UNEXPECTED;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
} while(0);
|
|
||||||
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,38 +0,0 @@
|
||||||
enclave {
|
|
||||||
from "sgx_tkey_exchange.edl" import *;
|
|
||||||
|
|
||||||
include "sgx_key_exchange.h"
|
|
||||||
include "sgx_trts.h"
|
|
||||||
|
|
||||||
trusted {
|
|
||||||
public sgx_status_t enclave_init_ra(int b_pse, [out] sgx_ra_context_t *p_context);
|
|
||||||
|
|
||||||
public sgx_status_t enclave_ra_close(sgx_ra_context_t context);
|
|
||||||
|
|
||||||
public sgx_status_t verify_att_result_mac(sgx_ra_context_t context,
|
|
||||||
[in,size=message_size] uint8_t* message,
|
|
||||||
size_t message_size,
|
|
||||||
[in,size=mac_size] uint8_t* mac,
|
|
||||||
size_t mac_size);
|
|
||||||
|
|
||||||
public sgx_status_t verify_secret_data(sgx_ra_context_t context,
|
|
||||||
[in,size=secret_size] uint8_t* p_secret,
|
|
||||||
uint32_t secret_size,
|
|
||||||
[in,count=16] uint8_t* gcm_mac,
|
|
||||||
uint32_t max_verification_length,
|
|
||||||
[out, count=16] uint8_t *p_ret);
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,8 +0,0 @@
|
||||||
enclave.so {
|
|
||||||
global:
|
|
||||||
g_global_data_sim;
|
|
||||||
g_global_data;
|
|
||||||
enclave_entry;
|
|
||||||
local:
|
|
||||||
*;
|
|
||||||
};
|
|
|
@ -1,39 +0,0 @@
|
||||||
-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIIG4wIBAAKCAYEA0MvI9NpdP4GEqCvtlJQv00OybzTXzxBhPu/257VYt9cYw/ph
|
|
||||||
BN1WRyxBBcrZs15xmcvlb3xNmFGWs4w5oUgrFBNgi6g+CUOCsj0cM8xw7P/y3K0H
|
|
||||||
XaZUf+T3CXCp8NvlkZHzfdWAFA5lGGR9g6kmuk7SojE3h87Zm1KjPU/PvAe+BaMU
|
|
||||||
trlRr4gPNVnu19Vho60xwuswPxfl/pBFUIk7qWEUR3l2hiqWMeLgf3Ays/WSnkXA
|
|
||||||
uijwPt5g0hxsgIlyDrI3jKbf0zkFB56jvPwSykfU8aw4Gkbo5qSZxUAKnwH2L8Uf
|
|
||||||
yM6inBaaYtM79icRwsu45Yt6X0GAt7CSb/1TKBrnm5exmK1sug3YSQ/YuK1FYawU
|
|
||||||
vIaDD0YfzOndTNVBewA+Hr5xNPvqGJoRKHuGbyu2lI9jrKYpVxQWsmx38wnxF6kE
|
|
||||||
zX6N4m7KZiLeLpDdBVQtLuOzIdIE4wT3t/ckeqElxO/1Ut9bj765GcTTrYwMKHRw
|
|
||||||
ukWIH7ZtHtAjj0KzAgEDAoIBgQCLMoX4kZN/q63Fcp5jDXU3gnb0zeU0tZYp9U9F
|
|
||||||
I5B6j2XX/ECt6OQvctYD3JEiPvZmh+5KUt5li7nNCCZrhXINYkBdGtQGLQHMKL13
|
|
||||||
3aCd//c9yK+TxDhVQ09boHFLPUO2YUz+jlVitENlmFOtG28m3zcWy3paieZnjGzT
|
|
||||||
iop9Wn6ubLh50OEfsAojkUnlOOvCc3aB8iAqD+6ptYOLBifGQLgvpk8EHGQhQer/
|
|
||||||
oCHNTmG+2SsmxfV/Pus2vZ2rBkrUbZU0hwrnvKOIPhnt3Qwtmx9xsC67jF+MpWko
|
|
||||||
UisJXC27FAGz2gpIGMhBp35HEppwG9hhCuMQdK2g62bvweyr1tC4qOVdQrKvhksN
|
|
||||||
r6CMjS9eSXvmWdF7lU4oxStN0V56/LICSIsLbggUaxTPKhAVEgfTSqwEJoQuFA3Q
|
|
||||||
4GmgTydPhcRH1L/lhbWJqZQm7V1Gt+5i5J6iATD32uNQQ2iZi5GsUhr+jZC+WlE5
|
|
||||||
6lS813cRNiaK52HIk62bG7IXOksCgcEA+6RxZhQ5GaCPYZNsk7TqxqsKopXKoYAr
|
|
||||||
2R4KWuexJTd+1kcNMk0ETX8OSgpY2cYL2uPFWmdutxPpLfpr8S2u92Da/Wxs70Ti
|
|
||||||
QSb0426ybTmnS5L7nOnGOHiddXILhW175liAszTeoR7nQ6vpr9YjfcnrXiB8bKIm
|
|
||||||
akft2DQoxrBPzEe9tA8gfkyDTsSG2j7kncSbvYRtkKcJOmmypotVU6uhRPSrSXCc
|
|
||||||
J59uBQkg6Bk4CKA1mz8ctG07MluFY0/ZAoHBANRpZlfIFl39gFmuEER7lb80GySO
|
|
||||||
J190LbqOca3dGOvAMsDgEAi6juJyX7ZNpbHFHj++LvmTtw9+kxhVDBcswS7304kt
|
|
||||||
7J2EfnGdctEZtXif1wiq30YWAp1tjRpQENKtt9wssmgcwgK39rZNiEHmStHGv3l+
|
|
||||||
5TnKPKeuFCDnsLvi5lQYoK2wTYvZtsjf+Rnt7H17q90IV54pMjTS8BkGskCkKf2A
|
|
||||||
IYuaZkqX0T3cM6ovoYYDAU6rWL5rrYPLEwkbawKBwQCnwvZEDXtmawpBDPMNI0cv
|
|
||||||
HLHBuTHBAB07aVw8mnYYz6nkL14hiK2I/17cBuXmhAfnQoORmknPYptz/Ef2HnSk
|
|
||||||
6zyo8vNKLewrb03s9Hbze8TdDKe98S7QUGj49rJY86fu5asiIz8WFJotHUZ1OWz+
|
|
||||||
hpzpav2dwW7xhUk6zXCEdYqIL9PNX2r+3azfLa88Ke2+gxJ+WEkLGgYm8SHEXOON
|
|
||||||
HRYt+HIw9b1vv56uBhXwENAFwCO81L3Nnid2565CNTsCgcEAjZuZj9q5k/5VkR61
|
|
||||||
gv0Of3gSGF7E6k1z0bRLyT4QnSrMgJVgBdG0lvbqeYkZIS4UKn7J+7fPX6m3ZY4I
|
|
||||||
D3MrdKU3sMlIaQL+9mj3NhEjpb/ksHHqLrlXE55eEYq14cklPXMhmr3WrHqkeYkF
|
|
||||||
gUQx4S8qUP9De9wob8liwJp10pdEOBBrHnWJB+Z52z/7Zp6dqP0dPgWPvsYheIyg
|
|
||||||
EK8hgG1xU6rBB7xEMbqLfpLNHB/BBAIA3xzl1EfJAodiBhJHAoHAeTS2znDHYayI
|
|
||||||
TvK86tBAPVORiBVTSdRUONdGF3dipo24hyeyrI5MtiOoMc3sKWXnSTkDQWa3WiPx
|
|
||||||
qStBmmO/SbGTuz7T6+oOwGeMiYzYBe87Ayn8Y0KYYshFikieJbGusHjUlIGmCVPy
|
|
||||||
UHrDMYGwFGUGBwW47gBsnZa+YPHtxWCPDe/U80et2Trx0RXJJQPmupAVMSiJWObI
|
|
||||||
9k5gRU+xDqkHanyD1gkGGwhFTUNX94EJEOdQEWw3hxLnVtePoke/
|
|
||||||
-----END RSA PRIVATE KEY-----
|
|
|
@ -1,31 +0,0 @@
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIFSzCCA7OgAwIBAgIJANEHdl0yo7CUMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNV
|
|
||||||
BAYTAlVTMQswCQYDVQQIDAJDQTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExGjAYBgNV
|
|
||||||
BAoMEUludGVsIENvcnBvcmF0aW9uMTAwLgYDVQQDDCdJbnRlbCBTR1ggQXR0ZXN0
|
|
||||||
YXRpb24gUmVwb3J0IFNpZ25pbmcgQ0EwIBcNMTYxMTE0MTUzNzMxWhgPMjA0OTEy
|
|
||||||
MzEyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEUMBIGA1UEBwwL
|
|
||||||
U2FudGEgQ2xhcmExGjAYBgNVBAoMEUludGVsIENvcnBvcmF0aW9uMTAwLgYDVQQD
|
|
||||||
DCdJbnRlbCBTR1ggQXR0ZXN0YXRpb24gUmVwb3J0IFNpZ25pbmcgQ0EwggGiMA0G
|
|
||||||
CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCfPGR+tXc8u1EtJzLA10Feu1Wg+p7e
|
|
||||||
LmSRmeaCHbkQ1TF3Nwl3RmpqXkeGzNLd69QUnWovYyVSndEMyYc3sHecGgfinEeh
|
|
||||||
rgBJSEdsSJ9FpaFdesjsxqzGRa20PYdnnfWcCTvFoulpbFR4VBuXnnVLVzkUvlXT
|
|
||||||
L/TAnd8nIZk0zZkFJ7P5LtePvykkar7LcSQO85wtcQe0R1Raf/sQ6wYKaKmFgCGe
|
|
||||||
NpEJUmg4ktal4qgIAxk+QHUxQE42sxViN5mqglB0QJdUot/o9a/V/mMeH8KvOAiQ
|
|
||||||
byinkNndn+Bgk5sSV5DFgF0DffVqmVMblt5p3jPtImzBIH0QQrXJq39AT8cRwP5H
|
|
||||||
afuVeLHcDsRp6hol4P+ZFIhu8mmbI1u0hH3W/0C2BuYXB5PC+5izFFh/nP0lc2Lf
|
|
||||||
6rELO9LZdnOhpL1ExFOq9H/B8tPQ84T3Sgb4nAifDabNt/zu6MmCGo5U8lwEFtGM
|
|
||||||
RoOaX4AS+909x00lYnmtwsDVWv9vBiJCXRsCAwEAAaOByTCBxjBgBgNVHR8EWTBX
|
|
||||||
MFWgU6BRhk9odHRwOi8vdHJ1c3RlZHNlcnZpY2VzLmludGVsLmNvbS9jb250ZW50
|
|
||||||
L0NSTC9TR1gvQXR0ZXN0YXRpb25SZXBvcnRTaWduaW5nQ0EuY3JsMB0GA1UdDgQW
|
|
||||||
BBR4Q3t2pn680K9+QjfrNXw7hwFRPDAfBgNVHSMEGDAWgBR4Q3t2pn680K9+Qjfr
|
|
||||||
NXw7hwFRPDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkq
|
|
||||||
hkiG9w0BAQsFAAOCAYEAeF8tYMXICvQqeXYQITkV2oLJsp6J4JAqJabHWxYJHGir
|
|
||||||
IEqucRiJSSx+HjIJEUVaj8E0QjEud6Y5lNmXlcjqRXaCPOqK0eGRz6hi+ripMtPZ
|
|
||||||
sFNaBwLQVV905SDjAzDzNIDnrcnXyB4gcDFCvwDFKKgLRjOB/WAqgscDUoGq5ZVi
|
|
||||||
zLUzTqiQPmULAQaB9c6Oti6snEFJiCQ67JLyW/E83/frzCmO5Ru6WjU4tmsmy8Ra
|
|
||||||
Ud4APK0wZTGtfPXU7w+IBdG5Ez0kE1qzxGQaL4gINJ1zMyleDnbuS8UicjJijvqA
|
|
||||||
152Sq049ESDz+1rRGc2NVEqh1KaGXmtXvqxXcTB+Ljy5Bw2ke0v8iGngFBPqCTVB
|
|
||||||
3op5KBG3RjbF6RRSzwzuWfL7QErNC8WEy5yDVARzTA5+xmBc388v9Dm21HGfcC8O
|
|
||||||
DD+gT9sSpssq0ascmvH49MOgjt1yoysLtdCtJW/9FZpoOypaHx0R+mJTLwPXVMrv
|
|
||||||
DaVzWh5aiEx+idkSGMnX
|
|
||||||
-----END CERTIFICATE-----
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue