Assignment-7-sgximpl #13
174 changed files with 209 additions and 24519 deletions
81
Assignment 7 - SGX Hands-on/Makefile
Normal file
81
Assignment 7 - SGX Hands-on/Makefile
Normal file
|
@ -0,0 +1,81 @@
|
||||||
|
# Makefile for building the application
|
||||||
|
# Use:
|
||||||
|
# make - compiles both release and test binaries
|
||||||
|
# make release - compiles and runs the release binary
|
||||||
|
# make test - compiles and runs the test binary
|
||||||
|
# make clean - deletes all binaries in build/bin
|
||||||
|
# make cleaner - deltes the whole build directory
|
||||||
|
|
||||||
|
# Compiler
|
||||||
|
CC = clang
|
||||||
|
CFLAGS = -Wall -Wextra -Werror
|
||||||
|
LDFLAGS =
|
||||||
|
|
||||||
|
# Directories
|
||||||
|
SRC_DIR = src
|
||||||
|
LIB_DIR = lib
|
||||||
|
TEST_DIR = test
|
||||||
|
APP_DIR = $(SRC_DIR)/app
|
||||||
|
ENCLAVE_DIR = $(SRC_DIR)/enclave
|
||||||
|
BUILD_DIR = build
|
||||||
|
OBJ_DIR = $(BUILD_DIR)/obj
|
||||||
|
BIN_DIR = $(BUILD_DIR)/bin
|
||||||
|
|
||||||
|
# Source files
|
||||||
|
LIB_SRCS = $(wildcard $(LIB_DIR)/*.c)
|
||||||
|
APP_SRCS = $(wildcard $(APP_DIR)/*.c) $(wildcard $(ENCLAVE_DIR)/*.c)
|
||||||
|
TEST_SRCS = $(wildcard $(TEST_DIR)/*.c)
|
||||||
|
|
||||||
|
# Object files
|
||||||
|
LIB_OBJS = $(LIB_SRCS:$(LIB_DIR)/%.c=$(OBJ_DIR)/lib/%.o)
|
||||||
|
APP_OBJS = $(APP_SRCS:$(SRC_DIR)/%.c=$(OBJ_DIR)/src/%.o)
|
||||||
|
TEST_OBJS = $(TEST_SRCS:$(TEST_DIR)/%.c=$(OBJ_DIR)/test/%.o)
|
||||||
|
|
||||||
|
# Binaries
|
||||||
|
RELEASE_BIN = $(BIN_DIR)/release
|
||||||
|
TEST_BIN = $(BIN_DIR)/test
|
||||||
|
|
||||||
|
$(RELEASE_BIN): $(LIB_OBJS) $(APP_OBJS)
|
||||||
|
@mkdir -p $(BIN_DIR)
|
||||||
|
@$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^
|
||||||
|
|
||||||
|
$(TEST_BIN): $(LIB_OBJS) $(TEST_OBJS)
|
||||||
|
@mkdir -p $(BIN_DIR)
|
||||||
|
@$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $^
|
||||||
|
|
||||||
|
$(OBJ_DIR)/lib/%.o: $(LIB_DIR)/%.c
|
||||||
|
@mkdir -p $(dir $@)
|
||||||
|
@$(CC) $(CFLAGS) -c -o $@ $<
|
||||||
|
|
||||||
|
$(OBJ_DIR)/src/%.o: $(SRC_DIR)/%.c
|
||||||
|
@mkdir -p $(dir $@)
|
||||||
|
@$(CC) $(CFLAGS) -c -o $@ $<
|
||||||
|
|
||||||
|
$(OBJ_DIR)/test/%.o: $(TEST_DIR)/%.c
|
||||||
|
@mkdir -p $(dir $@)
|
||||||
|
@$(CC) $(CFLAGS) -c -o $@ $<
|
||||||
|
|
||||||
|
# Targets
|
||||||
|
.PHONY: all clean release test
|
||||||
|
|
||||||
|
all: release test
|
||||||
|
|
||||||
|
release: $(RELEASE_BIN) run_release
|
||||||
|
|
||||||
|
run_release:
|
||||||
|
@echo "RUNNING RELEASE"
|
||||||
|
@./$(RELEASE_BIN)
|
||||||
|
|
||||||
|
test: $(TEST_BIN) run_test
|
||||||
|
|
||||||
|
run_test:
|
||||||
|
@echo "RUNNING TESTS"
|
||||||
|
@./$(TEST_BIN)
|
||||||
|
|
||||||
|
clean:
|
||||||
|
@echo "Deleting binaries"
|
||||||
|
@rm -rf $(BIN_DIR)
|
||||||
|
|
||||||
|
cleaner:
|
||||||
|
@echo "Deleting builds"
|
||||||
|
@rm -rf $(BUILD_DIR)
|
|
@ -1,252 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <assert.h>
|
|
||||||
|
|
||||||
# include <unistd.h>
|
|
||||||
# include <pwd.h>
|
|
||||||
# define MAX_PATH FILENAME_MAX
|
|
||||||
|
|
||||||
#include "sgx_urts.h"
|
|
||||||
#include "App.h"
|
|
||||||
#include "Enclave_u.h"
|
|
||||||
|
|
||||||
/* Global EID shared by multiple threads */
|
|
||||||
sgx_enclave_id_t global_eid = 0;
|
|
||||||
|
|
||||||
typedef struct _sgx_errlist_t {
|
|
||||||
sgx_status_t err;
|
|
||||||
const char *msg;
|
|
||||||
const char *sug; /* Suggestion */
|
|
||||||
} sgx_errlist_t;
|
|
||||||
|
|
||||||
/* Error code returned by sgx_create_enclave */
|
|
||||||
static sgx_errlist_t sgx_errlist[] = {
|
|
||||||
{
|
|
||||||
SGX_ERROR_UNEXPECTED,
|
|
||||||
"Unexpected error occurred.",
|
|
||||||
NULL
|
|
||||||
},
|
|
||||||
{
|
|
||||||
SGX_ERROR_INVALID_PARAMETER,
|
|
||||||
"Invalid parameter.",
|
|
||||||
NULL
|
|
||||||
},
|
|
||||||
{
|
|
||||||
SGX_ERROR_OUT_OF_MEMORY,
|
|
||||||
"Out of memory.",
|
|
||||||
NULL
|
|
||||||
},
|
|
||||||
{
|
|
||||||
SGX_ERROR_ENCLAVE_LOST,
|
|
||||||
"Power transition occurred.",
|
|
||||||
"Please refer to the sample \"PowerTransition\" for details."
|
|
||||||
},
|
|
||||||
{
|
|
||||||
SGX_ERROR_INVALID_ENCLAVE,
|
|
||||||
"Invalid enclave image.",
|
|
||||||
NULL
|
|
||||||
},
|
|
||||||
{
|
|
||||||
SGX_ERROR_INVALID_ENCLAVE_ID,
|
|
||||||
"Invalid enclave identification.",
|
|
||||||
NULL
|
|
||||||
},
|
|
||||||
{
|
|
||||||
SGX_ERROR_INVALID_SIGNATURE,
|
|
||||||
"Invalid enclave signature.",
|
|
||||||
NULL
|
|
||||||
},
|
|
||||||
{
|
|
||||||
SGX_ERROR_OUT_OF_EPC,
|
|
||||||
"Out of EPC memory.",
|
|
||||||
NULL
|
|
||||||
},
|
|
||||||
{
|
|
||||||
SGX_ERROR_NO_DEVICE,
|
|
||||||
"Invalid SGX device.",
|
|
||||||
"Please make sure SGX module is enabled in the BIOS, and install SGX driver afterwards."
|
|
||||||
},
|
|
||||||
{
|
|
||||||
SGX_ERROR_MEMORY_MAP_CONFLICT,
|
|
||||||
"Memory map conflicted.",
|
|
||||||
NULL
|
|
||||||
},
|
|
||||||
{
|
|
||||||
SGX_ERROR_INVALID_METADATA,
|
|
||||||
"Invalid enclave metadata.",
|
|
||||||
NULL
|
|
||||||
},
|
|
||||||
{
|
|
||||||
SGX_ERROR_DEVICE_BUSY,
|
|
||||||
"SGX device was busy.",
|
|
||||||
NULL
|
|
||||||
},
|
|
||||||
{
|
|
||||||
SGX_ERROR_INVALID_VERSION,
|
|
||||||
"Enclave version was invalid.",
|
|
||||||
NULL
|
|
||||||
},
|
|
||||||
{
|
|
||||||
SGX_ERROR_INVALID_ATTRIBUTE,
|
|
||||||
"Enclave was not authorized.",
|
|
||||||
NULL
|
|
||||||
},
|
|
||||||
{
|
|
||||||
SGX_ERROR_ENCLAVE_FILE_ACCESS,
|
|
||||||
"Can't open enclave file.",
|
|
||||||
NULL
|
|
||||||
},
|
|
||||||
};
|
|
||||||
|
|
||||||
/* Check error conditions for loading enclave */
|
|
||||||
void print_error_message(sgx_status_t ret)
|
|
||||||
{
|
|
||||||
size_t idx = 0;
|
|
||||||
size_t ttl = sizeof sgx_errlist/sizeof sgx_errlist[0];
|
|
||||||
|
|
||||||
for (idx = 0; idx < ttl; idx++) {
|
|
||||||
if(ret == sgx_errlist[idx].err) {
|
|
||||||
if(NULL != sgx_errlist[idx].sug)
|
|
||||||
printf("Info: %s\n", sgx_errlist[idx].sug);
|
|
||||||
printf("Error: %s\n", sgx_errlist[idx].msg);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (idx == ttl)
|
|
||||||
printf("Error code is 0x%X. Please refer to the \"Intel SGX SDK Developer Reference\" for more details.\n", ret);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Initialize the enclave:
|
|
||||||
* Step 1: try to retrieve the launch token saved by last transaction
|
|
||||||
* Step 2: call sgx_create_enclave to initialize an enclave instance
|
|
||||||
* Step 3: save the launch token if it is updated
|
|
||||||
*/
|
|
||||||
int initialize_enclave(void)
|
|
||||||
{
|
|
||||||
char token_path[MAX_PATH] = {'\0'};
|
|
||||||
sgx_launch_token_t token = {0};
|
|
||||||
sgx_status_t ret = SGX_ERROR_UNEXPECTED;
|
|
||||||
int updated = 0;
|
|
||||||
|
|
||||||
/* Step 1: try to retrieve the launch token saved by last transaction
|
|
||||||
* if there is no token, then create a new one.
|
|
||||||
*/
|
|
||||||
/* try to get the token saved in $HOME */
|
|
||||||
const char *home_dir = getpwuid(getuid())->pw_dir;
|
|
||||||
|
|
||||||
if (home_dir != NULL &&
|
|
||||||
(strlen(home_dir)+strlen("/")+sizeof(TOKEN_FILENAME)+1) <= MAX_PATH) {
|
|
||||||
/* compose the token path */
|
|
||||||
strncpy(token_path, home_dir, strlen(home_dir));
|
|
||||||
strncat(token_path, "/", strlen("/"));
|
|
||||||
strncat(token_path, TOKEN_FILENAME, sizeof(TOKEN_FILENAME)+1);
|
|
||||||
} else {
|
|
||||||
/* if token path is too long or $HOME is NULL */
|
|
||||||
strncpy(token_path, TOKEN_FILENAME, sizeof(TOKEN_FILENAME));
|
|
||||||
}
|
|
||||||
|
|
||||||
FILE *fp = fopen(token_path, "rb");
|
|
||||||
if (fp == NULL && (fp = fopen(token_path, "wb")) == NULL) {
|
|
||||||
printf("Warning: Failed to create/open the launch token file \"%s\".\n", token_path);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (fp != NULL) {
|
|
||||||
/* read the token from saved file */
|
|
||||||
size_t read_num = fread(token, 1, sizeof(sgx_launch_token_t), fp);
|
|
||||||
if (read_num != 0 && read_num != sizeof(sgx_launch_token_t)) {
|
|
||||||
/* if token is invalid, clear the buffer */
|
|
||||||
memset(&token, 0x0, sizeof(sgx_launch_token_t));
|
|
||||||
printf("Warning: Invalid launch token read from \"%s\".\n", token_path);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
/* Step 2: call sgx_create_enclave to initialize an enclave instance */
|
|
||||||
/* Debug Support: set 2nd parameter to 1 */
|
|
||||||
ret = sgx_create_enclave(ENCLAVE_FILENAME, SGX_DEBUG_FLAG, &token, &updated, &global_eid, NULL);
|
|
||||||
if (ret != SGX_SUCCESS) {
|
|
||||||
print_error_message(ret);
|
|
||||||
if (fp != NULL) fclose(fp);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Step 3: save the launch token if it is updated */
|
|
||||||
if (updated == FALSE || fp == NULL) {
|
|
||||||
/* if the token is not updated, or file handler is invalid, do not perform saving */
|
|
||||||
if (fp != NULL) fclose(fp);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* reopen the file with write capablity */
|
|
||||||
fp = freopen(token_path, "wb", fp);
|
|
||||||
if (fp == NULL) return 0;
|
|
||||||
size_t write_num = fwrite(token, 1, sizeof(sgx_launch_token_t), fp);
|
|
||||||
if (write_num != sizeof(sgx_launch_token_t))
|
|
||||||
printf("Warning: Failed to save launch token to \"%s\".\n", token_path);
|
|
||||||
fclose(fp);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* OCall functions */
|
|
||||||
void ocall_print_string(const char *str)
|
|
||||||
{
|
|
||||||
/* Proxy/Bridge will check the length and null-terminate
|
|
||||||
* the input string to prevent buffer overflow.
|
|
||||||
*/
|
|
||||||
printf("%s", str);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/* Application entry */
|
|
||||||
int SGX_CDECL main(int argc, char *argv[])
|
|
||||||
{
|
|
||||||
(void)(argc);
|
|
||||||
(void)(argv);
|
|
||||||
|
|
||||||
|
|
||||||
/* Initialize the enclave */
|
|
||||||
if(initialize_enclave() < 0){
|
|
||||||
printf("Enter a character before exit ...\n");
|
|
||||||
getchar();
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
printf_helloworld(global_eid);
|
|
||||||
|
|
||||||
/* Destroy the enclave */
|
|
||||||
sgx_destroy_enclave(global_eid);
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,65 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
#ifndef _APP_H_
|
|
||||||
#define _APP_H_
|
|
||||||
|
|
||||||
#include <assert.h>
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <stdarg.h>
|
|
||||||
|
|
||||||
#include "sgx_error.h" /* sgx_status_t */
|
|
||||||
#include "sgx_eid.h" /* sgx_enclave_id_t */
|
|
||||||
|
|
||||||
#ifndef TRUE
|
|
||||||
# define TRUE 1
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifndef FALSE
|
|
||||||
# define FALSE 0
|
|
||||||
#endif
|
|
||||||
|
|
||||||
# define TOKEN_FILENAME "enclave.token"
|
|
||||||
# define ENCLAVE_FILENAME "enclave.signed.so"
|
|
||||||
|
|
||||||
extern sgx_enclave_id_t global_eid; /* global enclave id */
|
|
||||||
|
|
||||||
#if defined(__cplusplus)
|
|
||||||
extern "C" {
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(__cplusplus)
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#endif /* !_APP_H_ */
|
|
|
@ -1,12 +0,0 @@
|
||||||
<EnclaveConfiguration>
|
|
||||||
<ProdID>0</ProdID>
|
|
||||||
<ISVSVN>0</ISVSVN>
|
|
||||||
<StackMaxSize>0x40000</StackMaxSize>
|
|
||||||
<HeapMaxSize>0x100000</HeapMaxSize>
|
|
||||||
<TCSNum>10</TCSNum>
|
|
||||||
<TCSPolicy>1</TCSPolicy>
|
|
||||||
<!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
|
|
||||||
<DisableDebug>0</DisableDebug>
|
|
||||||
<MiscSelect>0</MiscSelect>
|
|
||||||
<MiscMask>0xFFFFFFFF</MiscMask>
|
|
||||||
</EnclaveConfiguration>
|
|
|
@ -1,57 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
#include <stdarg.h>
|
|
||||||
#include <stdio.h> /* vsnprintf */
|
|
||||||
|
|
||||||
#include "Enclave.h"
|
|
||||||
#include "Enclave_t.h" /* print_string */
|
|
||||||
|
|
||||||
/*
|
|
||||||
* printf:
|
|
||||||
* Invokes OCALL to display the enclave buffer to the terminal.
|
|
||||||
*/
|
|
||||||
void printf(const char *fmt, ...)
|
|
||||||
{
|
|
||||||
char buf[BUFSIZ] = {'\0'};
|
|
||||||
va_list ap;
|
|
||||||
va_start(ap, fmt);
|
|
||||||
vsnprintf(buf, BUFSIZ, fmt, ap);
|
|
||||||
va_end(ap);
|
|
||||||
ocall_print_string(buf);
|
|
||||||
}
|
|
||||||
|
|
||||||
void printf_helloworld()
|
|
||||||
{
|
|
||||||
printf("Hello World\n");
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,55 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
/* Enclave.edl - Top EDL file. */
|
|
||||||
|
|
||||||
enclave {
|
|
||||||
|
|
||||||
/* Import ECALL/OCALL from sub-directory EDLs.
|
|
||||||
* [from]: specifies the location of EDL file.
|
|
||||||
* [import]: specifies the functions to import,
|
|
||||||
* [*]: implies to import all functions.
|
|
||||||
*/
|
|
||||||
|
|
||||||
trusted {
|
|
||||||
public void printf_helloworld();
|
|
||||||
};
|
|
||||||
|
|
||||||
/*
|
|
||||||
* ocall_print_string - invokes OCALL to display string buffer inside the enclave.
|
|
||||||
* [in]: copy the string buffer to App outside.
|
|
||||||
* [string]: specifies 'str' is a NULL terminated buffer.
|
|
||||||
*/
|
|
||||||
untrusted {
|
|
||||||
void ocall_print_string([in, string] const char *str);
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
|
|
@ -1,50 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
#ifndef _ENCLAVE_H_
|
|
||||||
#define _ENCLAVE_H_
|
|
||||||
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <assert.h>
|
|
||||||
|
|
||||||
#if defined(__cplusplus)
|
|
||||||
extern "C" {
|
|
||||||
#endif
|
|
||||||
|
|
||||||
void printf(const char *fmt, ...);
|
|
||||||
void printf_helloworld();
|
|
||||||
|
|
||||||
#if defined(__cplusplus)
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#endif /* !_ENCLAVE_H_ */
|
|
|
@ -1,10 +0,0 @@
|
||||||
enclave.so
|
|
||||||
{
|
|
||||||
global:
|
|
||||||
g_global_data_sim;
|
|
||||||
g_global_data;
|
|
||||||
enclave_entry;
|
|
||||||
g_peak_heap_used;
|
|
||||||
local:
|
|
||||||
*;
|
|
||||||
};
|
|
|
@ -1,39 +0,0 @@
|
||||||
-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIIG4gIBAAKCAYEAroOogvsj/fZDZY8XFdkl6dJmky0lRvnWMmpeH41Bla6U1qLZ
|
|
||||||
AmZuyIF+mQC/cgojIsrBMzBxb1kKqzATF4+XwPwgKz7fmiddmHyYz2WDJfAjIveJ
|
|
||||||
ZjdMjM4+EytGlkkJ52T8V8ds0/L2qKexJ+NBLxkeQLfV8n1mIk7zX7jguwbCG1Pr
|
|
||||||
nEMdJ3Sew20vnje+RsngAzdPChoJpVsWi/K7cettX/tbnre1DL02GXc5qJoQYk7b
|
|
||||||
3zkmhz31TgFrd9VVtmUGyFXAysuSAb3EN+5VnHGr0xKkeg8utErea2FNtNIgua8H
|
|
||||||
ONfm9Eiyaav1SVKzPHlyqLtcdxH3I8Wg7yqMsaprZ1n5A1v/levxnL8+It02KseD
|
|
||||||
5HqV4rf/cImSlCt3lpRg8U5E1pyFQ2IVEC/XTDMiI3c+AR+w2jSRB3Bwn9zJtFlW
|
|
||||||
KHG3m1xGI4ck+Lci1JvWWLXQagQSPtZTsubxTQNx1gsgZhgv1JHVZMdbVlAbbRMC
|
|
||||||
1nSuJNl7KPAS/VfzAgEDAoIBgHRXxaynbVP5gkO0ug6Qw/E27wzIw4SmjsxG6Wpe
|
|
||||||
K7kfDeRskKxESdsA/xCrKkwGwhcx1iIgS5+Qscd1Yg+1D9X9asd/P7waPmWoZd+Z
|
|
||||||
AhlKwhdPsO7PiF3e1AzHhGQwsUTt/Y/aSI1MpHBvy2/s1h9mFCslOUxTmWw0oj/Q
|
|
||||||
ldIEgWeNR72CE2+jFIJIyml6ftnb6qzPiga8Bm48ubKh0kvySOqnkmnPzgh+JBD6
|
|
||||||
JnBmtZbfPT97bwTT+N6rnPqOOApvfHPf15kWI8yDbprG1l4OCUaIUH1AszxLd826
|
|
||||||
5IPM+8gINLRDP1MA6azECPjTyHXhtnSIBZCyWSVkc05vYmNXYUNiXWMajcxW9M02
|
|
||||||
wKzFELO8NCEAkaTPxwo4SCyIjUxiK1LbQ9h8PSy4c1+gGP4LAMR8xqP4QKg6zdu9
|
|
||||||
osUGG/xRe/uufgTBFkcjqBHtK5L5VI0jeNIUAgW/6iNbYXjBMJ0GfauLs+g1VsOm
|
|
||||||
WfdgXzsb9DYdMa0OXXHypmV4GwKBwQDUwQj8RKJ6c8cT4vcWCoJvJF00+RFL+P3i
|
|
||||||
Gx2DLERxRrDa8AVGfqaCjsR+3vLgG8V/py+z+dxZYSqeB80Qeo6PDITcRKoeAYh9
|
|
||||||
xlT3LJOS+k1cJcEmlbbO2IjLkTmzSwa80fWexKu8/Xv6vv15gpqYl1ngYoqJM3pd
|
|
||||||
vzmTIOi7MKSZ0WmEQavrZj8zK4endE3v0eAEeQ55j1GImbypSf7Idh7wOXtjZ7WD
|
|
||||||
Dg6yWDrri+AP/L3gClMj8wsAxMV4ZR8CgcEA0fzDHkFa6raVOxWnObmRoDhAtE0a
|
|
||||||
cjUj976NM5yyfdf2MrKy4/RhdTiPZ6b08/lBC/+xRfV3xKVGzacm6QjqjZrUpgHC
|
|
||||||
0LKiZaMtccCJjLtPwQd0jGQEnKfMFaPsnhOc5y8qVkCzVOSthY5qhz0XNotHHFmJ
|
|
||||||
gffVgB0iqrMTvSL7IA2yqqpOqNRlhaYhNl8TiFP3gIeMtVa9rZy31JPgT2uJ+kfo
|
|
||||||
gV7sdTPEjPWZd7OshGxWpT6QfVDj/T9T7L6tAoHBAI3WBf2DFvxNL2KXT2QHAZ9t
|
|
||||||
k3imC4f7U+wSE6zILaDZyzygA4RUbwG0gv8/TJVn2P/Eynf76DuWHGlaiLWnCbSz
|
|
||||||
Az2DHBQBBaku409zDQym3j1ugMRjzzSQWzJg0SIyBH3hTmnYcn3+Uqcp/lEBvGW6
|
|
||||||
O+rsXFt3pukqJmIV8HzLGGaLm62BHUeZf3dyWm+i3p/hQAL7Xvu04QW70xuGqdr5
|
|
||||||
afV7p5eaeQIJXyGQJ0eylV/90+qxjMKiB1XYg6WYvwKBwQCL/ddpgOdHJGN8uRom
|
|
||||||
e7Zq0Csi3hGheMKlKbN3vcxT5U7MdyHtTZZOJbTvxKNNUNYH/8uD+PqDGNneb29G
|
|
||||||
BfGzvI3EASyLIcGZF3OhKwZd0jUrWk2y7Vhob91jwp2+t73vdMbkKyI4mHOuXvGv
|
|
||||||
fg95si9oO7EBT+Oqvhccd2J+F1IVXncccYnF4u5ZGWt5lLewN/pVr7MjjykeaHqN
|
|
||||||
t+rfnQam2psA6fL4zS2zTmZPzR2tnY8Y1GBTi0Ko1OKd1HMCgcAb5cB/7/AQlhP9
|
|
||||||
yQa04PLH9ygQkKKptZp7dy5WcWRx0K/hAHRoi2aw1wZqfm7VBNu2SLcs90kCCCxp
|
|
||||||
6C5sfJi6b8NpNbIPC+sc9wsFr7pGo9SFzQ78UlcWYK2Gu2FxlMjonhka5hvo4zvg
|
|
||||||
WxlpXKEkaFt3gLd92m/dMqBrHfafH7VwOJY2zT3WIpjwuk0ZzmRg5p0pG/svVQEH
|
|
||||||
NZmwRwlopysbR69B/n1nefJ84UO50fLh5s5Zr3gBRwbWNZyzhXk=
|
|
||||||
-----END RSA PRIVATE KEY-----
|
|
|
@ -1,249 +0,0 @@
|
||||||
#
|
|
||||||
# Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
#
|
|
||||||
# Redistribution and use in source and binary forms, with or without
|
|
||||||
# modification, are permitted provided that the following conditions
|
|
||||||
# are met:
|
|
||||||
#
|
|
||||||
# * Redistributions of source code must retain the above copyright
|
|
||||||
# notice, this list of conditions and the following disclaimer.
|
|
||||||
# * Redistributions in binary form must reproduce the above copyright
|
|
||||||
# notice, this list of conditions and the following disclaimer in
|
|
||||||
# the documentation and/or other materials provided with the
|
|
||||||
# distribution.
|
|
||||||
# * Neither the name of Intel Corporation nor the names of its
|
|
||||||
# contributors may be used to endorse or promote products derived
|
|
||||||
# from this software without specific prior written permission.
|
|
||||||
#
|
|
||||||
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
#
|
|
||||||
#
|
|
||||||
|
|
||||||
######## SGX SDK Settings ########
|
|
||||||
|
|
||||||
SGX_SDK ?= /opt/intel/sgxsdk
|
|
||||||
SGX_MODE ?= HW
|
|
||||||
SGX_ARCH ?= x64
|
|
||||||
SGX_DEBUG ?= 1
|
|
||||||
|
|
||||||
ifeq ($(shell getconf LONG_BIT), 32)
|
|
||||||
SGX_ARCH := x86
|
|
||||||
else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32)
|
|
||||||
SGX_ARCH := x86
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifeq ($(SGX_ARCH), x86)
|
|
||||||
SGX_COMMON_CFLAGS := -m32
|
|
||||||
SGX_LIBRARY_PATH := $(SGX_SDK)/lib
|
|
||||||
SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign
|
|
||||||
SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r
|
|
||||||
else
|
|
||||||
SGX_COMMON_CFLAGS := -m64
|
|
||||||
SGX_LIBRARY_PATH := $(SGX_SDK)/lib64
|
|
||||||
SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign
|
|
||||||
SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifeq ($(SGX_DEBUG), 1)
|
|
||||||
ifeq ($(SGX_PRERELEASE), 1)
|
|
||||||
$(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!)
|
|
||||||
endif
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifeq ($(SGX_DEBUG), 1)
|
|
||||||
SGX_COMMON_CFLAGS += -O0 -g
|
|
||||||
else
|
|
||||||
SGX_COMMON_CFLAGS += -O2
|
|
||||||
endif
|
|
||||||
|
|
||||||
######## App Settings ########
|
|
||||||
|
|
||||||
ifneq ($(SGX_MODE), HW)
|
|
||||||
Urts_Library_Name := sgx_urts_sim
|
|
||||||
else
|
|
||||||
Urts_Library_Name := sgx_urts
|
|
||||||
endif
|
|
||||||
|
|
||||||
App_Cpp_Files := App/App.cpp
|
|
||||||
App_Include_Paths := -IInclude -IApp -I$(SGX_SDK)/include
|
|
||||||
|
|
||||||
App_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths)
|
|
||||||
|
|
||||||
# Three configuration modes - Debug, prerelease, release
|
|
||||||
# Debug - Macro DEBUG enabled.
|
|
||||||
# Prerelease - Macro NDEBUG and EDEBUG enabled.
|
|
||||||
# Release - Macro NDEBUG enabled.
|
|
||||||
ifeq ($(SGX_DEBUG), 1)
|
|
||||||
App_C_Flags += -DDEBUG -UNDEBUG -UEDEBUG
|
|
||||||
else ifeq ($(SGX_PRERELEASE), 1)
|
|
||||||
App_C_Flags += -DNDEBUG -DEDEBUG -UDEBUG
|
|
||||||
else
|
|
||||||
App_C_Flags += -DNDEBUG -UEDEBUG -UDEBUG
|
|
||||||
endif
|
|
||||||
|
|
||||||
App_Cpp_Flags := $(App_C_Flags) -std=c++11
|
|
||||||
App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -lpthread
|
|
||||||
|
|
||||||
ifneq ($(SGX_MODE), HW)
|
|
||||||
App_Link_Flags += -lsgx_uae_service_sim
|
|
||||||
else
|
|
||||||
App_Link_Flags += -lsgx_uae_service
|
|
||||||
endif
|
|
||||||
|
|
||||||
App_Cpp_Objects := $(App_Cpp_Files:.cpp=.o)
|
|
||||||
|
|
||||||
App_Name := app
|
|
||||||
|
|
||||||
######## Enclave Settings ########
|
|
||||||
|
|
||||||
ifneq ($(SGX_MODE), HW)
|
|
||||||
Trts_Library_Name := sgx_trts_sim
|
|
||||||
Service_Library_Name := sgx_tservice_sim
|
|
||||||
else
|
|
||||||
Trts_Library_Name := sgx_trts
|
|
||||||
Service_Library_Name := sgx_tservice
|
|
||||||
endif
|
|
||||||
Crypto_Library_Name := sgx_tcrypto
|
|
||||||
|
|
||||||
Enclave_Cpp_Files := Enclave/Enclave.cpp
|
|
||||||
Enclave_Include_Paths := -IInclude -IEnclave -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx
|
|
||||||
|
|
||||||
CC_BELOW_4_9 := $(shell expr "`$(CC) -dumpversion`" \< "4.9")
|
|
||||||
ifeq ($(CC_BELOW_4_9), 1)
|
|
||||||
Enclave_C_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -ffunction-sections -fdata-sections -fstack-protector
|
|
||||||
else
|
|
||||||
Enclave_C_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -ffunction-sections -fdata-sections -fstack-protector-strong
|
|
||||||
endif
|
|
||||||
|
|
||||||
Enclave_C_Flags += $(Enclave_Include_Paths)
|
|
||||||
Enclave_Cpp_Flags := $(Enclave_C_Flags) -std=c++11 -nostdinc++
|
|
||||||
|
|
||||||
# To generate a proper enclave, it is recommended to follow below guideline to link the trusted libraries:
|
|
||||||
# 1. Link sgx_trts with the `--whole-archive' and `--no-whole-archive' options,
|
|
||||||
# so that the whole content of trts is included in the enclave.
|
|
||||||
# 2. For other libraries, you just need to pull the required symbols.
|
|
||||||
# Use `--start-group' and `--end-group' to link these libraries.
|
|
||||||
# Do NOT move the libraries linked with `--start-group' and `--end-group' within `--whole-archive' and `--no-whole-archive' options.
|
|
||||||
# Otherwise, you may get some undesirable errors.
|
|
||||||
Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \
|
|
||||||
-Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
|
|
||||||
-Wl,--start-group -lsgx_tstdc -lsgx_tcxx -l$(Crypto_Library_Name) -l$(Service_Library_Name) -Wl,--end-group \
|
|
||||||
-Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
|
|
||||||
-Wl,-pie,-eenclave_entry -Wl,--export-dynamic \
|
|
||||||
-Wl,--defsym,__ImageBase=0 -Wl,--gc-sections \
|
|
||||||
-Wl,--version-script=Enclave/Enclave.lds
|
|
||||||
|
|
||||||
Enclave_Cpp_Objects := $(Enclave_Cpp_Files:.cpp=.o)
|
|
||||||
|
|
||||||
Enclave_Name := enclave.so
|
|
||||||
Signed_Enclave_Name := enclave.signed.so
|
|
||||||
Enclave_Config_File := Enclave/Enclave.config.xml
|
|
||||||
|
|
||||||
ifeq ($(SGX_MODE), HW)
|
|
||||||
ifeq ($(SGX_DEBUG), 1)
|
|
||||||
Build_Mode = HW_DEBUG
|
|
||||||
else ifeq ($(SGX_PRERELEASE), 1)
|
|
||||||
Build_Mode = HW_PRERELEASE
|
|
||||||
else
|
|
||||||
Build_Mode = HW_RELEASE
|
|
||||||
endif
|
|
||||||
else
|
|
||||||
ifeq ($(SGX_DEBUG), 1)
|
|
||||||
Build_Mode = SIM_DEBUG
|
|
||||||
else ifeq ($(SGX_PRERELEASE), 1)
|
|
||||||
Build_Mode = SIM_PRERELEASE
|
|
||||||
else
|
|
||||||
Build_Mode = SIM_RELEASE
|
|
||||||
endif
|
|
||||||
endif
|
|
||||||
|
|
||||||
|
|
||||||
.PHONY: all run
|
|
||||||
|
|
||||||
ifeq ($(Build_Mode), HW_RELEASE)
|
|
||||||
all: .config_$(Build_Mode)_$(SGX_ARCH) $(App_Name) $(Enclave_Name)
|
|
||||||
@echo "The project has been built in release hardware mode."
|
|
||||||
@echo "Please sign the $(Enclave_Name) first with your signing key before you run the $(App_Name) to launch and access the enclave."
|
|
||||||
@echo "To sign the enclave use the command:"
|
|
||||||
@echo " $(SGX_ENCLAVE_SIGNER) sign -key <your key> -enclave $(Enclave_Name) -out <$(Signed_Enclave_Name)> -config $(Enclave_Config_File)"
|
|
||||||
@echo "You can also sign the enclave using an external signing tool."
|
|
||||||
@echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW."
|
|
||||||
else
|
|
||||||
all: .config_$(Build_Mode)_$(SGX_ARCH) $(App_Name) $(Signed_Enclave_Name)
|
|
||||||
ifeq ($(Build_Mode), HW_DEBUG)
|
|
||||||
@echo "The project has been built in debug hardware mode."
|
|
||||||
else ifeq ($(Build_Mode), SIM_DEBUG)
|
|
||||||
@echo "The project has been built in debug simulation mode."
|
|
||||||
else ifeq ($(Build_Mode), HW_PRERELEASE)
|
|
||||||
@echo "The project has been built in pre-release hardware mode."
|
|
||||||
else ifeq ($(Build_Mode), SIM_PRERELEASE)
|
|
||||||
@echo "The project has been built in pre-release simulation mode."
|
|
||||||
else
|
|
||||||
@echo "The project has been built in release simulation mode."
|
|
||||||
endif
|
|
||||||
endif
|
|
||||||
|
|
||||||
run: all
|
|
||||||
ifneq ($(Build_Mode), HW_RELEASE)
|
|
||||||
@$(CURDIR)/$(App_Name)
|
|
||||||
@echo "RUN => $(App_Name) [$(SGX_MODE)|$(SGX_ARCH), OK]"
|
|
||||||
endif
|
|
||||||
|
|
||||||
######## App Objects ########
|
|
||||||
|
|
||||||
App/Enclave_u.c: $(SGX_EDGER8R) Enclave/Enclave.edl
|
|
||||||
@cd App && $(SGX_EDGER8R) --untrusted ../Enclave/Enclave.edl --search-path ../Enclave --search-path $(SGX_SDK)/include
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
App/Enclave_u.o: App/Enclave_u.c
|
|
||||||
@$(CC) $(App_C_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
App/%.o: App/%.cpp
|
|
||||||
@$(CXX) $(App_Cpp_Flags) -c $< -o $@
|
|
||||||
@echo "CXX <= $<"
|
|
||||||
|
|
||||||
$(App_Name): App/Enclave_u.o $(App_Cpp_Objects)
|
|
||||||
@$(CXX) $^ -o $@ $(App_Link_Flags)
|
|
||||||
@echo "LINK => $@"
|
|
||||||
|
|
||||||
.config_$(Build_Mode)_$(SGX_ARCH):
|
|
||||||
@rm -f .config_* $(App_Name) $(Enclave_Name) $(Signed_Enclave_Name) $(App_Cpp_Objects) App/Enclave_u.* $(Enclave_Cpp_Objects) Enclave/Enclave_t.*
|
|
||||||
@touch .config_$(Build_Mode)_$(SGX_ARCH)
|
|
||||||
|
|
||||||
######## Enclave Objects ########
|
|
||||||
|
|
||||||
Enclave/Enclave_t.c: $(SGX_EDGER8R) Enclave/Enclave.edl
|
|
||||||
@cd Enclave && $(SGX_EDGER8R) --trusted ../Enclave/Enclave.edl --search-path ../Enclave --search-path $(SGX_SDK)/include
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
Enclave/Enclave_t.o: Enclave/Enclave_t.c
|
|
||||||
@$(CC) $(Enclave_C_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
Enclave/%.o: Enclave/%.cpp
|
|
||||||
@$(CXX) $(Enclave_Cpp_Flags) -c $< -o $@
|
|
||||||
@echo "CXX <= $<"
|
|
||||||
|
|
||||||
$(Enclave_Name): Enclave/Enclave_t.o $(Enclave_Cpp_Objects)
|
|
||||||
@$(CXX) $^ -o $@ $(Enclave_Link_Flags)
|
|
||||||
@echo "LINK => $@"
|
|
||||||
|
|
||||||
$(Signed_Enclave_Name): $(Enclave_Name)
|
|
||||||
@$(SGX_ENCLAVE_SIGNER) sign -key Enclave/Enclave_private.pem -enclave $(Enclave_Name) -out $@ -config $(Enclave_Config_File)
|
|
||||||
@echo "SIGN => $@"
|
|
||||||
|
|
||||||
.PHONY: clean
|
|
||||||
|
|
||||||
clean:
|
|
||||||
@rm -f .config_* $(App_Name) $(Enclave_Name) $(Signed_Enclave_Name) $(App_Cpp_Objects) App/Enclave_u.* $(Enclave_Cpp_Objects) Enclave/Enclave_t.*
|
|
|
@ -1,55 +0,0 @@
|
||||||
# Prerequisites
|
|
||||||
*.d
|
|
||||||
|
|
||||||
# Object files
|
|
||||||
*.o
|
|
||||||
*.ko
|
|
||||||
*.obj
|
|
||||||
*.elf
|
|
||||||
|
|
||||||
# Linker output
|
|
||||||
*.ilk
|
|
||||||
*.map
|
|
||||||
*.exp
|
|
||||||
|
|
||||||
# Precompiled Headers
|
|
||||||
*.gch
|
|
||||||
*.pch
|
|
||||||
|
|
||||||
# Libraries
|
|
||||||
*.lib
|
|
||||||
*.a
|
|
||||||
*.la
|
|
||||||
*.lo
|
|
||||||
|
|
||||||
# Shared objects (inc. Windows DLLs)
|
|
||||||
*.dll
|
|
||||||
*.so
|
|
||||||
*.so.*
|
|
||||||
*.dylib
|
|
||||||
|
|
||||||
# Executables
|
|
||||||
*.exe
|
|
||||||
*.out
|
|
||||||
*.app
|
|
||||||
*.i*86
|
|
||||||
*.x86_64
|
|
||||||
*.hex
|
|
||||||
|
|
||||||
# Debug files
|
|
||||||
*.dSYM/
|
|
||||||
*.su
|
|
||||||
*.idb
|
|
||||||
*.pdb
|
|
||||||
|
|
||||||
# Kernel Module Compile Results
|
|
||||||
*.mod*
|
|
||||||
*.cmd
|
|
||||||
.tmp_versions/
|
|
||||||
modules.order
|
|
||||||
Module.symvers
|
|
||||||
Mkfile.old
|
|
||||||
dkms.conf
|
|
||||||
|
|
||||||
# Apple .DS_Store files
|
|
||||||
.DS_Store
|
|
|
@ -1,209 +0,0 @@
|
||||||
#
|
|
||||||
# Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
|
|
||||||
#
|
|
||||||
# Redistribution and use in source and binary forms, with or without
|
|
||||||
# modification, are permitted provided that the following conditions
|
|
||||||
# are met:
|
|
||||||
#
|
|
||||||
# * Redistributions of source code must retain the above copyright
|
|
||||||
# notice, this list of conditions and the following disclaimer.
|
|
||||||
# * Redistributions in binary form must reproduce the above copyright
|
|
||||||
# notice, this list of conditions and the following disclaimer in
|
|
||||||
# the documentation and/or other materials provided with the
|
|
||||||
# distribution.
|
|
||||||
# * Neither the name of Intel Corporation nor the names of its
|
|
||||||
# contributors may be used to endorse or promote products derived
|
|
||||||
# from this software without specific prior written permission.
|
|
||||||
#
|
|
||||||
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
#
|
|
||||||
#
|
|
||||||
|
|
||||||
######## SGX SDK Settings ########
|
|
||||||
|
|
||||||
SGX_SDK ?= /opt/intel/sgxsdk
|
|
||||||
SGX_MODE ?= SIM
|
|
||||||
SGX_ARCH ?= x64
|
|
||||||
|
|
||||||
ifeq ($(shell getconf LONG_BIT), 32)
|
|
||||||
SGX_ARCH := x86
|
|
||||||
else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32)
|
|
||||||
SGX_ARCH := x86
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifeq ($(SGX_ARCH), x86)
|
|
||||||
SGX_COMMON_CFLAGS := -m32
|
|
||||||
SGX_LIBRARY_PATH := $(SGX_SDK)/lib
|
|
||||||
SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign
|
|
||||||
SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r
|
|
||||||
else
|
|
||||||
SGX_COMMON_CFLAGS := -m64
|
|
||||||
SGX_LIBRARY_PATH := $(SGX_SDK)/lib64
|
|
||||||
SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign
|
|
||||||
SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifeq ($(SGX_DEBUG), 1)
|
|
||||||
ifeq ($(SGX_PRERELEASE), 1)
|
|
||||||
$(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!)
|
|
||||||
endif
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifeq ($(SGX_DEBUG), 1)
|
|
||||||
SGX_COMMON_CFLAGS += -O0 -g
|
|
||||||
else
|
|
||||||
SGX_COMMON_CFLAGS += -O2
|
|
||||||
endif
|
|
||||||
|
|
||||||
######## App Settings ########
|
|
||||||
|
|
||||||
ifneq ($(SGX_MODE), HW)
|
|
||||||
Urts_Library_Name := sgx_urts_sim
|
|
||||||
else
|
|
||||||
Urts_Library_Name := sgx_urts
|
|
||||||
endif
|
|
||||||
|
|
||||||
App_Cpp_Files := app/app.cpp app/utils.cpp
|
|
||||||
App_Include_Paths := -Iapp -I$(SGX_SDK)/include -Iinclude -Itest
|
|
||||||
|
|
||||||
App_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths)
|
|
||||||
|
|
||||||
# Three configuration modes - Debug, prerelease, release
|
|
||||||
# Debug - Macro DEBUG enabled.
|
|
||||||
# Prerelease - Macro NDEBUG and EDEBUG enabled.
|
|
||||||
# Release - Macro NDEBUG enabled.
|
|
||||||
ifeq ($(SGX_DEBUG), 1)
|
|
||||||
App_C_Flags += -DDEBUG -UNDEBUG -UEDEBUG
|
|
||||||
else ifeq ($(SGX_PRERELEASE), 1)
|
|
||||||
App_C_Flags += -DNDEBUG -DEDEBUG -UDEBUG
|
|
||||||
else
|
|
||||||
App_C_Flags += -DNDEBUG -UEDEBUG -UDEBUG
|
|
||||||
endif
|
|
||||||
|
|
||||||
App_Cpp_Flags := $(App_C_Flags) -std=c++11
|
|
||||||
App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -lpthread
|
|
||||||
|
|
||||||
ifneq ($(SGX_MODE), HW)
|
|
||||||
App_Link_Flags += -lsgx_uae_service_sim
|
|
||||||
else
|
|
||||||
App_Link_Flags += -lsgx_uae_service
|
|
||||||
endif
|
|
||||||
|
|
||||||
App_Cpp_Objects := $(App_Cpp_Files:.cpp=.o)
|
|
||||||
|
|
||||||
App_Name := sgx-wallet
|
|
||||||
|
|
||||||
######## Enclave Settings ########
|
|
||||||
|
|
||||||
ifneq ($(SGX_MODE), HW)
|
|
||||||
Trts_Library_Name := sgx_trts_sim
|
|
||||||
Service_Library_Name := sgx_tservice_sim
|
|
||||||
else
|
|
||||||
Trts_Library_Name := sgx_trts
|
|
||||||
Service_Library_Name := sgx_tservice
|
|
||||||
endif
|
|
||||||
Crypto_Library_Name := sgx_tcrypto
|
|
||||||
|
|
||||||
Enclave_Cpp_Files := enclave/enclave.cpp enclave/sealing/sealing.cpp
|
|
||||||
Enclave_Include_Paths := -Ienclave -Iinclude -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/stlport
|
|
||||||
|
|
||||||
Enclave_C_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector $(Enclave_Include_Paths)
|
|
||||||
Enclave_Cpp_Flags := $(Enclave_C_Flags) -std=c++03 -nostdinc++
|
|
||||||
Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \
|
|
||||||
-Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
|
|
||||||
-Wl,--start-group -lsgx_tstdc -lsgx_tstdcxx -l$(Crypto_Library_Name) -l$(Service_Library_Name) -Wl,--end-group \
|
|
||||||
-Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
|
|
||||||
-Wl,-pie,-eenclave_entry -Wl,--export-dynamic \
|
|
||||||
-Wl,--defsym,__ImageBase=0
|
|
||||||
# -Wl,--version-script=Enclave/Enclave.lds
|
|
||||||
|
|
||||||
Enclave_Cpp_Objects := $(Enclave_Cpp_Files:.cpp=.o)
|
|
||||||
|
|
||||||
Enclave_Name := enclave.so
|
|
||||||
Signed_Enclave_Name := enclave.signed.so
|
|
||||||
Enclave_Config_File := enclave/enclave.config.xml
|
|
||||||
|
|
||||||
ifeq ($(SGX_MODE), HW)
|
|
||||||
ifneq ($(SGX_DEBUG), 1)
|
|
||||||
ifneq ($(SGX_PRERELEASE), 1)
|
|
||||||
Build_Mode = HW_RELEASE
|
|
||||||
endif
|
|
||||||
endif
|
|
||||||
endif
|
|
||||||
|
|
||||||
|
|
||||||
.PHONY: all run
|
|
||||||
|
|
||||||
ifeq ($(Build_Mode), HW_RELEASE)
|
|
||||||
all: $(App_Name) $(Enclave_Name)
|
|
||||||
@echo "The project has been built in release hardware mode."
|
|
||||||
@echo "Please sign the $(Enclave_Name) first with your signing key before you run the $(App_Name) to launch and access the enclave."
|
|
||||||
@echo "To sign the enclave use the command:"
|
|
||||||
@echo " $(SGX_ENCLAVE_SIGNER) sign -key <your key> -enclave $(Enclave_Name) -out <$(Signed_Enclave_Name)> -config $(Enclave_Config_File)"
|
|
||||||
@echo "You can also sign the enclave using an external signing tool. See User's Guide for more details."
|
|
||||||
@echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW."
|
|
||||||
else
|
|
||||||
all: $(App_Name) $(Signed_Enclave_Name)
|
|
||||||
endif
|
|
||||||
|
|
||||||
run: all
|
|
||||||
ifneq ($(Build_Mode), HW_RELEASE)
|
|
||||||
@$(CURDIR)/$(App_Name)
|
|
||||||
@echo "RUN => $(App_Name) [$(SGX_MODE)|$(SGX_ARCH), OK]"
|
|
||||||
endif
|
|
||||||
|
|
||||||
######## App Objects ########
|
|
||||||
|
|
||||||
app/enclave_u.c: $(SGX_EDGER8R) enclave/enclave.edl
|
|
||||||
@cd app && $(SGX_EDGER8R) --untrusted ../enclave/enclave.edl --search-path ../enclave --search-path $(SGX_SDK)/include
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
app/enclave_u.o: app/enclave_u.c
|
|
||||||
@$(CC) $(App_C_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
app/%.o: app/%.cpp
|
|
||||||
@$(CXX) $(App_Cpp_Flags) -c $< -o $@
|
|
||||||
@echo "CXX <= $<"
|
|
||||||
|
|
||||||
$(App_Name): app/enclave_u.o $(App_Cpp_Objects)
|
|
||||||
@$(CXX) $^ -o $@ $(App_Link_Flags)
|
|
||||||
@echo "LINK => $@"
|
|
||||||
|
|
||||||
|
|
||||||
######## Enclave Objects ########
|
|
||||||
|
|
||||||
enclave/enclave_t.c: $(SGX_EDGER8R) enclave/enclave.edl
|
|
||||||
@cd enclave && $(SGX_EDGER8R) --trusted ../enclave/enclave.edl --search-path ../enclave --search-path $(SGX_SDK)/include
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
enclave/enclave_t.o: enclave/enclave_t.c
|
|
||||||
@$(CC) $(Enclave_C_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
enclave/%.o: enclave/%.cpp
|
|
||||||
@$(CXX) $(Enclave_Cpp_Flags) -c $< -o $@
|
|
||||||
@echo "CXX <= $<"
|
|
||||||
|
|
||||||
$(Enclave_Name): enclave/enclave_t.o $(Enclave_Cpp_Objects)
|
|
||||||
@$(CXX) $^ -o $@ $(Enclave_Link_Flags)
|
|
||||||
@echo "LINK => $@"
|
|
||||||
|
|
||||||
$(Signed_Enclave_Name): $(Enclave_Name)
|
|
||||||
@$(SGX_ENCLAVE_SIGNER) sign -key enclave/enclave_private.pem -enclave $(Enclave_Name) -out $@ -config $(Enclave_Config_File)
|
|
||||||
@echo "SIGN => $@"
|
|
||||||
|
|
||||||
.PHONY: clean
|
|
||||||
|
|
||||||
clean:
|
|
||||||
@rm -f $(App_Name) $(Enclave_Name) $(Signed_Enclave_Name) $(App_Cpp_Objects) app/enclave_u.* $(Enclave_Cpp_Objects) enclave/enclave_t.*
|
|
|
@ -1,225 +0,0 @@
|
||||||
#include "enclave_u.h"
|
|
||||||
#include "sgx_urts.h"
|
|
||||||
|
|
||||||
#include <cstring>
|
|
||||||
#include <fstream>
|
|
||||||
#include <getopt.h>
|
|
||||||
|
|
||||||
#include "app.h"
|
|
||||||
#include "utils.h"
|
|
||||||
#include "wallet.h"
|
|
||||||
#include "enclave.h"
|
|
||||||
|
|
||||||
using namespace std;
|
|
||||||
|
|
||||||
|
|
||||||
// OCALLs implementation
|
|
||||||
int ocall_save_wallet(const uint8_t* sealed_data, const size_t sealed_size) {
|
|
||||||
ofstream file(WALLET_FILE, ios::out | ios::binary);
|
|
||||||
if (file.fail()) {return 1;}
|
|
||||||
file.write((const char*) sealed_data, sealed_size);
|
|
||||||
file.close();
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
int ocall_load_wallet(uint8_t* sealed_data, const size_t sealed_size) {
|
|
||||||
ifstream file(WALLET_FILE, ios::in | ios::binary);
|
|
||||||
if (file.fail()) {return 1;}
|
|
||||||
file.read((char*) sealed_data, sealed_size);
|
|
||||||
file.close();
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
int ocall_is_wallet(void) {
|
|
||||||
ifstream file(WALLET_FILE, ios::in | ios::binary);
|
|
||||||
if (file.fail()) {return 0;} // failure means no wallet found
|
|
||||||
file.close();
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
int main(int argc, char** argv) {
|
|
||||||
|
|
||||||
sgx_enclave_id_t eid = 0;
|
|
||||||
sgx_launch_token_t token = {0};
|
|
||||||
int updated, ret;
|
|
||||||
sgx_status_t ecall_status, enclave_status;
|
|
||||||
|
|
||||||
enclave_status = sgx_create_enclave(ENCLAVE_FILE, SGX_DEBUG_FLAG, &token, &updated, &eid, NULL);
|
|
||||||
if(enclave_status != SGX_SUCCESS) {
|
|
||||||
error_print("Fail to initialize enclave.");
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
info_print("Enclave successfully initilised.");
|
|
||||||
|
|
||||||
const char* options = "hvn:p:c:sax:y:z:r:";
|
|
||||||
opterr=0; // prevent 'getopt' from printing err messages
|
|
||||||
char err_message[100];
|
|
||||||
int opt, stop=0;
|
|
||||||
int h_flag=0, v_flag=0, s_flag=0, a_flag=0;
|
|
||||||
char * n_value=NULL, *p_value=NULL, *c_value=NULL, *x_value=NULL, *y_value=NULL, *z_value=NULL, *r_value=NULL;
|
|
||||||
|
|
||||||
// read user input
|
|
||||||
while ((opt = getopt(argc, argv, options)) != -1) {
|
|
||||||
switch (opt) {
|
|
||||||
// help
|
|
||||||
case 'h':
|
|
||||||
h_flag = 1;
|
|
||||||
break;
|
|
||||||
|
|
||||||
// create new wallet
|
|
||||||
case 'n':
|
|
||||||
n_value = optarg;
|
|
||||||
break;
|
|
||||||
|
|
||||||
// master-password
|
|
||||||
case 'p':
|
|
||||||
p_value = optarg;
|
|
||||||
break;
|
|
||||||
|
|
||||||
// change master-password
|
|
||||||
case 'c':
|
|
||||||
c_value = optarg;
|
|
||||||
break;
|
|
||||||
|
|
||||||
// show wallet
|
|
||||||
case 's':
|
|
||||||
s_flag = 1;
|
|
||||||
break;
|
|
||||||
|
|
||||||
// add item
|
|
||||||
case 'a': // add item flag
|
|
||||||
a_flag = 1;
|
|
||||||
break;
|
|
||||||
case 'x': // item's title
|
|
||||||
x_value = optarg;
|
|
||||||
break;
|
|
||||||
case 'y': // item's username
|
|
||||||
y_value = optarg;
|
|
||||||
break;
|
|
||||||
case 'z': // item's password
|
|
||||||
z_value = optarg;
|
|
||||||
break;
|
|
||||||
|
|
||||||
// remove item
|
|
||||||
case 'r':
|
|
||||||
r_value = optarg;
|
|
||||||
break;
|
|
||||||
|
|
||||||
// exceptions
|
|
||||||
case '?':
|
|
||||||
if (optopt == 'n' || optopt == 'p' || optopt == 'c' || optopt == 'r' ||
|
|
||||||
optopt == 'x' || optopt == 'y' || optopt == 'z'
|
|
||||||
) {
|
|
||||||
sprintf(err_message, "Option -%c requires an argument.", optopt);
|
|
||||||
}
|
|
||||||
else if (isprint(optopt)) {
|
|
||||||
sprintf(err_message, "Unknown option `-%c'.", optopt);
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
sprintf(err_message, "Unknown option character `\\x%x'.",optopt);
|
|
||||||
}
|
|
||||||
stop = 1;
|
|
||||||
error_print(err_message);
|
|
||||||
error_print("Program exiting.");
|
|
||||||
break;
|
|
||||||
|
|
||||||
default:
|
|
||||||
error_print("Unknown option.");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// perform actions
|
|
||||||
if (stop != 1) {
|
|
||||||
// show help
|
|
||||||
if (h_flag) {
|
|
||||||
show_help();
|
|
||||||
}
|
|
||||||
|
|
||||||
// create new wallet
|
|
||||||
else if(n_value!=NULL) {
|
|
||||||
ecall_status = ecall_create_wallet(eid, &ret, n_value);
|
|
||||||
if (ecall_status != SGX_SUCCESS || is_error(ret)) {
|
|
||||||
error_print("Fail to create new wallet.");
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
info_print("Wallet successfully created.");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// change master-password
|
|
||||||
else if (p_value!=NULL && c_value!=NULL) {
|
|
||||||
ecall_status = ecall_change_master_password(eid, &ret, p_value, c_value);
|
|
||||||
if (ecall_status != SGX_SUCCESS || is_error(ret)) {
|
|
||||||
error_print("Fail change master-password.");
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
info_print("Master-password successfully changed.");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// show wallet
|
|
||||||
else if(p_value!=NULL && s_flag) {
|
|
||||||
wallet_t* wallet = (wallet_t*)malloc(sizeof(wallet_t));
|
|
||||||
ecall_status = ecall_show_wallet(eid, &ret, p_value, wallet, sizeof(wallet_t));
|
|
||||||
if (ecall_status != SGX_SUCCESS || is_error(ret)) {
|
|
||||||
error_print("Fail to retrieve wallet.");
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
info_print("Wallet successfully retrieved.");
|
|
||||||
print_wallet(wallet);
|
|
||||||
}
|
|
||||||
free(wallet);
|
|
||||||
}
|
|
||||||
|
|
||||||
// add item
|
|
||||||
else if (p_value!=NULL && a_flag && x_value!=NULL && y_value!=NULL && z_value!=NULL) {
|
|
||||||
item_t* new_item = (item_t*)malloc(sizeof(item_t));
|
|
||||||
strcpy(new_item->title, x_value);
|
|
||||||
strcpy(new_item->username, y_value);
|
|
||||||
strcpy(new_item->password, z_value);
|
|
||||||
ecall_status = ecall_add_item(eid, &ret, p_value, new_item, sizeof(item_t));
|
|
||||||
if (ecall_status != SGX_SUCCESS || is_error(ret)) {
|
|
||||||
error_print("Fail to add new item to wallet.");
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
info_print("Item successfully added to the wallet.");
|
|
||||||
}
|
|
||||||
free(new_item);
|
|
||||||
}
|
|
||||||
|
|
||||||
// remove item
|
|
||||||
else if (p_value!=NULL && r_value!=NULL) {
|
|
||||||
char* p_end;
|
|
||||||
int index = (int)strtol(r_value, &p_end, 10);
|
|
||||||
if (r_value == p_end) {
|
|
||||||
error_print("Option -r requires an integer argument.");
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
ecall_status = ecall_remove_item(eid, &ret, p_value, index);
|
|
||||||
if (ecall_status != SGX_SUCCESS || is_error(ret)) {
|
|
||||||
error_print("Fail to remove item.");
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
info_print("Item successfully removed from the wallet.");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// display help
|
|
||||||
else {
|
|
||||||
error_print("Wrong inputs.");
|
|
||||||
show_help();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// destroy enclave
|
|
||||||
enclave_status = sgx_destroy_enclave(eid);
|
|
||||||
if(enclave_status != SGX_SUCCESS) {
|
|
||||||
error_print("Fail to destroy enclave.");
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
info_print("Enclave successfully destroyed.");
|
|
||||||
|
|
||||||
info_print("Program exit success.");
|
|
||||||
return 0;
|
|
||||||
}
|
|
|
@ -1,13 +0,0 @@
|
||||||
#ifndef APP_H_
|
|
||||||
#define APP_H_
|
|
||||||
|
|
||||||
|
|
||||||
/***************************************************
|
|
||||||
* config.
|
|
||||||
***************************************************/
|
|
||||||
#define APP_NAME "sgx-wallet"
|
|
||||||
#define ENCLAVE_FILE "enclave.signed.so"
|
|
||||||
#define WALLET_FILE "wallet.seal"
|
|
||||||
|
|
||||||
|
|
||||||
#endif // APP_H_
|
|
|
@ -1,101 +0,0 @@
|
||||||
#include <stdio.h>
|
|
||||||
#include <cstring>
|
|
||||||
|
|
||||||
#include "utils.h"
|
|
||||||
#include "app.h"
|
|
||||||
#include "wallet.h"
|
|
||||||
#include "enclave.h"
|
|
||||||
|
|
||||||
void info_print(const char* str) {
|
|
||||||
printf("[INFO] %s\n", str);
|
|
||||||
}
|
|
||||||
|
|
||||||
void warning_print(const char* str) {
|
|
||||||
printf("[WARNING] %s\n", str);
|
|
||||||
}
|
|
||||||
|
|
||||||
void error_print(const char* str) {
|
|
||||||
printf("[ERROR] %s\n", str);
|
|
||||||
}
|
|
||||||
|
|
||||||
void print_wallet(const wallet_t* wallet) {
|
|
||||||
printf("\n-----------------------------------------\n\n");
|
|
||||||
printf("Simple password wallet based on Intel SGX.\n\n");
|
|
||||||
printf("Number of items: %lu\n\n", wallet->size);
|
|
||||||
for (int i = 0; i < wallet->size; ++i) {
|
|
||||||
printf("#%d -- %s\n", i, wallet->items[i].title);
|
|
||||||
printf("[username:] %s\n", wallet->items[i].username);
|
|
||||||
printf("[password:] %s\n", wallet->items[i].password);
|
|
||||||
printf("\n");
|
|
||||||
}
|
|
||||||
printf("\n------------------------------------------\n\n");
|
|
||||||
}
|
|
||||||
|
|
||||||
int is_error(int error_code) {
|
|
||||||
char err_message[100];
|
|
||||||
|
|
||||||
// check error case
|
|
||||||
switch(error_code) {
|
|
||||||
case RET_SUCCESS:
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
case ERR_PASSWORD_OUT_OF_RANGE:
|
|
||||||
sprintf(err_message, "Password should be at least 8 characters long and at most %d.", MAX_ITEM_SIZE);
|
|
||||||
break;
|
|
||||||
|
|
||||||
case ERR_WALLET_ALREADY_EXISTS:
|
|
||||||
sprintf(err_message, "Wallet already exists: delete file '%s' first.", WALLET_FILE);
|
|
||||||
break;
|
|
||||||
|
|
||||||
case ERR_CANNOT_SAVE_WALLET:
|
|
||||||
strcpy(err_message, "Coud not save wallet.");
|
|
||||||
break;
|
|
||||||
|
|
||||||
case ERR_CANNOT_LOAD_WALLET:
|
|
||||||
strcpy(err_message, "Coud not load wallet.");
|
|
||||||
break;
|
|
||||||
|
|
||||||
case ERR_WRONG_MASTER_PASSWORD:
|
|
||||||
strcpy(err_message, "Wrong master password.");
|
|
||||||
break;
|
|
||||||
|
|
||||||
case ERR_WALLET_FULL:
|
|
||||||
sprintf(err_message, "Wallet full (maximum number of item: %d).", MAX_ITEMS);
|
|
||||||
break;
|
|
||||||
|
|
||||||
case ERR_ITEM_DOES_NOT_EXIST:
|
|
||||||
strcpy(err_message, "Item does not exist.");
|
|
||||||
break;
|
|
||||||
|
|
||||||
case ERR_ITEM_TOO_LONG:
|
|
||||||
sprintf(err_message, "Item too longth (maximum size: %d).", MAX_ITEM_SIZE);
|
|
||||||
break;
|
|
||||||
|
|
||||||
case ERR_FAIL_SEAL:
|
|
||||||
sprintf(err_message, "Fail to seal wallet.");
|
|
||||||
break;
|
|
||||||
|
|
||||||
case ERR_FAIL_UNSEAL:
|
|
||||||
sprintf(err_message, "Fail to unseal wallet.");
|
|
||||||
break;
|
|
||||||
|
|
||||||
default:
|
|
||||||
sprintf(err_message, "Unknown error.");
|
|
||||||
}
|
|
||||||
|
|
||||||
// print error message
|
|
||||||
error_print(err_message);
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
void show_help() {
|
|
||||||
const char* command = "[-h Show this screen] [-v Show version] [-s Show wallet] " \
|
|
||||||
"[-n master-password] [-p master-password -c new-master-password]" \
|
|
||||||
"[-p master-password -a -x items_title -y items_username -z toitems_password]" \
|
|
||||||
"[-p master-password -r items_index]";
|
|
||||||
printf("\nusage: %s %s\n\n", APP_NAME, command);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,21 +0,0 @@
|
||||||
#ifndef UTIL_H_
|
|
||||||
#define UTIL_H_
|
|
||||||
|
|
||||||
#include "wallet.h"
|
|
||||||
|
|
||||||
void info_print(const char* str);
|
|
||||||
|
|
||||||
void warning_print(const char* str);
|
|
||||||
|
|
||||||
void error_print(const char* str);
|
|
||||||
|
|
||||||
void print_wallet(const wallet_t* wallet);
|
|
||||||
|
|
||||||
int is_error(int error_code);
|
|
||||||
|
|
||||||
void show_help();
|
|
||||||
|
|
||||||
void show_version();
|
|
||||||
|
|
||||||
|
|
||||||
#endif // UTIL_H_
|
|
|
@ -1,12 +0,0 @@
|
||||||
<!-- Please refer to User's Guide for the explanation of each field -->
|
|
||||||
<EnclaveConfiguration>
|
|
||||||
<ProdID>0</ProdID>
|
|
||||||
<ISVSVN>0</ISVSVN>
|
|
||||||
<StackMaxSize>0x40000</StackMaxSize>
|
|
||||||
<HeapMaxSize>0x100000</HeapMaxSize>
|
|
||||||
<TCSNum>10</TCSNum>
|
|
||||||
<TCSPolicy>1</TCSPolicy>
|
|
||||||
<DisableDebug>0</DisableDebug>
|
|
||||||
<MiscSelect>0</MiscSelect>
|
|
||||||
<MiscMask>0xFFFFFFFF</MiscMask>
|
|
||||||
</EnclaveConfiguration>
|
|
|
@ -1,403 +0,0 @@
|
||||||
#include "enclave_t.h"
|
|
||||||
#include "string.h"
|
|
||||||
|
|
||||||
#include "enclave.h"
|
|
||||||
#include "wallet.h"
|
|
||||||
|
|
||||||
#include "sgx_tseal.h"
|
|
||||||
#include "sealing/sealing.h"
|
|
||||||
|
|
||||||
int ecall_create_wallet(const char* master_password) {
|
|
||||||
|
|
||||||
//
|
|
||||||
// OVERVIEW:
|
|
||||||
// 1. check password policy
|
|
||||||
// 2. [ocall] abort if wallet already exist
|
|
||||||
// 3. create wallet
|
|
||||||
// 4. seal wallet
|
|
||||||
// 5. [ocall] save wallet
|
|
||||||
// 6. exit enclave
|
|
||||||
//
|
|
||||||
//
|
|
||||||
sgx_status_t ocall_status, sealing_status;
|
|
||||||
int ocall_ret;
|
|
||||||
|
|
||||||
|
|
||||||
// 1. check passaword policy
|
|
||||||
if (strlen(master_password) < 8 || strlen(master_password)+1 > MAX_ITEM_SIZE) {
|
|
||||||
return ERR_PASSWORD_OUT_OF_RANGE;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 2. abort if wallet already exist
|
|
||||||
ocall_status = ocall_is_wallet(&ocall_ret);
|
|
||||||
if (ocall_ret != 0) {
|
|
||||||
return ERR_WALLET_ALREADY_EXISTS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 3. create new wallet
|
|
||||||
wallet_t* wallet = (wallet_t*)malloc(sizeof(wallet_t));
|
|
||||||
wallet->size = 0;
|
|
||||||
strncpy(wallet->master_password, master_password, strlen(master_password)+1);
|
|
||||||
|
|
||||||
|
|
||||||
// 4. seal wallet
|
|
||||||
size_t sealed_size = sizeof(sgx_sealed_data_t) + sizeof(wallet_t);
|
|
||||||
uint8_t* sealed_data = (uint8_t*)malloc(sealed_size);
|
|
||||||
sealing_status = seal_wallet(wallet, (sgx_sealed_data_t*)sealed_data, sealed_size);
|
|
||||||
free(wallet);
|
|
||||||
if (sealing_status != SGX_SUCCESS) {
|
|
||||||
free(sealed_data);
|
|
||||||
return ERR_FAIL_SEAL;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 5. save wallet
|
|
||||||
ocall_status = ocall_save_wallet(&ocall_ret, sealed_data, sealed_size);
|
|
||||||
free(sealed_data);
|
|
||||||
if (ocall_ret != 0 || ocall_status != SGX_SUCCESS) {
|
|
||||||
return ERR_CANNOT_SAVE_WALLET;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 6. exit enclave
|
|
||||||
return RET_SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @brief Provides the wallet content. The sizes/length of
|
|
||||||
* pointers need to be specified, otherwise SGX will
|
|
||||||
* assume a count of 1 for all pointers.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
int ecall_show_wallet(const char* master_password, wallet_t* wallet, size_t wallet_size) {
|
|
||||||
|
|
||||||
//
|
|
||||||
// OVERVIEW:
|
|
||||||
// 1. [ocall] load wallet
|
|
||||||
// 2. unseal wallet
|
|
||||||
// 3. verify master-password
|
|
||||||
// 4. return wallet to app
|
|
||||||
// 5. exit enclave
|
|
||||||
//
|
|
||||||
//
|
|
||||||
sgx_status_t ocall_status, sealing_status;
|
|
||||||
int ocall_ret;
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
// 1. load wallet
|
|
||||||
size_t sealed_size = sizeof(sgx_sealed_data_t) + sizeof(wallet_t);
|
|
||||||
uint8_t* sealed_data = (uint8_t*)malloc(sealed_size);
|
|
||||||
ocall_status = ocall_load_wallet(&ocall_ret, sealed_data, sealed_size);
|
|
||||||
if (ocall_ret != 0 || ocall_status != SGX_SUCCESS) {
|
|
||||||
free(sealed_data);
|
|
||||||
return ERR_CANNOT_LOAD_WALLET;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 2. unseal loaded wallet
|
|
||||||
uint32_t plaintext_size = sizeof(wallet_t);
|
|
||||||
wallet_t* unsealed_wallet = (wallet_t*)malloc(plaintext_size);
|
|
||||||
sealing_status = unseal_wallet((sgx_sealed_data_t*)sealed_data, unsealed_wallet, plaintext_size);
|
|
||||||
free(sealed_data);
|
|
||||||
if (sealing_status != SGX_SUCCESS) {
|
|
||||||
free(unsealed_wallet);
|
|
||||||
return ERR_FAIL_UNSEAL;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 3. verify master-password
|
|
||||||
if (strcmp(unsealed_wallet->master_password, master_password) != 0) {
|
|
||||||
free(unsealed_wallet);
|
|
||||||
return ERR_WRONG_MASTER_PASSWORD;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 4. return wallet to app
|
|
||||||
(* wallet) = *unsealed_wallet;
|
|
||||||
free(unsealed_wallet);
|
|
||||||
|
|
||||||
|
|
||||||
// 5. exit enclave
|
|
||||||
return RET_SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @brief Changes the wallet's master-password.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
int ecall_change_master_password(const char* old_password, const char* new_password) {
|
|
||||||
|
|
||||||
//
|
|
||||||
// OVERVIEW:
|
|
||||||
// 1. check password policy
|
|
||||||
// 2. [ocall] load wallet
|
|
||||||
// 3. unseal wallet
|
|
||||||
// 4. verify old password
|
|
||||||
// 5. update password
|
|
||||||
// 6. seal wallet
|
|
||||||
// 7. [ocall] save sealed wallet
|
|
||||||
// 8. exit enclave
|
|
||||||
//
|
|
||||||
//
|
|
||||||
sgx_status_t ocall_status, sealing_status;
|
|
||||||
int ocall_ret;
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
// 1. check passaword policy
|
|
||||||
if (strlen(new_password) < 8 || strlen(new_password)+1 > MAX_ITEM_SIZE) {
|
|
||||||
return ERR_PASSWORD_OUT_OF_RANGE;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 2. load wallet
|
|
||||||
size_t sealed_size = sizeof(sgx_sealed_data_t) + sizeof(wallet_t);
|
|
||||||
uint8_t* sealed_data = (uint8_t*)malloc(sealed_size);
|
|
||||||
ocall_status = ocall_load_wallet(&ocall_ret, sealed_data, sealed_size);
|
|
||||||
if (ocall_ret != 0 || ocall_status != SGX_SUCCESS) {
|
|
||||||
free(sealed_data);
|
|
||||||
return ERR_CANNOT_LOAD_WALLET;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 3. unseal wallet
|
|
||||||
uint32_t plaintext_size = sizeof(wallet_t);
|
|
||||||
wallet_t* wallet = (wallet_t*)malloc(plaintext_size);
|
|
||||||
sealing_status = unseal_wallet((sgx_sealed_data_t*)sealed_data, wallet, plaintext_size);
|
|
||||||
free(sealed_data);
|
|
||||||
if (sealing_status != SGX_SUCCESS) {
|
|
||||||
free(wallet);
|
|
||||||
return ERR_FAIL_UNSEAL;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 4. verify master-password
|
|
||||||
if (strcmp(wallet->master_password, old_password) != 0) {
|
|
||||||
free(wallet);
|
|
||||||
return ERR_WRONG_MASTER_PASSWORD;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 5. update password
|
|
||||||
strncpy(wallet->master_password, new_password, strlen(new_password)+1);
|
|
||||||
|
|
||||||
|
|
||||||
// 6. seal wallet
|
|
||||||
sealed_data = (uint8_t*)malloc(sealed_size);
|
|
||||||
sealing_status = seal_wallet(wallet, (sgx_sealed_data_t*)sealed_data, sealed_size);
|
|
||||||
free(wallet);
|
|
||||||
if (sealing_status != SGX_SUCCESS) {
|
|
||||||
free(wallet);
|
|
||||||
free(sealed_data);
|
|
||||||
return ERR_FAIL_SEAL;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 7. save wallet
|
|
||||||
ocall_status = ocall_save_wallet(&ocall_ret, sealed_data, sealed_size);
|
|
||||||
free(sealed_data);
|
|
||||||
if (ocall_ret != 0 || ocall_status != SGX_SUCCESS) {
|
|
||||||
return ERR_CANNOT_SAVE_WALLET;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 6. exit enclave
|
|
||||||
return RET_SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @brief Adds an item to the wallet. The sizes/length of
|
|
||||||
* pointers need to be specified, otherwise SGX will
|
|
||||||
* assume a count of 1 for all pointers.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
int ecall_add_item(const char* master_password, const item_t* item, const size_t item_size) {
|
|
||||||
|
|
||||||
//
|
|
||||||
// OVERVIEW:
|
|
||||||
// 1. [ocall] load wallet
|
|
||||||
// 2. unseal wallet
|
|
||||||
// 3. verify master-password
|
|
||||||
// 4. check input length
|
|
||||||
// 5. add item to the wallet
|
|
||||||
// 6. seal wallet
|
|
||||||
// 7. [ocall] save sealed wallet
|
|
||||||
// 8. exit enclave
|
|
||||||
//
|
|
||||||
//
|
|
||||||
sgx_status_t ocall_status, sealing_status;
|
|
||||||
int ocall_ret;
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
// 2. load wallet
|
|
||||||
size_t sealed_size = sizeof(sgx_sealed_data_t) + sizeof(wallet_t);
|
|
||||||
uint8_t* sealed_data = (uint8_t*)malloc(sealed_size);
|
|
||||||
ocall_status = ocall_load_wallet(&ocall_ret, sealed_data, sealed_size);
|
|
||||||
if (ocall_ret != 0 || ocall_status != SGX_SUCCESS) {
|
|
||||||
free(sealed_data);
|
|
||||||
return ERR_CANNOT_LOAD_WALLET;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 3. unseal wallet
|
|
||||||
uint32_t plaintext_size = sizeof(wallet_t);
|
|
||||||
wallet_t* wallet = (wallet_t*)malloc(plaintext_size);
|
|
||||||
sealing_status = unseal_wallet((sgx_sealed_data_t*)sealed_data, wallet, plaintext_size);
|
|
||||||
free(sealed_data);
|
|
||||||
if (sealing_status != SGX_SUCCESS) {
|
|
||||||
free(wallet);
|
|
||||||
return ERR_FAIL_UNSEAL;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 3. verify master-password
|
|
||||||
if (strcmp(wallet->master_password, master_password) != 0) {
|
|
||||||
free(wallet);
|
|
||||||
return ERR_WRONG_MASTER_PASSWORD;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 4. check input length
|
|
||||||
if (strlen(item->title)+1 > MAX_ITEM_SIZE ||
|
|
||||||
strlen(item->username)+1 > MAX_ITEM_SIZE ||
|
|
||||||
strlen(item->password)+1 > MAX_ITEM_SIZE
|
|
||||||
) {
|
|
||||||
free(wallet);
|
|
||||||
return ERR_ITEM_TOO_LONG;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 5. add item to the wallet
|
|
||||||
size_t wallet_size = wallet->size;
|
|
||||||
if (wallet_size >= MAX_ITEMS) {
|
|
||||||
free(wallet);
|
|
||||||
return ERR_WALLET_FULL;
|
|
||||||
}
|
|
||||||
wallet->items[wallet_size] = *item;
|
|
||||||
++wallet->size;
|
|
||||||
|
|
||||||
|
|
||||||
// 6. seal wallet
|
|
||||||
sealed_data = (uint8_t*)malloc(sealed_size);
|
|
||||||
sealing_status = seal_wallet(wallet, (sgx_sealed_data_t*)sealed_data, sealed_size);
|
|
||||||
free(wallet);
|
|
||||||
if (sealing_status != SGX_SUCCESS) {
|
|
||||||
free(wallet);
|
|
||||||
free(sealed_data);
|
|
||||||
return ERR_FAIL_SEAL;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 7. save wallet
|
|
||||||
ocall_status = ocall_save_wallet(&ocall_ret, sealed_data, sealed_size);
|
|
||||||
free(sealed_data);
|
|
||||||
if (ocall_ret != 0 || ocall_status != SGX_SUCCESS) {
|
|
||||||
return ERR_CANNOT_SAVE_WALLET;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 8. exit enclave
|
|
||||||
return RET_SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @brief Removes an item from the wallet. The sizes/length of
|
|
||||||
* pointers need to be specified, otherwise SGX will
|
|
||||||
* assume a count of 1 for all pointers.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
int ecall_remove_item(const char* master_password, const int index) {
|
|
||||||
|
|
||||||
//
|
|
||||||
// OVERVIEW:
|
|
||||||
// 1. check index bounds
|
|
||||||
// 2. [ocall] load wallet
|
|
||||||
// 3. unseal wallet
|
|
||||||
// 4. verify master-password
|
|
||||||
// 5. remove item from the wallet
|
|
||||||
// 6. seal wallet
|
|
||||||
// 7. [ocall] save sealed wallet
|
|
||||||
// 8. exit enclave
|
|
||||||
//
|
|
||||||
//
|
|
||||||
sgx_status_t ocall_status, sealing_status;
|
|
||||||
int ocall_ret;
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
// 1. check index bounds
|
|
||||||
if (index < 0 || index >= MAX_ITEMS) {
|
|
||||||
return ERR_ITEM_DOES_NOT_EXIST;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 2. load wallet
|
|
||||||
size_t sealed_size = sizeof(sgx_sealed_data_t) + sizeof(wallet_t);
|
|
||||||
uint8_t* sealed_data = (uint8_t*)malloc(sealed_size);
|
|
||||||
ocall_status = ocall_load_wallet(&ocall_ret, sealed_data, sealed_size);
|
|
||||||
if (ocall_ret != 0 || ocall_status != SGX_SUCCESS) {
|
|
||||||
free(sealed_data);
|
|
||||||
return ERR_CANNOT_LOAD_WALLET;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 3. unseal wallet
|
|
||||||
uint32_t plaintext_size = sizeof(wallet_t);
|
|
||||||
wallet_t* wallet = (wallet_t*)malloc(plaintext_size);
|
|
||||||
sealing_status = unseal_wallet((sgx_sealed_data_t*)sealed_data, wallet, plaintext_size);
|
|
||||||
free(sealed_data);
|
|
||||||
if (sealing_status != SGX_SUCCESS) {
|
|
||||||
free(wallet);
|
|
||||||
return ERR_FAIL_UNSEAL;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 4. verify master-password
|
|
||||||
if (strcmp(wallet->master_password, master_password) != 0) {
|
|
||||||
free(wallet);
|
|
||||||
return ERR_WRONG_MASTER_PASSWORD;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 5. remove item from the wallet
|
|
||||||
size_t wallet_size = wallet->size;
|
|
||||||
if (index >= wallet_size) {
|
|
||||||
free(wallet);
|
|
||||||
return ERR_ITEM_DOES_NOT_EXIST;
|
|
||||||
}
|
|
||||||
for (int i = index; i < wallet_size-1; ++i) {
|
|
||||||
wallet->items[i] = wallet->items[i+1];
|
|
||||||
}
|
|
||||||
--wallet->size;
|
|
||||||
|
|
||||||
|
|
||||||
// 6. seal wallet
|
|
||||||
sealed_data = (uint8_t*)malloc(sealed_size);
|
|
||||||
sealing_status = seal_wallet(wallet, (sgx_sealed_data_t*)sealed_data, sealed_size);
|
|
||||||
free(wallet);
|
|
||||||
if (sealing_status != SGX_SUCCESS) {
|
|
||||||
free(sealed_data);
|
|
||||||
return ERR_FAIL_SEAL;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 7. save wallet
|
|
||||||
ocall_status = ocall_save_wallet(&ocall_ret, sealed_data, sealed_size);
|
|
||||||
free(sealed_data);
|
|
||||||
if (ocall_ret != 0 || ocall_status != SGX_SUCCESS) {
|
|
||||||
return ERR_CANNOT_SAVE_WALLET;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// 8. exit enclave
|
|
||||||
return RET_SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,53 +0,0 @@
|
||||||
enclave {
|
|
||||||
|
|
||||||
// includes
|
|
||||||
include "wallet.h"
|
|
||||||
|
|
||||||
|
|
||||||
// define ECALLs
|
|
||||||
trusted {
|
|
||||||
|
|
||||||
public int ecall_create_wallet(
|
|
||||||
[in, string]const char* master_password
|
|
||||||
);
|
|
||||||
|
|
||||||
public int ecall_show_wallet(
|
|
||||||
[in, string]const char* master_password,
|
|
||||||
[out, size=wallet_size] wallet_t* wallet,
|
|
||||||
size_t wallet_size
|
|
||||||
);
|
|
||||||
|
|
||||||
public int ecall_change_master_password(
|
|
||||||
[in, string]const char* old_password,
|
|
||||||
[in, string]const char* new_password
|
|
||||||
);
|
|
||||||
|
|
||||||
public int ecall_add_item(
|
|
||||||
[in, string]const char* master_password,
|
|
||||||
[in, size=item_size]const item_t* item,
|
|
||||||
size_t item_size
|
|
||||||
);
|
|
||||||
|
|
||||||
public int ecall_remove_item(
|
|
||||||
[in, string]const char* master_password,
|
|
||||||
int index
|
|
||||||
);
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
// define OCALLs
|
|
||||||
untrusted {
|
|
||||||
|
|
||||||
int ocall_save_wallet(
|
|
||||||
[in, size=sealed_size]const uint8_t* sealed_data,
|
|
||||||
size_t sealed_size
|
|
||||||
);
|
|
||||||
|
|
||||||
int ocall_load_wallet(
|
|
||||||
[out, size=sealed_size]uint8_t* sealed_data,
|
|
||||||
size_t sealed_size
|
|
||||||
);
|
|
||||||
|
|
||||||
int ocall_is_wallet(void);
|
|
||||||
};
|
|
||||||
};
|
|
|
@ -1,39 +0,0 @@
|
||||||
-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIIG4gIBAAKCAYEAroOogvsj/fZDZY8XFdkl6dJmky0lRvnWMmpeH41Bla6U1qLZ
|
|
||||||
AmZuyIF+mQC/cgojIsrBMzBxb1kKqzATF4+XwPwgKz7fmiddmHyYz2WDJfAjIveJ
|
|
||||||
ZjdMjM4+EytGlkkJ52T8V8ds0/L2qKexJ+NBLxkeQLfV8n1mIk7zX7jguwbCG1Pr
|
|
||||||
nEMdJ3Sew20vnje+RsngAzdPChoJpVsWi/K7cettX/tbnre1DL02GXc5qJoQYk7b
|
|
||||||
3zkmhz31TgFrd9VVtmUGyFXAysuSAb3EN+5VnHGr0xKkeg8utErea2FNtNIgua8H
|
|
||||||
ONfm9Eiyaav1SVKzPHlyqLtcdxH3I8Wg7yqMsaprZ1n5A1v/levxnL8+It02KseD
|
|
||||||
5HqV4rf/cImSlCt3lpRg8U5E1pyFQ2IVEC/XTDMiI3c+AR+w2jSRB3Bwn9zJtFlW
|
|
||||||
KHG3m1xGI4ck+Lci1JvWWLXQagQSPtZTsubxTQNx1gsgZhgv1JHVZMdbVlAbbRMC
|
|
||||||
1nSuJNl7KPAS/VfzAgEDAoIBgHRXxaynbVP5gkO0ug6Qw/E27wzIw4SmjsxG6Wpe
|
|
||||||
K7kfDeRskKxESdsA/xCrKkwGwhcx1iIgS5+Qscd1Yg+1D9X9asd/P7waPmWoZd+Z
|
|
||||||
AhlKwhdPsO7PiF3e1AzHhGQwsUTt/Y/aSI1MpHBvy2/s1h9mFCslOUxTmWw0oj/Q
|
|
||||||
ldIEgWeNR72CE2+jFIJIyml6ftnb6qzPiga8Bm48ubKh0kvySOqnkmnPzgh+JBD6
|
|
||||||
JnBmtZbfPT97bwTT+N6rnPqOOApvfHPf15kWI8yDbprG1l4OCUaIUH1AszxLd826
|
|
||||||
5IPM+8gINLRDP1MA6azECPjTyHXhtnSIBZCyWSVkc05vYmNXYUNiXWMajcxW9M02
|
|
||||||
wKzFELO8NCEAkaTPxwo4SCyIjUxiK1LbQ9h8PSy4c1+gGP4LAMR8xqP4QKg6zdu9
|
|
||||||
osUGG/xRe/uufgTBFkcjqBHtK5L5VI0jeNIUAgW/6iNbYXjBMJ0GfauLs+g1VsOm
|
|
||||||
WfdgXzsb9DYdMa0OXXHypmV4GwKBwQDUwQj8RKJ6c8cT4vcWCoJvJF00+RFL+P3i
|
|
||||||
Gx2DLERxRrDa8AVGfqaCjsR+3vLgG8V/py+z+dxZYSqeB80Qeo6PDITcRKoeAYh9
|
|
||||||
xlT3LJOS+k1cJcEmlbbO2IjLkTmzSwa80fWexKu8/Xv6vv15gpqYl1ngYoqJM3pd
|
|
||||||
vzmTIOi7MKSZ0WmEQavrZj8zK4endE3v0eAEeQ55j1GImbypSf7Idh7wOXtjZ7WD
|
|
||||||
Dg6yWDrri+AP/L3gClMj8wsAxMV4ZR8CgcEA0fzDHkFa6raVOxWnObmRoDhAtE0a
|
|
||||||
cjUj976NM5yyfdf2MrKy4/RhdTiPZ6b08/lBC/+xRfV3xKVGzacm6QjqjZrUpgHC
|
|
||||||
0LKiZaMtccCJjLtPwQd0jGQEnKfMFaPsnhOc5y8qVkCzVOSthY5qhz0XNotHHFmJ
|
|
||||||
gffVgB0iqrMTvSL7IA2yqqpOqNRlhaYhNl8TiFP3gIeMtVa9rZy31JPgT2uJ+kfo
|
|
||||||
gV7sdTPEjPWZd7OshGxWpT6QfVDj/T9T7L6tAoHBAI3WBf2DFvxNL2KXT2QHAZ9t
|
|
||||||
k3imC4f7U+wSE6zILaDZyzygA4RUbwG0gv8/TJVn2P/Eynf76DuWHGlaiLWnCbSz
|
|
||||||
Az2DHBQBBaku409zDQym3j1ugMRjzzSQWzJg0SIyBH3hTmnYcn3+Uqcp/lEBvGW6
|
|
||||||
O+rsXFt3pukqJmIV8HzLGGaLm62BHUeZf3dyWm+i3p/hQAL7Xvu04QW70xuGqdr5
|
|
||||||
afV7p5eaeQIJXyGQJ0eylV/90+qxjMKiB1XYg6WYvwKBwQCL/ddpgOdHJGN8uRom
|
|
||||||
e7Zq0Csi3hGheMKlKbN3vcxT5U7MdyHtTZZOJbTvxKNNUNYH/8uD+PqDGNneb29G
|
|
||||||
BfGzvI3EASyLIcGZF3OhKwZd0jUrWk2y7Vhob91jwp2+t73vdMbkKyI4mHOuXvGv
|
|
||||||
fg95si9oO7EBT+Oqvhccd2J+F1IVXncccYnF4u5ZGWt5lLewN/pVr7MjjykeaHqN
|
|
||||||
t+rfnQam2psA6fL4zS2zTmZPzR2tnY8Y1GBTi0Ko1OKd1HMCgcAb5cB/7/AQlhP9
|
|
||||||
yQa04PLH9ygQkKKptZp7dy5WcWRx0K/hAHRoi2aw1wZqfm7VBNu2SLcs90kCCCxp
|
|
||||||
6C5sfJi6b8NpNbIPC+sc9wsFr7pGo9SFzQ78UlcWYK2Gu2FxlMjonhka5hvo4zvg
|
|
||||||
WxlpXKEkaFt3gLd92m/dMqBrHfafH7VwOJY2zT3WIpjwuk0ZzmRg5p0pG/svVQEH
|
|
||||||
NZmwRwlopysbR69B/n1nefJ84UO50fLh5s5Zr3gBRwbWNZyzhXk=
|
|
||||||
-----END RSA PRIVATE KEY-----
|
|
|
@ -1,15 +0,0 @@
|
||||||
#include "enclave_t.h"
|
|
||||||
#include "sgx_trts.h"
|
|
||||||
#include "sgx_tseal.h"
|
|
||||||
|
|
||||||
#include "wallet.h"
|
|
||||||
#include "sealing.h"
|
|
||||||
|
|
||||||
sgx_status_t seal_wallet(const wallet_t* wallet, sgx_sealed_data_t* sealed_data, size_t sealed_size) {
|
|
||||||
return sgx_seal_data(0, NULL, sizeof(wallet_t), (uint8_t*)wallet, sealed_size, sealed_data);
|
|
||||||
}
|
|
||||||
|
|
||||||
sgx_status_t unseal_wallet(const sgx_sealed_data_t* sealed_data, wallet_t* plaintext, uint32_t plaintext_size) {
|
|
||||||
return sgx_unseal_data(sealed_data, NULL, NULL, (uint8_t*)plaintext, &plaintext_size);
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,16 +0,0 @@
|
||||||
#ifndef SEALING_H_
|
|
||||||
#define SEALING_H_
|
|
||||||
|
|
||||||
#include "sgx_trts.h"
|
|
||||||
#include "sgx_tseal.h"
|
|
||||||
|
|
||||||
#include "wallet.h"
|
|
||||||
|
|
||||||
sgx_status_t seal_wallet(const wallet_t* plaintext, sgx_sealed_data_t* sealed_data, size_t sealed_size);
|
|
||||||
|
|
||||||
sgx_status_t unseal_wallet(const sgx_sealed_data_t* sealed_data, wallet_t* plaintext, uint32_t plaintext_size);
|
|
||||||
|
|
||||||
|
|
||||||
#endif // SEALING_H_
|
|
||||||
|
|
||||||
|
|
|
@ -1,21 +0,0 @@
|
||||||
#ifndef ENCLAVE_H_
|
|
||||||
#define ENCLAVE_H_
|
|
||||||
|
|
||||||
|
|
||||||
/***************************************************
|
|
||||||
* Enclave return codes
|
|
||||||
***************************************************/
|
|
||||||
#define RET_SUCCESS 0
|
|
||||||
#define ERR_PASSWORD_OUT_OF_RANGE 1
|
|
||||||
#define ERR_WALLET_ALREADY_EXISTS 2
|
|
||||||
#define ERR_CANNOT_SAVE_WALLET 3
|
|
||||||
#define ERR_CANNOT_LOAD_WALLET 4
|
|
||||||
#define ERR_WRONG_MASTER_PASSWORD 5
|
|
||||||
#define ERR_WALLET_FULL 6
|
|
||||||
#define ERR_ITEM_DOES_NOT_EXIST 7
|
|
||||||
#define ERR_ITEM_TOO_LONG 8
|
|
||||||
#define ERR_FAIL_SEAL 9
|
|
||||||
#define ERR_FAIL_UNSEAL 10
|
|
||||||
|
|
||||||
|
|
||||||
#endif // ENCLAVE_H_
|
|
|
@ -1,25 +0,0 @@
|
||||||
#ifndef WALLET_H_
|
|
||||||
#define WALLET_H_
|
|
||||||
|
|
||||||
#define MAX_ITEMS 100
|
|
||||||
#define MAX_ITEM_SIZE 100
|
|
||||||
|
|
||||||
// item
|
|
||||||
struct Item {
|
|
||||||
char title[MAX_ITEM_SIZE];
|
|
||||||
char username[MAX_ITEM_SIZE];
|
|
||||||
char password[MAX_ITEM_SIZE];
|
|
||||||
};
|
|
||||||
typedef struct Item item_t;
|
|
||||||
|
|
||||||
// wallet
|
|
||||||
struct Wallet {
|
|
||||||
item_t items[MAX_ITEMS];
|
|
||||||
size_t size;
|
|
||||||
char master_password[MAX_ITEM_SIZE];
|
|
||||||
};
|
|
||||||
typedef struct Wallet wallet_t;
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
#endif // WALLET_H_
|
|
|
@ -1,216 +0,0 @@
|
||||||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
|
||||||
<?fileVersion 4.0.0?><cproject storage_type_id="org.eclipse.cdt.core.XmlProjectDescriptionStorage">
|
|
||||||
<storageModule moduleId="org.eclipse.cdt.core.settings">
|
|
||||||
<cconfiguration id="com.intel.sgx.configuration.Sim.Debug">
|
|
||||||
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.Sim.Debug" moduleId="org.eclipse.cdt.core.settings" name="Intel(R) SGX Simulation Debug">
|
|
||||||
<externalSettings/>
|
|
||||||
<extensions>
|
|
||||||
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
</extensions>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
|
|
||||||
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.Sim.Debug" name="Intel(R) SGX Simulation Debug" parent="com.intel.sgx.configuration.Sim.Debug">
|
|
||||||
<folderInfo id="com.intel.sgx.configuration.Sim.Debug.935873960" name="/" resourcePath="">
|
|
||||||
<toolChain id="com.intel.sgx.toolChain.Sim.Debug.2132595457" name="Intel(R) SGX" superClass="com.intel.sgx.toolChain.Sim.Debug">
|
|
||||||
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.1678491512" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
|
|
||||||
<builder arguments="SGX_DEBUG=1 SGX_MODE=SIM -f Makefile" command="make" id="com.intel.sgx.builder2.229166714" keepEnvironmentInBuildfile="false" name="Intel(R) Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder2"/>
|
|
||||||
<tool id="com.intel.sgx.compiler.81269967" name="Intel(R) SGX" superClass="com.intel.sgx.compiler">
|
|
||||||
<option id="com.intel.sgx.option.includePath.1694375039" superClass="com.intel.sgx.option.includePath" valueType="includePath">
|
|
||||||
<listOptionValue builtIn="false" value=""${SGX_SDK}/include""/>
|
|
||||||
</option>
|
|
||||||
<inputType id="com.intel.sgx.inputType.742388855" superClass="com.intel.sgx.inputType"/>
|
|
||||||
</tool>
|
|
||||||
</toolChain>
|
|
||||||
</folderInfo>
|
|
||||||
</configuration>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
|
|
||||||
</cconfiguration>
|
|
||||||
<cconfiguration id="com.intel.sgx.configuration.Sim.Release">
|
|
||||||
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.Sim.Release" moduleId="org.eclipse.cdt.core.settings" name="Intel(R) SGX Simulation">
|
|
||||||
<externalSettings/>
|
|
||||||
<extensions>
|
|
||||||
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
</extensions>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
|
|
||||||
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.Sim.Release" name="Intel(R) SGX Simulation" parent="com.intel.sgx.configuration.Sim.Release">
|
|
||||||
<folderInfo id="com.intel.sgx.configuration.Sim.Release.428839196" name="/" resourcePath="">
|
|
||||||
<toolChain id="com.intel.sgx.toolChain.Sim.Release.709775329" name="Intel(R) SGX" superClass="com.intel.sgx.toolChain.Sim.Release">
|
|
||||||
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.1866379479" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
|
|
||||||
<builder arguments="SGX_DEBUG=0 SGX_MODE=SIM -f Makefile" command="make" id="com.intel.sgx.builder3.1000705250" keepEnvironmentInBuildfile="false" name="Intel(R) Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder3"/>
|
|
||||||
<tool id="com.intel.sgx.compiler.301453474" name="Intel(R) SGX" superClass="com.intel.sgx.compiler">
|
|
||||||
<option id="com.intel.sgx.option.includePath.1312096753" superClass="com.intel.sgx.option.includePath" valueType="includePath">
|
|
||||||
<listOptionValue builtIn="false" value=""${SGX_SDK}/include""/>
|
|
||||||
</option>
|
|
||||||
<inputType id="com.intel.sgx.inputType.596141238" superClass="com.intel.sgx.inputType"/>
|
|
||||||
</tool>
|
|
||||||
</toolChain>
|
|
||||||
</folderInfo>
|
|
||||||
</configuration>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
|
|
||||||
</cconfiguration>
|
|
||||||
<cconfiguration id="com.intel.sgx.configuration.HW.Debug">
|
|
||||||
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.HW.Debug" moduleId="org.eclipse.cdt.core.settings" name="Intel(R) SGX Hardware Debug">
|
|
||||||
<externalSettings/>
|
|
||||||
<extensions>
|
|
||||||
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
</extensions>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
|
|
||||||
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.HW.Debug" name="Intel(R) SGX Hardware Debug" parent="com.intel.sgx.configuration.HW.Debug">
|
|
||||||
<folderInfo id="com.intel.sgx.configuration.HW.Debug.562917509" name="/" resourcePath="">
|
|
||||||
<toolChain id="com.intel.sgx.toolChain.HW.Debug.2046051538" name="Intel(R) SGX" superClass="com.intel.sgx.toolChain.HW.Debug">
|
|
||||||
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.999277922" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
|
|
||||||
<builder arguments="SGX_DEBUG=1 SGX_MODE=HW -f Makefile" command="make" id="com.intel.sgx.builder1.577701014" keepEnvironmentInBuildfile="false" name="Intel(R) Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder1"/>
|
|
||||||
<tool id="com.intel.sgx.compiler.1898704176" name="Intel(R) SGX" superClass="com.intel.sgx.compiler">
|
|
||||||
<option id="com.intel.sgx.option.includePath.1026657138" superClass="com.intel.sgx.option.includePath" valueType="includePath">
|
|
||||||
<listOptionValue builtIn="false" value=""${SGX_SDK}/include""/>
|
|
||||||
</option>
|
|
||||||
<inputType id="com.intel.sgx.inputType.393162412" superClass="com.intel.sgx.inputType"/>
|
|
||||||
</tool>
|
|
||||||
</toolChain>
|
|
||||||
</folderInfo>
|
|
||||||
</configuration>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
|
|
||||||
</cconfiguration>
|
|
||||||
<cconfiguration id="com.intel.sgx.configuration.HW.Prerelease">
|
|
||||||
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.HW.Prerelease" moduleId="org.eclipse.cdt.core.settings" name="Intel(R) SGX Hardware Prerelease">
|
|
||||||
<externalSettings/>
|
|
||||||
<extensions>
|
|
||||||
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
</extensions>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
|
|
||||||
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.HW.Prerelease" name="Intel(R) SGX Hardware Prerelease" parent="com.intel.sgx.configuration.HW.Prerelease">
|
|
||||||
<folderInfo id="com.intel.sgx.configuration.HW.Prerelease.2074448686" name="/" resourcePath="">
|
|
||||||
<toolChain id="com.intel.sgx.toolChain.HW.Prerelease.2016152654" name="Intel(R) SGX" superClass="com.intel.sgx.toolChain.HW.Prerelease">
|
|
||||||
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.1520324017" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
|
|
||||||
<builder arguments="SGX_PRERELEASE=1 SGX_MODE=HW -f Makefile" command="make" id="com.intel.sgx.builder5.293910513" keepEnvironmentInBuildfile="false" name="Intel(R) Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder5"/>
|
|
||||||
<tool id="com.intel.sgx.compiler.845441552" name="Intel(R) SGX" superClass="com.intel.sgx.compiler">
|
|
||||||
<option id="com.intel.sgx.option.includePath.199398937" superClass="com.intel.sgx.option.includePath" valueType="includePath">
|
|
||||||
<listOptionValue builtIn="false" value=""${SGX_SDK}/include""/>
|
|
||||||
</option>
|
|
||||||
<inputType id="com.intel.sgx.inputType.1555926498" superClass="com.intel.sgx.inputType"/>
|
|
||||||
</tool>
|
|
||||||
</toolChain>
|
|
||||||
</folderInfo>
|
|
||||||
</configuration>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
|
|
||||||
</cconfiguration>
|
|
||||||
<cconfiguration id="com.intel.sgx.configuration.HW.Release">
|
|
||||||
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.HW.Release" moduleId="org.eclipse.cdt.core.settings" name="Intel(R) SGX Hardware Release">
|
|
||||||
<externalSettings/>
|
|
||||||
<extensions>
|
|
||||||
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
</extensions>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
|
|
||||||
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.HW.Release" name="Intel(R) SGX Hardware Release" parent="com.intel.sgx.configuration.HW.Release">
|
|
||||||
<folderInfo id="com.intel.sgx.configuration.HW.Release.1347223665" name="/" resourcePath="">
|
|
||||||
<toolChain id="com.intel.sgx.toolChain.HW.Release.1050674831" name="Intel(R) SGX" superClass="com.intel.sgx.toolChain.HW.Release">
|
|
||||||
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.987781695" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
|
|
||||||
<builder arguments="SGX_DEBUG=0 SGX_MODE=HW -f Makefile" command="make" id="com.intel.sgx.builder6.484951388" keepEnvironmentInBuildfile="false" name="Intel(R) Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder6"/>
|
|
||||||
<tool id="com.intel.sgx.compiler.945246695" name="Intel(R) SGX" superClass="com.intel.sgx.compiler">
|
|
||||||
<option id="com.intel.sgx.option.includePath.119487102" superClass="com.intel.sgx.option.includePath" valueType="includePath">
|
|
||||||
<listOptionValue builtIn="false" value=""${SGX_SDK}/include""/>
|
|
||||||
</option>
|
|
||||||
<inputType id="com.intel.sgx.inputType.593431891" superClass="com.intel.sgx.inputType"/>
|
|
||||||
</tool>
|
|
||||||
</toolChain>
|
|
||||||
</folderInfo>
|
|
||||||
</configuration>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
|
|
||||||
</cconfiguration>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
|
|
||||||
<project id="LocalAttestation.cdt.managedbuild.target.gnu.exe.872917958" name="Executable" projectType="cdt.managedbuild.target.gnu.exe"/>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="org.eclipse.cdt.core.LanguageSettingsProviders"/>
|
|
||||||
<storageModule moduleId="refreshScope" versionNumber="2">
|
|
||||||
<configuration configurationName="Intel(R) SGX Hardware Debug">
|
|
||||||
<resource resourceType="PROJECT" workspacePath="/LocalAttestation"/>
|
|
||||||
</configuration>
|
|
||||||
<configuration configurationName="Intel(R) SGX Simulation Debug">
|
|
||||||
<resource resourceType="PROJECT" workspacePath="/LocalAttestation"/>
|
|
||||||
</configuration>
|
|
||||||
<configuration configurationName="Intel(R) SGX Hardware Prerelease">
|
|
||||||
<resource resourceType="PROJECT" workspacePath="/LocalAttestation"/>
|
|
||||||
</configuration>
|
|
||||||
<configuration configurationName="Intel(R) SGX Simulation">
|
|
||||||
<resource resourceType="PROJECT" workspacePath="/LocalAttestation"/>
|
|
||||||
</configuration>
|
|
||||||
<configuration configurationName="Intel(R) SGX Hardware Release">
|
|
||||||
<resource resourceType="PROJECT" workspacePath="/LocalAttestation"/>
|
|
||||||
</configuration>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="scannerConfiguration">
|
|
||||||
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
|
|
||||||
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.HW.Release;com.intel.sgx.configuration.HW.Release.1347223665;com.intel.sgx.compiler.945246695;com.intel.sgx.inputType.593431891">
|
|
||||||
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
|
|
||||||
</scannerConfigBuildInfo>
|
|
||||||
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.Sim.Debug;com.intel.sgx.configuration.Sim.Debug.935873960;com.intel.sgx.compiler.81269967;com.intel.sgx.inputType.742388855">
|
|
||||||
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
|
|
||||||
</scannerConfigBuildInfo>
|
|
||||||
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.Sim.Release;com.intel.sgx.configuration.Sim.Release.428839196;com.intel.sgx.compiler.301453474;com.intel.sgx.inputType.596141238">
|
|
||||||
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
|
|
||||||
</scannerConfigBuildInfo>
|
|
||||||
<scannerConfigBuildInfo instanceId="cdt.managedbuild.config.gnu.exe.debug.1609650460;cdt.managedbuild.config.gnu.exe.debug.1609650460.;cdt.managedbuild.tool.gnu.c.compiler.exe.debug.1644119147;cdt.managedbuild.tool.gnu.c.compiler.input.938348551">
|
|
||||||
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
|
|
||||||
</scannerConfigBuildInfo>
|
|
||||||
<scannerConfigBuildInfo instanceId="cdt.managedbuild.config.gnu.exe.release.1394873887;cdt.managedbuild.config.gnu.exe.release.1394873887.;cdt.managedbuild.tool.gnu.c.compiler.exe.release.2035356548;cdt.managedbuild.tool.gnu.c.compiler.input.793813290">
|
|
||||||
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
|
|
||||||
</scannerConfigBuildInfo>
|
|
||||||
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.HW.Debug;com.intel.sgx.configuration.HW.Debug.562917509;com.intel.sgx.compiler.1898704176;com.intel.sgx.inputType.393162412">
|
|
||||||
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
|
|
||||||
</scannerConfigBuildInfo>
|
|
||||||
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.HW.Prerelease;com.intel.sgx.configuration.HW.Prerelease.2074448686;com.intel.sgx.compiler.845441552;com.intel.sgx.inputType.1555926498">
|
|
||||||
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
|
|
||||||
</scannerConfigBuildInfo>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="org.eclipse.cdt.internal.ui.text.commentOwnerProjectMappings"/>
|
|
||||||
</cproject>
|
|
|
@ -1,28 +0,0 @@
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
|
||||||
<projectDescription>
|
|
||||||
<name>LocalAttestation</name>
|
|
||||||
<comment></comment>
|
|
||||||
<projects>
|
|
||||||
</projects>
|
|
||||||
<buildSpec>
|
|
||||||
<buildCommand>
|
|
||||||
<name>org.eclipse.cdt.managedbuilder.core.genmakebuilder</name>
|
|
||||||
<triggers>clean,full,incremental,</triggers>
|
|
||||||
<arguments>
|
|
||||||
</arguments>
|
|
||||||
</buildCommand>
|
|
||||||
<buildCommand>
|
|
||||||
<name>org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder</name>
|
|
||||||
<triggers>full,incremental,</triggers>
|
|
||||||
<arguments>
|
|
||||||
</arguments>
|
|
||||||
</buildCommand>
|
|
||||||
</buildSpec>
|
|
||||||
<natures>
|
|
||||||
<nature>org.eclipse.cdt.core.cnature</nature>
|
|
||||||
<nature>org.eclipse.cdt.managedbuilder.core.managedBuildNature</nature>
|
|
||||||
<nature>org.eclipse.cdt.managedbuilder.core.ScannerConfigNature</nature>
|
|
||||||
<nature>org.eclipse.cdt.core.ccnature</nature>
|
|
||||||
<nature>com.intel.sgx.sgxnature</nature>
|
|
||||||
</natures>
|
|
||||||
</projectDescription>
|
|
|
@ -1,73 +0,0 @@
|
||||||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
|
||||||
<project>
|
|
||||||
<configuration id="com.intel.sgx.configuration.Sim.Debug" name="Intel(R) SGX Simulation Debug">
|
|
||||||
<extension point="org.eclipse.cdt.core.LanguageSettingsProvider">
|
|
||||||
<provider class="org.eclipse.cdt.core.language.settings.providers.LanguageSettingsGenericProvider" id="org.eclipse.cdt.ui.UserLanguageSettingsProvider" name="CDT User Setting Entries" prefer-non-shared="true" store-entries-with-project="true">
|
|
||||||
<resource project-relative-path="">
|
|
||||||
<entry kind="includePath" name="${SGX_SDK}/include">
|
|
||||||
<flag value="LOCAL"/>
|
|
||||||
</entry>
|
|
||||||
</resource>
|
|
||||||
</provider>
|
|
||||||
<provider-reference id="org.eclipse.cdt.core.ReferencedProjectsLanguageSettingsProvider" ref="shared-provider"/>
|
|
||||||
<provider-reference id="org.eclipse.cdt.managedbuilder.core.MBSLanguageSettingsProvider" ref="shared-provider"/>
|
|
||||||
<provider-reference id="org.eclipse.cdt.managedbuilder.core.GCCBuiltinSpecsDetector" ref="shared-provider"/>
|
|
||||||
</extension>
|
|
||||||
</configuration>
|
|
||||||
<configuration id="com.intel.sgx.configuration.Sim.Release" name="Intel(R) SGX Simulation">
|
|
||||||
<extension point="org.eclipse.cdt.core.LanguageSettingsProvider">
|
|
||||||
<provider class="org.eclipse.cdt.core.language.settings.providers.LanguageSettingsGenericProvider" id="org.eclipse.cdt.ui.UserLanguageSettingsProvider" name="CDT User Setting Entries" prefer-non-shared="true" store-entries-with-project="true">
|
|
||||||
<resource project-relative-path="">
|
|
||||||
<entry kind="includePath" name="${SGX_SDK}/include">
|
|
||||||
<flag value="LOCAL"/>
|
|
||||||
</entry>
|
|
||||||
</resource>
|
|
||||||
</provider>
|
|
||||||
<provider-reference id="org.eclipse.cdt.core.ReferencedProjectsLanguageSettingsProvider" ref="shared-provider"/>
|
|
||||||
<provider-reference id="org.eclipse.cdt.managedbuilder.core.MBSLanguageSettingsProvider" ref="shared-provider"/>
|
|
||||||
<provider-reference id="org.eclipse.cdt.managedbuilder.core.GCCBuiltinSpecsDetector" ref="shared-provider"/>
|
|
||||||
</extension>
|
|
||||||
</configuration>
|
|
||||||
<configuration id="com.intel.sgx.configuration.HW.Debug" name="Intel(R) SGX Hardware Debug">
|
|
||||||
<extension point="org.eclipse.cdt.core.LanguageSettingsProvider">
|
|
||||||
<provider class="org.eclipse.cdt.core.language.settings.providers.LanguageSettingsGenericProvider" id="org.eclipse.cdt.ui.UserLanguageSettingsProvider" name="CDT User Setting Entries" prefer-non-shared="true" store-entries-with-project="true">
|
|
||||||
<resource project-relative-path="">
|
|
||||||
<entry kind="includePath" name="${SGX_SDK}/include">
|
|
||||||
<flag value="LOCAL"/>
|
|
||||||
</entry>
|
|
||||||
</resource>
|
|
||||||
</provider>
|
|
||||||
<provider-reference id="org.eclipse.cdt.core.ReferencedProjectsLanguageSettingsProvider" ref="shared-provider"/>
|
|
||||||
<provider-reference id="org.eclipse.cdt.managedbuilder.core.MBSLanguageSettingsProvider" ref="shared-provider"/>
|
|
||||||
<provider-reference id="org.eclipse.cdt.managedbuilder.core.GCCBuiltinSpecsDetector" ref="shared-provider"/>
|
|
||||||
</extension>
|
|
||||||
</configuration>
|
|
||||||
<configuration id="com.intel.sgx.configuration.HW.Prerelease" name="Intel(R) SGX Hardware Prerelease">
|
|
||||||
<extension point="org.eclipse.cdt.core.LanguageSettingsProvider">
|
|
||||||
<provider class="org.eclipse.cdt.core.language.settings.providers.LanguageSettingsGenericProvider" id="org.eclipse.cdt.ui.UserLanguageSettingsProvider" name="CDT User Setting Entries" prefer-non-shared="true" store-entries-with-project="true">
|
|
||||||
<resource project-relative-path="">
|
|
||||||
<entry kind="includePath" name="${SGX_SDK}/include">
|
|
||||||
<flag value="LOCAL"/>
|
|
||||||
</entry>
|
|
||||||
</resource>
|
|
||||||
</provider>
|
|
||||||
<provider-reference id="org.eclipse.cdt.core.ReferencedProjectsLanguageSettingsProvider" ref="shared-provider"/>
|
|
||||||
<provider-reference id="org.eclipse.cdt.managedbuilder.core.MBSLanguageSettingsProvider" ref="shared-provider"/>
|
|
||||||
<provider-reference id="org.eclipse.cdt.managedbuilder.core.GCCBuiltinSpecsDetector" ref="shared-provider"/>
|
|
||||||
</extension>
|
|
||||||
</configuration>
|
|
||||||
<configuration id="com.intel.sgx.configuration.HW.Release" name="Intel(R) SGX Hardware Release">
|
|
||||||
<extension point="org.eclipse.cdt.core.LanguageSettingsProvider">
|
|
||||||
<provider class="org.eclipse.cdt.core.language.settings.providers.LanguageSettingsGenericProvider" id="org.eclipse.cdt.ui.UserLanguageSettingsProvider" name="CDT User Setting Entries" prefer-non-shared="true" store-entries-with-project="true">
|
|
||||||
<resource project-relative-path="">
|
|
||||||
<entry kind="includePath" name="${SGX_SDK}/include">
|
|
||||||
<flag value="LOCAL"/>
|
|
||||||
</entry>
|
|
||||||
</resource>
|
|
||||||
</provider>
|
|
||||||
<provider-reference id="org.eclipse.cdt.core.ReferencedProjectsLanguageSettingsProvider" ref="shared-provider"/>
|
|
||||||
<provider-reference id="org.eclipse.cdt.managedbuilder.core.MBSLanguageSettingsProvider" ref="shared-provider"/>
|
|
||||||
<provider-reference id="org.eclipse.cdt.managedbuilder.core.GCCBuiltinSpecsDetector" ref="shared-provider"/>
|
|
||||||
</extension>
|
|
||||||
</configuration>
|
|
||||||
</project>
|
|
|
@ -1,150 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
// App.cpp : Defines the entry point for the console application.
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <map>
|
|
||||||
#include "../Enclave1/Enclave1_u.h"
|
|
||||||
#include "../Enclave2/Enclave2_u.h"
|
|
||||||
#include "../Enclave3/Enclave3_u.h"
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "sgx_urts.h"
|
|
||||||
#define __STDC_FORMAT_MACROS
|
|
||||||
#include <inttypes.h>
|
|
||||||
|
|
||||||
#include <sys/ipc.h>
|
|
||||||
#include <sys/shm.h>
|
|
||||||
#include <unistd.h>
|
|
||||||
|
|
||||||
#define UNUSED(val) (void)(val)
|
|
||||||
#define TCHAR char
|
|
||||||
#define _TCHAR char
|
|
||||||
#define _T(str) str
|
|
||||||
#define scanf_s scanf
|
|
||||||
#define _tmain main
|
|
||||||
|
|
||||||
extern std::map<sgx_enclave_id_t, uint32_t>g_enclave_id_map;
|
|
||||||
|
|
||||||
|
|
||||||
sgx_enclave_id_t e1_enclave_id = 0;
|
|
||||||
sgx_enclave_id_t e2_enclave_id = 0;
|
|
||||||
sgx_enclave_id_t e3_enclave_id = 0;
|
|
||||||
|
|
||||||
#define ENCLAVE1_PATH "libenclave1.so"
|
|
||||||
#define ENCLAVE2_PATH "libenclave2.so"
|
|
||||||
#define ENCLAVE3_PATH "libenclave3.so"
|
|
||||||
|
|
||||||
void waitForKeyPress()
|
|
||||||
{
|
|
||||||
char ch;
|
|
||||||
int temp;
|
|
||||||
printf("\n\nHit a key....\n");
|
|
||||||
temp = scanf_s("%c", &ch);
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t load_enclaves()
|
|
||||||
{
|
|
||||||
uint32_t enclave_temp_no;
|
|
||||||
int ret, launch_token_updated;
|
|
||||||
sgx_launch_token_t launch_token;
|
|
||||||
|
|
||||||
enclave_temp_no = 0;
|
|
||||||
|
|
||||||
ret = sgx_create_enclave(ENCLAVE1_PATH, SGX_DEBUG_FLAG, &launch_token, &launch_token_updated, &e1_enclave_id, NULL);
|
|
||||||
if (ret != SGX_SUCCESS) {
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
enclave_temp_no++;
|
|
||||||
g_enclave_id_map.insert(std::pair<sgx_enclave_id_t, uint32_t>(e1_enclave_id, enclave_temp_no));
|
|
||||||
|
|
||||||
return SGX_SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
int _tmain(int argc, _TCHAR* argv[])
|
|
||||||
{
|
|
||||||
uint32_t ret_status;
|
|
||||||
sgx_status_t status;
|
|
||||||
|
|
||||||
UNUSED(argc);
|
|
||||||
UNUSED(argv);
|
|
||||||
|
|
||||||
if(load_enclaves() != SGX_SUCCESS)
|
|
||||||
{
|
|
||||||
printf("\nLoad Enclave Failure");
|
|
||||||
}
|
|
||||||
|
|
||||||
//printf("\nAvailable Enclaves");
|
|
||||||
//printf("\nEnclave1 - EnclaveID %" PRIx64 "\n", e1_enclave_id);
|
|
||||||
|
|
||||||
// shared memory
|
|
||||||
key_t key = ftok("../..", 1);
|
|
||||||
int shmid = shmget(key, 1024, 0666|IPC_CREAT);
|
|
||||||
char *str = (char*)shmat(shmid, (void*)0, 0);
|
|
||||||
printf("[TEST IPC] Sending to Enclave2: Hello from Enclave1\n");
|
|
||||||
strncpy(str, "Hello from Enclave1\n", 20);
|
|
||||||
shmdt(str);
|
|
||||||
|
|
||||||
do
|
|
||||||
{
|
|
||||||
printf("[START] Testing create session between Enclave1 (Initiator) and Enclave2 (Responder)\n");
|
|
||||||
status = Enclave1_test_create_session(e1_enclave_id, &ret_status, e1_enclave_id, 0);
|
|
||||||
status = SGX_SUCCESS;
|
|
||||||
if (status!=SGX_SUCCESS)
|
|
||||||
{
|
|
||||||
printf("[END] test_create_session Ecall failed: Error code is %x\n", status);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
if(ret_status==0)
|
|
||||||
{
|
|
||||||
printf("[END] Secure Channel Establishment between Initiator (E1) and Responder (E2) Enclaves successful !!!\n");
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
printf("[END] Session establishment and key exchange failure between Initiator (E1) and Responder (E2): Error code is %x\n", ret_status);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#pragma warning (push)
|
|
||||||
#pragma warning (disable : 4127)
|
|
||||||
}while(0);
|
|
||||||
#pragma warning (pop)
|
|
||||||
|
|
||||||
sgx_destroy_enclave(e1_enclave_id);
|
|
||||||
|
|
||||||
waitForKeyPress();
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
|
@ -1,12 +0,0 @@
|
||||||
<EnclaveConfiguration>
|
|
||||||
<ProdID>0</ProdID>
|
|
||||||
<ISVSVN>0</ISVSVN>
|
|
||||||
<StackMaxSize>0x40000</StackMaxSize>
|
|
||||||
<HeapMaxSize>0x100000</HeapMaxSize>
|
|
||||||
<TCSNum>1</TCSNum>
|
|
||||||
<TCSPolicy>1</TCSPolicy>
|
|
||||||
<!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
|
|
||||||
<DisableDebug>0</DisableDebug>
|
|
||||||
<MiscSelect>0</MiscSelect>
|
|
||||||
<MiscMask>0xFFFFFFFF</MiscMask>
|
|
||||||
</EnclaveConfiguration>
|
|
|
@ -1,367 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
// Enclave1.cpp : Defines the exported functions for the .so application
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "Enclave1_t.h"
|
|
||||||
#include "EnclaveMessageExchange.h"
|
|
||||||
#include "error_codes.h"
|
|
||||||
#include "Utility_E1.h"
|
|
||||||
#include "sgx_thread.h"
|
|
||||||
#include "sgx_dh.h"
|
|
||||||
#include <map>
|
|
||||||
|
|
||||||
#define UNUSED(val) (void)(val)
|
|
||||||
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>g_src_session_info_map;
|
|
||||||
|
|
||||||
static uint32_t e1_foo1_wrapper(ms_in_msg_exchange_t *ms, size_t param_lenth, char** resp_buffer, size_t* resp_length);
|
|
||||||
|
|
||||||
//Function pointer table containing the list of functions that the enclave exposes
|
|
||||||
const struct {
|
|
||||||
size_t num_funcs;
|
|
||||||
const void* table[1];
|
|
||||||
} func_table = {
|
|
||||||
1,
|
|
||||||
{
|
|
||||||
(const void*)e1_foo1_wrapper,
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
//Makes use of the sample code function to establish a secure channel with the destination enclave (Test Vector)
|
|
||||||
uint32_t test_create_session(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
dh_session_t dest_session_info;
|
|
||||||
|
|
||||||
//Core reference code function for creating a session
|
|
||||||
ke_status = create_session(src_enclave_id, dest_enclave_id, &dest_session_info);
|
|
||||||
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Makes use of the sample code function to do an enclave to enclave call (Test Vector)
|
|
||||||
uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
uint32_t var1,var2;
|
|
||||||
uint32_t target_fn_id, msg_type;
|
|
||||||
char* marshalled_inp_buff;
|
|
||||||
size_t marshalled_inp_buff_len;
|
|
||||||
char* out_buff;
|
|
||||||
size_t out_buff_len;
|
|
||||||
dh_session_t *dest_session_info;
|
|
||||||
size_t max_out_buff_size;
|
|
||||||
char* retval;
|
|
||||||
|
|
||||||
var1 = 0x4;
|
|
||||||
var2 = 0x5;
|
|
||||||
target_fn_id = 0;
|
|
||||||
msg_type = ENCLAVE_TO_ENCLAVE_CALL;
|
|
||||||
max_out_buff_size = 50;
|
|
||||||
|
|
||||||
//Marshals the input parameters for calling function foo1 in Enclave2 into a input buffer
|
|
||||||
ke_status = marshal_input_parameters_e2_foo1(target_fn_id, msg_type, var1, var2, &marshalled_inp_buff, &marshalled_inp_buff_len);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Search the map for the session information associated with the destination enclave id of Enclave2 passed in
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
|
|
||||||
if(it != g_src_session_info_map.end())
|
|
||||||
{
|
|
||||||
dest_session_info = &it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Core Reference Code function
|
|
||||||
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
|
|
||||||
marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
|
|
||||||
|
|
||||||
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Un-marshal the return value and output parameters from foo1 of Enclave 2
|
|
||||||
ke_status = unmarshal_retval_and_output_parameters_e2_foo1(out_buff, &retval);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
SAFE_FREE(retval);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Makes use of the sample code function to do a generic secret message exchange (Test Vector)
|
|
||||||
uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
uint32_t target_fn_id, msg_type;
|
|
||||||
char* marshalled_inp_buff;
|
|
||||||
size_t marshalled_inp_buff_len;
|
|
||||||
char* out_buff;
|
|
||||||
size_t out_buff_len;
|
|
||||||
dh_session_t *dest_session_info;
|
|
||||||
size_t max_out_buff_size;
|
|
||||||
char* secret_response;
|
|
||||||
uint32_t secret_data;
|
|
||||||
|
|
||||||
target_fn_id = 0;
|
|
||||||
msg_type = MESSAGE_EXCHANGE;
|
|
||||||
max_out_buff_size = 50;
|
|
||||||
secret_data = 0x12345678; //Secret Data here is shown only for purpose of demonstration.
|
|
||||||
|
|
||||||
//Marshals the secret data into a buffer
|
|
||||||
ke_status = marshal_message_exchange_request(target_fn_id, msg_type, secret_data, &marshalled_inp_buff, &marshalled_inp_buff_len);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
//Search the map for the session information associated with the destination enclave id passed in
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
|
|
||||||
if(it != g_src_session_info_map.end())
|
|
||||||
{
|
|
||||||
dest_session_info = &it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Core Reference Code function
|
|
||||||
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
|
|
||||||
marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Un-marshal the secret response data
|
|
||||||
ke_status = umarshal_message_exchange_response(out_buff, &secret_response);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
SAFE_FREE(secret_response);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
//Makes use of the sample code function to close a current session
|
|
||||||
uint32_t test_close_session(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
dh_session_t dest_session_info;
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
//Search the map for the session information associated with the destination enclave id passed in
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
|
|
||||||
if(it != g_src_session_info_map.end())
|
|
||||||
{
|
|
||||||
dest_session_info = it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Core reference code function for closing a session
|
|
||||||
ke_status = close_session(src_enclave_id, dest_enclave_id);
|
|
||||||
|
|
||||||
//Erase the session information associated with the destination enclave id
|
|
||||||
g_src_session_info_map.erase(dest_enclave_id);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Function that is used to verify the trust of the other enclave
|
|
||||||
//Each enclave can have its own way verifying the peer enclave identity
|
|
||||||
extern "C" uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity)
|
|
||||||
{
|
|
||||||
if(!peer_enclave_identity)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
if(peer_enclave_identity->isv_prod_id != 0 || !(peer_enclave_identity->attributes.flags & SGX_FLAGS_INITTED))
|
|
||||||
// || peer_enclave_identity->attributes.xfrm !=3)// || peer_enclave_identity->mr_signer != xx //TODO: To be hardcoded with values to check
|
|
||||||
{
|
|
||||||
return ENCLAVE_TRUST_ERROR;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
//Dispatcher function that calls the approriate enclave function based on the function id
|
|
||||||
//Each enclave can have its own way of dispatching the calls from other enclave
|
|
||||||
extern "C" uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data,
|
|
||||||
size_t decrypted_data_length,
|
|
||||||
char** resp_buffer,
|
|
||||||
size_t* resp_length)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
uint32_t (*fn1)(ms_in_msg_exchange_t *ms, size_t, char**, size_t*);
|
|
||||||
if(!decrypted_data || !resp_length)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
ms = (ms_in_msg_exchange_t *)decrypted_data;
|
|
||||||
if(ms->target_fn_id >= func_table.num_funcs)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
fn1 = (uint32_t (*)(ms_in_msg_exchange_t*, size_t, char**, size_t*))func_table.table[ms->target_fn_id];
|
|
||||||
return fn1(ms, decrypted_data_length, resp_buffer, resp_length);
|
|
||||||
}
|
|
||||||
|
|
||||||
//Operates on the input secret and generates the output secret
|
|
||||||
uint32_t get_message_exchange_response(uint32_t inp_secret_data)
|
|
||||||
{
|
|
||||||
uint32_t secret_response;
|
|
||||||
|
|
||||||
//User should use more complex encryption method to protect their secret, below is just a simple example
|
|
||||||
secret_response = inp_secret_data & 0x11111111;
|
|
||||||
|
|
||||||
return secret_response;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
//Generates the response from the request message
|
|
||||||
extern "C" uint32_t message_exchange_response_generator(char* decrypted_data,
|
|
||||||
char** resp_buffer,
|
|
||||||
size_t* resp_length)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
uint32_t inp_secret_data;
|
|
||||||
uint32_t out_secret_data;
|
|
||||||
if(!decrypted_data || !resp_length)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
ms = (ms_in_msg_exchange_t *)decrypted_data;
|
|
||||||
|
|
||||||
if(umarshal_message_exchange_request(&inp_secret_data,ms) != SUCCESS)
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
|
|
||||||
out_secret_data = get_message_exchange_response(inp_secret_data);
|
|
||||||
|
|
||||||
if(marshal_message_exchange_response(resp_buffer, resp_length, out_secret_data) != SUCCESS)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
static uint32_t e1_foo1(external_param_struct_t *p_struct_var)
|
|
||||||
{
|
|
||||||
if(!p_struct_var)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
(p_struct_var->var1)++;
|
|
||||||
(p_struct_var->var2)++;
|
|
||||||
(p_struct_var->p_internal_struct->ivar1)++;
|
|
||||||
(p_struct_var->p_internal_struct->ivar2)++;
|
|
||||||
|
|
||||||
return (p_struct_var->var1 + p_struct_var->var2 + p_struct_var->p_internal_struct->ivar1 + p_struct_var->p_internal_struct->ivar2);
|
|
||||||
}
|
|
||||||
|
|
||||||
//Function which is executed on request from the source enclave
|
|
||||||
static uint32_t e1_foo1_wrapper(ms_in_msg_exchange_t *ms,
|
|
||||||
size_t param_lenth,
|
|
||||||
char** resp_buffer,
|
|
||||||
size_t* resp_length)
|
|
||||||
{
|
|
||||||
UNUSED(param_lenth);
|
|
||||||
|
|
||||||
uint32_t ret;
|
|
||||||
size_t len_data, len_ptr_data;
|
|
||||||
external_param_struct_t *p_struct_var;
|
|
||||||
internal_param_struct_t internal_struct_var;
|
|
||||||
|
|
||||||
if(!ms || !resp_length)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
p_struct_var = (external_param_struct_t*)malloc(sizeof(external_param_struct_t));
|
|
||||||
if(!p_struct_var)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
p_struct_var->p_internal_struct = &internal_struct_var;
|
|
||||||
|
|
||||||
if(unmarshal_input_parameters_e1_foo1(p_struct_var, ms) != SUCCESS)//can use the stack
|
|
||||||
{
|
|
||||||
SAFE_FREE(p_struct_var);
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = e1_foo1(p_struct_var);
|
|
||||||
|
|
||||||
len_data = sizeof(external_param_struct_t) - sizeof(p_struct_var->p_internal_struct);
|
|
||||||
len_ptr_data = sizeof(internal_struct_var);
|
|
||||||
|
|
||||||
if(marshal_retval_and_output_parameters_e1_foo1(resp_buffer, resp_length, ret, p_struct_var, len_data, len_ptr_data) != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(p_struct_var);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
SAFE_FREE(p_struct_var);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,43 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
enclave {
|
|
||||||
include "sgx_eid.h"
|
|
||||||
from "../LocalAttestationCode/LocalAttestationCode.edl" import *;
|
|
||||||
from "sgx_tstdc.edl" import *;
|
|
||||||
trusted{
|
|
||||||
public uint32_t test_create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
public uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
public uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
public uint32_t test_close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
|
|
@ -1,10 +0,0 @@
|
||||||
Enclave1.so
|
|
||||||
{
|
|
||||||
global:
|
|
||||||
g_global_data_sim;
|
|
||||||
g_global_data;
|
|
||||||
enclave_entry;
|
|
||||||
g_peak_heap_used;
|
|
||||||
local:
|
|
||||||
*;
|
|
||||||
};
|
|
|
@ -1,39 +0,0 @@
|
||||||
-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIIG4wIBAAKCAYEAuJh4w/KzndQhzEqwH6Ut/3BmOom5CN117KT1/cemEbDLPhn0
|
|
||||||
c5yjAfe4NL1qtGqz0RTK9X9BBSi89b6BrsM9S6c2cUJaeYAPrAtJ+IuzN/5BAmmf
|
|
||||||
RXbPccETd7rHvDdQ9KBRjCipTx+H0D5nOB76S5PZPVrduwrCmSqVFmLNVWWfPYQx
|
|
||||||
YewbJ2QfEfioICZFYR0Jou38mJqDTl+CH0gLAuQ4n1kdpQ3VGymzt3oUiPzf5ImJ
|
|
||||||
oZh5HjarRRiWV+cyNyXYJTnx0dOtFQDgd8HhniagbRB0ZOIt6599JjMkWGkVP0Ni
|
|
||||||
U/NIlXG5musU35GfLB8MbTcxblMNm9sMYz1R8y/eAreoPTXUhtK8NG2TEywRh3UP
|
|
||||||
RF9/jM9WczjQXxJ3RznKOwNVwg4cRY2AOqD2vb1iGSqyc/WMzVULgfclkcScp75/
|
|
||||||
Auz9Y6473CQvaxyrseSWHGwCG7KG1GxYE8Bg8T6OlYD4mzKggoMdwVLAzUepRaPZ
|
|
||||||
5hqRDZzbTGUxJ+GLAgEDAoIBgHsQUIKhzRPiwTLcdWpuHqpK7tGxJgXo+Uht+VPa
|
|
||||||
brZ13NQRTaJobKv6es3TnHhHIotjMfj/gK4bKKPUVnSCKN0aJEuBkaZVX8gHhqWy
|
|
||||||
d3qpgKxGai5PNPaAt6UnL9LPi03ANl1wcN9qWorURNAUpt0NO348k9IHLGYcY2RB
|
|
||||||
3jjuaikCy5adZ2+YFLalxWrELkC+BmyeqGW8V4mVAWowB1dC0Go7aRiz42dxInpR
|
|
||||||
YwX96phbsRZlphQkci4QZDqaIFg3ndzTO5bo704zaMcbWtEjmFrYRyb519tRoDkN
|
|
||||||
Y0rGwOxFANeRV5dSfGGLm7K5JztiuHN0nMu3PhY4LOV0SeZ4+5sYn0LzB2nyKqgy
|
|
||||||
/c3AA2OG34DEdGxxh94kD66iKFVPyJG38/gnu9CsGmrLl3n4fgutPEVIbPdSSjex
|
|
||||||
4Y9EQfcnqImPxTrpP9CqD208VPcQHD/uy8s9q3961Ew3RPdHMZ8amIJdXkOmPEme
|
|
||||||
KZ7SG+VENBaj8r038iq1mPzcWwKBwQDcvJg75LfVuKX+cWMrTO2+MFVcEFiZ/NB/
|
|
||||||
gh7mgL6lCleROVa9P6iR2Wn6vHq8nP5BkChehm/rXEG78fgXEMoArimF7FrrICfI
|
|
||||||
4yB0opDJz/tWrE/62impN7OR8Ce+RQThFj4RTnibQEEVt++JMUXFiMKLdWDSpC2i
|
|
||||||
tNWnlTOb7d89bk0yk62IoLElCZK/MIMxkCHBKW6YgrmvlPJKQwpA6Z3wQbUpE6Rb
|
|
||||||
9f8xJfxZGEJPH0s3Ds9A0CVuEt8OOXcCgcEA1hXTHhhgmb2gIUJgIcvrpkDmiLux
|
|
||||||
EG6ZoyLt6h5QwzScS6KKU1mcoJyVDd0wlt7mEXrPYYHWUWPuvpTQ8/4ZGMw7FCZe
|
|
||||||
bakhnwRbw36FlLwRG35wCF6nQO1XFBKRGto15ivfTyDvMpJBdtNpET5NwT/ifDF3
|
|
||||||
OWS7t6TGhtcfnvBad5S1AgGoAq+q/huFiBGpDbxJ+1xh0lNL5Z8nVypvPWomNpde
|
|
||||||
rpLuwRPEIb+GBfQ9Hp5AjRXVsPjKnkHsnl2NAoHBAJMoZX1DJTklw/72Qhzd89Qg
|
|
||||||
OOgK5bv94FUBae8Afxixj7YmOdN/xbaQ8VHS/H29/tZgGumu9UeS1n1L+roLMVXJ
|
|
||||||
cQPy50dqxTCXavhsYIaKp48diqc8G8YlImFKxSmDWJYO1AuJpbzVgLklSlt2LoOw
|
|
||||||
gbJOQIxtc8HN48UOImfz6ij0M3cNHlsVy24GYdTLAiEKwStw9GWse8pjTDGCBtXx
|
|
||||||
E/WBI3C3wuf5VMtuqDtlgYoU3M9fNNXgGPQMlLQmTwKBwQCOuTdpZZW708AWLEAW
|
|
||||||
h/Ju1e8F0nYK9GZswfPxaYsszb2HwbGM5mhrEw4JPiBklJlg/IpBATmLl/R/DeCi
|
|
||||||
qWYQiCdixD7zxhZqAufXqa5jKAtnqaAFlG+AnjoNYbYR5s6ZcpTfa0ohttZPN5tg
|
|
||||||
1DPWKpb9dk97mH0lGIRZ5L+/Sub6YyNWq8VXH8dUElkFYRtefYankuvhjN1Dv2+P
|
|
||||||
cZ9+RsQkZOnJt0nWDS1r1QQD+Ci/FCsIuTkgpdxpgUhpk7MCgcEAkfkmaBDb7DG2
|
|
||||||
Kc39R6ZZuPnV10w+WOpph7ugwcguG/E0wGq+jFWv6HFckCPeHT4BNtOk8Dem/kPp
|
|
||||||
teF51eAuFWEefj2tScvlSBBPcnla+WzMWXrlxVnajTt73w+oT2Ql//WhgREpsNfx
|
|
||||||
SvU80YPVu4GJfl+hhxBifLx+0FM20OESW93qFRc3p040bNrDY9JIZuly/y5zaiBa
|
|
||||||
mRZF9H8P+x3Lu5AJpdXQEOMZ/XJ/xkoWWjbTojkmgOmmZSMLd5Te
|
|
||||||
-----END RSA PRIVATE KEY-----
|
|
|
@ -1,222 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "EnclaveMessageExchange.h"
|
|
||||||
#include "error_codes.h"
|
|
||||||
#include "Utility_E1.h"
|
|
||||||
#include "stdlib.h"
|
|
||||||
#include "string.h"
|
|
||||||
|
|
||||||
uint32_t marshal_input_parameters_e2_foo1(uint32_t target_fn_id, uint32_t msg_type, uint32_t var1, uint32_t var2, char** marshalled_buff, size_t* marshalled_buff_len)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
size_t param_len, ms_len;
|
|
||||||
char *temp_buff;
|
|
||||||
|
|
||||||
param_len = sizeof(var1)+sizeof(var2);
|
|
||||||
temp_buff = (char*)malloc(param_len);
|
|
||||||
if(!temp_buff)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
memcpy(temp_buff,&var1,sizeof(var1));
|
|
||||||
memcpy(temp_buff+sizeof(var1),&var2,sizeof(var2));
|
|
||||||
ms_len = sizeof(ms_in_msg_exchange_t) + param_len;
|
|
||||||
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
{
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
ms->msg_type = msg_type;
|
|
||||||
ms->target_fn_id = target_fn_id;
|
|
||||||
ms->inparam_buff_len = (uint32_t)param_len;
|
|
||||||
memcpy(&ms->inparam_buff, temp_buff, param_len);
|
|
||||||
*marshalled_buff = (char*)ms;
|
|
||||||
*marshalled_buff_len = ms_len;
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t unmarshal_retval_and_output_parameters_e2_foo1(char* out_buff, char** retval)
|
|
||||||
{
|
|
||||||
size_t retval_len;
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
if(!out_buff)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
ms = (ms_out_msg_exchange_t *)out_buff;
|
|
||||||
retval_len = ms->retval_len;
|
|
||||||
*retval = (char*)malloc(retval_len);
|
|
||||||
if(!*retval)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
memcpy(*retval, ms->ret_outparam_buff, retval_len);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t unmarshal_input_parameters_e1_foo1(external_param_struct_t *pstruct, ms_in_msg_exchange_t* ms)
|
|
||||||
{
|
|
||||||
char* buff;
|
|
||||||
size_t len;
|
|
||||||
if(!pstruct || !ms)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
|
|
||||||
buff = ms->inparam_buff;
|
|
||||||
len = ms->inparam_buff_len;
|
|
||||||
if(len != (sizeof(pstruct->var1)+sizeof(pstruct->var2)+sizeof(pstruct->p_internal_struct->ivar1)+sizeof(pstruct->p_internal_struct->ivar2)))
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
|
|
||||||
memcpy(&pstruct->var1, buff, sizeof(pstruct->var1));
|
|
||||||
memcpy(&pstruct->var2, buff + sizeof(pstruct->var1), sizeof(pstruct->var2));
|
|
||||||
memcpy(&pstruct->p_internal_struct->ivar1, buff+(sizeof(pstruct->var1)+sizeof(pstruct->var2)), sizeof(pstruct->p_internal_struct->ivar1));
|
|
||||||
memcpy(&pstruct->p_internal_struct->ivar2, buff+(sizeof(pstruct->var1)+sizeof(pstruct->var2)+sizeof(pstruct->p_internal_struct->ivar1)), sizeof(pstruct->p_internal_struct->ivar2));
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t marshal_retval_and_output_parameters_e1_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval, external_param_struct_t *p_struct_var, size_t len_data, size_t len_ptr_data)
|
|
||||||
{
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
size_t param_len, ms_len, ret_param_len;;
|
|
||||||
char *temp_buff;
|
|
||||||
int* addr;
|
|
||||||
char* struct_data;
|
|
||||||
size_t retval_len;
|
|
||||||
|
|
||||||
if(!resp_length || !p_struct_var)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
|
|
||||||
retval_len = sizeof(retval);
|
|
||||||
struct_data = (char*)p_struct_var;
|
|
||||||
param_len = len_data + len_ptr_data;
|
|
||||||
ret_param_len = param_len + retval_len;
|
|
||||||
addr = *(int **)(struct_data + len_data);
|
|
||||||
temp_buff = (char*)malloc(ret_param_len);
|
|
||||||
if(!temp_buff)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
memcpy(temp_buff, &retval, sizeof(retval));
|
|
||||||
memcpy(temp_buff + sizeof(retval), struct_data, len_data);
|
|
||||||
memcpy(temp_buff + sizeof(retval) + len_data, addr, len_ptr_data);
|
|
||||||
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
|
|
||||||
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
{
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
ms->retval_len = (uint32_t)retval_len;
|
|
||||||
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
|
|
||||||
memcpy(&ms->ret_outparam_buff, temp_buff, ret_param_len);
|
|
||||||
*resp_buffer = (char*)ms;
|
|
||||||
*resp_length = ms_len;
|
|
||||||
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
size_t secret_data_len, ms_len;
|
|
||||||
if(!marshalled_buff_len)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
secret_data_len = sizeof(secret_data);
|
|
||||||
ms_len = sizeof(ms_in_msg_exchange_t) + secret_data_len;
|
|
||||||
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
ms->msg_type = msg_type;
|
|
||||||
ms->target_fn_id = target_fn_id;
|
|
||||||
ms->inparam_buff_len = (uint32_t)secret_data_len;
|
|
||||||
memcpy(&ms->inparam_buff, &secret_data, secret_data_len);
|
|
||||||
*marshalled_buff = (char*)ms;
|
|
||||||
*marshalled_buff_len = ms_len;
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms)
|
|
||||||
{
|
|
||||||
char* buff;
|
|
||||||
size_t len;
|
|
||||||
if(!inp_secret_data || !ms)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
buff = ms->inparam_buff;
|
|
||||||
len = ms->inparam_buff_len;
|
|
||||||
if(len != sizeof(uint32_t))
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
|
|
||||||
memcpy(inp_secret_data, buff, sizeof(uint32_t));
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response)
|
|
||||||
{
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
size_t secret_response_len, ms_len;
|
|
||||||
size_t retval_len, ret_param_len;
|
|
||||||
if(!resp_length)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
secret_response_len = sizeof(secret_response);
|
|
||||||
retval_len = secret_response_len;
|
|
||||||
ret_param_len = secret_response_len;
|
|
||||||
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
|
|
||||||
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
ms->retval_len = (uint32_t)retval_len;
|
|
||||||
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
|
|
||||||
memcpy(&ms->ret_outparam_buff, &secret_response, secret_response_len);
|
|
||||||
*resp_buffer = (char*)ms;
|
|
||||||
*resp_length = ms_len;
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response)
|
|
||||||
{
|
|
||||||
size_t retval_len;
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
if(!out_buff)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
ms = (ms_out_msg_exchange_t *)out_buff;
|
|
||||||
retval_len = ms->retval_len;
|
|
||||||
*secret_response = (char*)malloc(retval_len);
|
|
||||||
if(!*secret_response)
|
|
||||||
{
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
memcpy(*secret_response, ms->ret_outparam_buff, retval_len);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,65 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
#ifndef UTILITY_E1_H__
|
|
||||||
#define UTILITY_E1_H__
|
|
||||||
|
|
||||||
#include "stdint.h"
|
|
||||||
|
|
||||||
typedef struct _internal_param_struct_t
|
|
||||||
{
|
|
||||||
uint32_t ivar1;
|
|
||||||
uint32_t ivar2;
|
|
||||||
}internal_param_struct_t;
|
|
||||||
|
|
||||||
typedef struct _external_param_struct_t
|
|
||||||
{
|
|
||||||
uint32_t var1;
|
|
||||||
uint32_t var2;
|
|
||||||
internal_param_struct_t *p_internal_struct;
|
|
||||||
}external_param_struct_t;
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
extern "C" {
|
|
||||||
#endif
|
|
||||||
|
|
||||||
uint32_t marshal_input_parameters_e2_foo1(uint32_t target_fn_id, uint32_t msg_type, uint32_t var1, uint32_t var2, char** marshalled_buff, size_t* marshalled_buff_len);
|
|
||||||
uint32_t unmarshal_retval_and_output_parameters_e2_foo1(char* out_buff, char** retval);
|
|
||||||
uint32_t unmarshal_input_parameters_e1_foo1(external_param_struct_t *pstruct, ms_in_msg_exchange_t* ms);
|
|
||||||
uint32_t marshal_retval_and_output_parameters_e1_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval, external_param_struct_t *p_struct_var, size_t len_data, size_t len_ptr_data);
|
|
||||||
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len);
|
|
||||||
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms);
|
|
||||||
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response);
|
|
||||||
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response);
|
|
||||||
#ifdef __cplusplus
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
#endif
|
|
|
@ -1,12 +0,0 @@
|
||||||
<EnclaveConfiguration>
|
|
||||||
<ProdID>0</ProdID>
|
|
||||||
<ISVSVN>0</ISVSVN>
|
|
||||||
<StackMaxSize>0x40000</StackMaxSize>
|
|
||||||
<HeapMaxSize>0x100000</HeapMaxSize>
|
|
||||||
<TCSNum>1</TCSNum>
|
|
||||||
<TCSPolicy>1</TCSPolicy>
|
|
||||||
<!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
|
|
||||||
<DisableDebug>0</DisableDebug>
|
|
||||||
<MiscSelect>0</MiscSelect>
|
|
||||||
<MiscMask>0xFFFFFFFF</MiscMask>
|
|
||||||
</EnclaveConfiguration>
|
|
|
@ -1,339 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
// Enclave2.cpp : Defines the exported functions for the DLL application
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "Enclave2_t.h"
|
|
||||||
#include "EnclaveMessageExchange.h"
|
|
||||||
#include "error_codes.h"
|
|
||||||
#include "Utility_E2.h"
|
|
||||||
#include "sgx_thread.h"
|
|
||||||
#include "sgx_dh.h"
|
|
||||||
#include <map>
|
|
||||||
|
|
||||||
#define UNUSED(val) (void)(val)
|
|
||||||
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>g_src_session_info_map;
|
|
||||||
|
|
||||||
static uint32_t e2_foo1_wrapper(ms_in_msg_exchange_t *ms, size_t param_lenth, char** resp_buffer, size_t* resp_length);
|
|
||||||
|
|
||||||
//Function pointer table containing the list of functions that the enclave exposes
|
|
||||||
const struct {
|
|
||||||
size_t num_funcs;
|
|
||||||
const void* table[1];
|
|
||||||
} func_table = {
|
|
||||||
1,
|
|
||||||
{
|
|
||||||
(const void*)e2_foo1_wrapper,
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
//Makes use of the sample code function to establish a secure channel with the destination enclave
|
|
||||||
uint32_t test_create_session(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
dh_session_t dest_session_info;
|
|
||||||
//Core reference code function for creating a session
|
|
||||||
ke_status = create_session(src_enclave_id, dest_enclave_id,&dest_session_info);
|
|
||||||
if(ke_status == SUCCESS)
|
|
||||||
{
|
|
||||||
//Insert the session information into the map under the corresponding destination enclave id
|
|
||||||
g_src_session_info_map.insert(std::pair<sgx_enclave_id_t, dh_session_t>(dest_enclave_id, dest_session_info));
|
|
||||||
}
|
|
||||||
memset(&dest_session_info, 0, sizeof(dh_session_t));
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Makes use of the sample code function to do an enclave to enclave call (Test Vector)
|
|
||||||
uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
param_struct_t *p_struct_var, struct_var;
|
|
||||||
uint32_t target_fn_id, msg_type;
|
|
||||||
char* marshalled_inp_buff;
|
|
||||||
size_t marshalled_inp_buff_len;
|
|
||||||
char* out_buff;
|
|
||||||
size_t out_buff_len;
|
|
||||||
dh_session_t *dest_session_info;
|
|
||||||
size_t max_out_buff_size;
|
|
||||||
char* retval;
|
|
||||||
|
|
||||||
max_out_buff_size = 50;
|
|
||||||
target_fn_id = 0;
|
|
||||||
msg_type = ENCLAVE_TO_ENCLAVE_CALL;
|
|
||||||
|
|
||||||
struct_var.var1 = 0x3;
|
|
||||||
struct_var.var2 = 0x4;
|
|
||||||
p_struct_var = &struct_var;
|
|
||||||
|
|
||||||
//Marshals the input parameters for calling function foo1 in Enclave3 into a input buffer
|
|
||||||
ke_status = marshal_input_parameters_e3_foo1(target_fn_id, msg_type, p_struct_var, &marshalled_inp_buff, &marshalled_inp_buff_len);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Search the map for the session information associated with the destination enclave id passed in
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
|
|
||||||
if(it != g_src_session_info_map.end())
|
|
||||||
{
|
|
||||||
dest_session_info = &it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Core Reference Code function
|
|
||||||
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
|
|
||||||
marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
|
|
||||||
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Un-marshal the return value and output parameters from foo1 of Enclave3
|
|
||||||
ke_status = unmarshal_retval_and_output_parameters_e3_foo1(out_buff, p_struct_var, &retval);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
SAFE_FREE(retval);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Makes use of the sample code function to do a generic secret message exchange (Test Vector)
|
|
||||||
uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
uint32_t target_fn_id, msg_type;
|
|
||||||
char* marshalled_inp_buff;
|
|
||||||
size_t marshalled_inp_buff_len;
|
|
||||||
char* out_buff;
|
|
||||||
size_t out_buff_len;
|
|
||||||
dh_session_t *dest_session_info;
|
|
||||||
size_t max_out_buff_size;
|
|
||||||
char* secret_response;
|
|
||||||
uint32_t secret_data;
|
|
||||||
|
|
||||||
target_fn_id = 0;
|
|
||||||
msg_type = MESSAGE_EXCHANGE;
|
|
||||||
max_out_buff_size = 50;
|
|
||||||
secret_data = 0x12345678; //Secret Data here is shown only for purpose of demonstration.
|
|
||||||
|
|
||||||
//Marshals the secret data into a buffer
|
|
||||||
ke_status = marshal_message_exchange_request(target_fn_id, msg_type, secret_data, &marshalled_inp_buff, &marshalled_inp_buff_len);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
//Search the map for the session information associated with the destination enclave id passed in
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
|
|
||||||
if(it != g_src_session_info_map.end())
|
|
||||||
{
|
|
||||||
dest_session_info = &it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Core Reference Code function
|
|
||||||
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
|
|
||||||
marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Un-marshal the secret response data
|
|
||||||
ke_status = umarshal_message_exchange_response(out_buff, &secret_response);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
SAFE_FREE(secret_response);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
//Makes use of the sample code function to close a current session
|
|
||||||
uint32_t test_close_session(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
dh_session_t dest_session_info;
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
//Search the map for the session information associated with the destination enclave id passed in
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
|
|
||||||
if(it != g_src_session_info_map.end())
|
|
||||||
{
|
|
||||||
dest_session_info = it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
//Core reference code function for closing a session
|
|
||||||
ke_status = close_session(src_enclave_id, dest_enclave_id);
|
|
||||||
|
|
||||||
//Erase the session information associated with the destination enclave id
|
|
||||||
g_src_session_info_map.erase(dest_enclave_id);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Function that is used to verify the trust of the other enclave
|
|
||||||
//Each enclave can have its own way verifying the peer enclave identity
|
|
||||||
extern "C" uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity)
|
|
||||||
{
|
|
||||||
if(!peer_enclave_identity)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
if(peer_enclave_identity->isv_prod_id != 0 || !(peer_enclave_identity->attributes.flags & SGX_FLAGS_INITTED))
|
|
||||||
// || peer_enclave_identity->attributes.xfrm !=3)// || peer_enclave_identity->mr_signer != xx //TODO: To be hardcoded with values to check
|
|
||||||
{
|
|
||||||
return ENCLAVE_TRUST_ERROR;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
//Dispatch function that calls the approriate enclave function based on the function id
|
|
||||||
//Each enclave can have its own way of dispatching the calls from other enclave
|
|
||||||
extern "C" uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data,
|
|
||||||
size_t decrypted_data_length,
|
|
||||||
char** resp_buffer,
|
|
||||||
size_t* resp_length)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
uint32_t (*fn1)(ms_in_msg_exchange_t *ms, size_t, char**, size_t*);
|
|
||||||
if(!decrypted_data || !resp_length)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
ms = (ms_in_msg_exchange_t *)decrypted_data;
|
|
||||||
if(ms->target_fn_id >= func_table.num_funcs)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
fn1 = (uint32_t (*)(ms_in_msg_exchange_t*, size_t, char**, size_t*))func_table.table[ms->target_fn_id];
|
|
||||||
return fn1(ms, decrypted_data_length, resp_buffer, resp_length);
|
|
||||||
}
|
|
||||||
|
|
||||||
//Operates on the input secret and generates the output secret
|
|
||||||
uint32_t get_message_exchange_response(uint32_t inp_secret_data)
|
|
||||||
{
|
|
||||||
uint32_t secret_response;
|
|
||||||
|
|
||||||
//User should use more complex encryption method to protect their secret, below is just a simple example
|
|
||||||
secret_response = inp_secret_data & 0x11111111;
|
|
||||||
|
|
||||||
return secret_response;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
//Generates the response from the request message
|
|
||||||
extern "C" uint32_t message_exchange_response_generator(char* decrypted_data,
|
|
||||||
char** resp_buffer,
|
|
||||||
size_t* resp_length)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
uint32_t inp_secret_data;
|
|
||||||
uint32_t out_secret_data;
|
|
||||||
if(!decrypted_data || !resp_length)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
ms = (ms_in_msg_exchange_t *)decrypted_data;
|
|
||||||
|
|
||||||
if(umarshal_message_exchange_request(&inp_secret_data,ms) != SUCCESS)
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
|
|
||||||
out_secret_data = get_message_exchange_response(inp_secret_data);
|
|
||||||
|
|
||||||
if(marshal_message_exchange_response(resp_buffer, resp_length, out_secret_data) != SUCCESS)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
static uint32_t e2_foo1(uint32_t var1, uint32_t var2)
|
|
||||||
{
|
|
||||||
return(var1 + var2);
|
|
||||||
}
|
|
||||||
|
|
||||||
//Function which is executed on request from the source enclave
|
|
||||||
static uint32_t e2_foo1_wrapper(ms_in_msg_exchange_t *ms,
|
|
||||||
size_t param_lenth,
|
|
||||||
char** resp_buffer,
|
|
||||||
size_t* resp_length)
|
|
||||||
{
|
|
||||||
UNUSED(param_lenth);
|
|
||||||
|
|
||||||
uint32_t var1,var2,ret;
|
|
||||||
if(!ms || !resp_length)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
if(unmarshal_input_parameters_e2_foo1(&var1, &var2, ms) != SUCCESS)
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
|
|
||||||
ret = e2_foo1(var1, var2);
|
|
||||||
|
|
||||||
if(marshal_retval_and_output_parameters_e2_foo1(resp_buffer, resp_length, ret) != SUCCESS )
|
|
||||||
return MALLOC_ERROR; //can set resp buffer to null here
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
|
@ -1,43 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
enclave {
|
|
||||||
include "sgx_eid.h"
|
|
||||||
from "../LocalAttestationCode/LocalAttestationCode.edl" import *;
|
|
||||||
from "sgx_tstdc.edl" import *;
|
|
||||||
trusted{
|
|
||||||
public uint32_t test_create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
public uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
public uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
public uint32_t test_close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
};
|
|
||||||
};
|
|
|
@ -1,10 +0,0 @@
|
||||||
Enclave2.so
|
|
||||||
{
|
|
||||||
global:
|
|
||||||
g_global_data_sim;
|
|
||||||
g_global_data;
|
|
||||||
enclave_entry;
|
|
||||||
g_peak_heap_used;
|
|
||||||
local:
|
|
||||||
*;
|
|
||||||
};
|
|
|
@ -1,39 +0,0 @@
|
||||||
-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIIG4gIBAAKCAYEAroOogvsj/fZDZY8XFdkl6dJmky0lRvnWMmpeH41Bla6U1qLZ
|
|
||||||
AmZuyIF+mQC/cgojIsrBMzBxb1kKqzATF4+XwPwgKz7fmiddmHyYz2WDJfAjIveJ
|
|
||||||
ZjdMjM4+EytGlkkJ52T8V8ds0/L2qKexJ+NBLxkeQLfV8n1mIk7zX7jguwbCG1Pr
|
|
||||||
nEMdJ3Sew20vnje+RsngAzdPChoJpVsWi/K7cettX/tbnre1DL02GXc5qJoQYk7b
|
|
||||||
3zkmhz31TgFrd9VVtmUGyFXAysuSAb3EN+5VnHGr0xKkeg8utErea2FNtNIgua8H
|
|
||||||
ONfm9Eiyaav1SVKzPHlyqLtcdxH3I8Wg7yqMsaprZ1n5A1v/levxnL8+It02KseD
|
|
||||||
5HqV4rf/cImSlCt3lpRg8U5E1pyFQ2IVEC/XTDMiI3c+AR+w2jSRB3Bwn9zJtFlW
|
|
||||||
KHG3m1xGI4ck+Lci1JvWWLXQagQSPtZTsubxTQNx1gsgZhgv1JHVZMdbVlAbbRMC
|
|
||||||
1nSuJNl7KPAS/VfzAgEDAoIBgHRXxaynbVP5gkO0ug6Qw/E27wzIw4SmjsxG6Wpe
|
|
||||||
K7kfDeRskKxESdsA/xCrKkwGwhcx1iIgS5+Qscd1Yg+1D9X9asd/P7waPmWoZd+Z
|
|
||||||
AhlKwhdPsO7PiF3e1AzHhGQwsUTt/Y/aSI1MpHBvy2/s1h9mFCslOUxTmWw0oj/Q
|
|
||||||
ldIEgWeNR72CE2+jFIJIyml6ftnb6qzPiga8Bm48ubKh0kvySOqnkmnPzgh+JBD6
|
|
||||||
JnBmtZbfPT97bwTT+N6rnPqOOApvfHPf15kWI8yDbprG1l4OCUaIUH1AszxLd826
|
|
||||||
5IPM+8gINLRDP1MA6azECPjTyHXhtnSIBZCyWSVkc05vYmNXYUNiXWMajcxW9M02
|
|
||||||
wKzFELO8NCEAkaTPxwo4SCyIjUxiK1LbQ9h8PSy4c1+gGP4LAMR8xqP4QKg6zdu9
|
|
||||||
osUGG/xRe/uufgTBFkcjqBHtK5L5VI0jeNIUAgW/6iNbYXjBMJ0GfauLs+g1VsOm
|
|
||||||
WfdgXzsb9DYdMa0OXXHypmV4GwKBwQDUwQj8RKJ6c8cT4vcWCoJvJF00+RFL+P3i
|
|
||||||
Gx2DLERxRrDa8AVGfqaCjsR+3vLgG8V/py+z+dxZYSqeB80Qeo6PDITcRKoeAYh9
|
|
||||||
xlT3LJOS+k1cJcEmlbbO2IjLkTmzSwa80fWexKu8/Xv6vv15gpqYl1ngYoqJM3pd
|
|
||||||
vzmTIOi7MKSZ0WmEQavrZj8zK4endE3v0eAEeQ55j1GImbypSf7Idh7wOXtjZ7WD
|
|
||||||
Dg6yWDrri+AP/L3gClMj8wsAxMV4ZR8CgcEA0fzDHkFa6raVOxWnObmRoDhAtE0a
|
|
||||||
cjUj976NM5yyfdf2MrKy4/RhdTiPZ6b08/lBC/+xRfV3xKVGzacm6QjqjZrUpgHC
|
|
||||||
0LKiZaMtccCJjLtPwQd0jGQEnKfMFaPsnhOc5y8qVkCzVOSthY5qhz0XNotHHFmJ
|
|
||||||
gffVgB0iqrMTvSL7IA2yqqpOqNRlhaYhNl8TiFP3gIeMtVa9rZy31JPgT2uJ+kfo
|
|
||||||
gV7sdTPEjPWZd7OshGxWpT6QfVDj/T9T7L6tAoHBAI3WBf2DFvxNL2KXT2QHAZ9t
|
|
||||||
k3imC4f7U+wSE6zILaDZyzygA4RUbwG0gv8/TJVn2P/Eynf76DuWHGlaiLWnCbSz
|
|
||||||
Az2DHBQBBaku409zDQym3j1ugMRjzzSQWzJg0SIyBH3hTmnYcn3+Uqcp/lEBvGW6
|
|
||||||
O+rsXFt3pukqJmIV8HzLGGaLm62BHUeZf3dyWm+i3p/hQAL7Xvu04QW70xuGqdr5
|
|
||||||
afV7p5eaeQIJXyGQJ0eylV/90+qxjMKiB1XYg6WYvwKBwQCL/ddpgOdHJGN8uRom
|
|
||||||
e7Zq0Csi3hGheMKlKbN3vcxT5U7MdyHtTZZOJbTvxKNNUNYH/8uD+PqDGNneb29G
|
|
||||||
BfGzvI3EASyLIcGZF3OhKwZd0jUrWk2y7Vhob91jwp2+t73vdMbkKyI4mHOuXvGv
|
|
||||||
fg95si9oO7EBT+Oqvhccd2J+F1IVXncccYnF4u5ZGWt5lLewN/pVr7MjjykeaHqN
|
|
||||||
t+rfnQam2psA6fL4zS2zTmZPzR2tnY8Y1GBTi0Ko1OKd1HMCgcAb5cB/7/AQlhP9
|
|
||||||
yQa04PLH9ygQkKKptZp7dy5WcWRx0K/hAHRoi2aw1wZqfm7VBNu2SLcs90kCCCxp
|
|
||||||
6C5sfJi6b8NpNbIPC+sc9wsFr7pGo9SFzQ78UlcWYK2Gu2FxlMjonhka5hvo4zvg
|
|
||||||
WxlpXKEkaFt3gLd92m/dMqBrHfafH7VwOJY2zT3WIpjwuk0ZzmRg5p0pG/svVQEH
|
|
||||||
NZmwRwlopysbR69B/n1nefJ84UO50fLh5s5Zr3gBRwbWNZyzhXk=
|
|
||||||
-----END RSA PRIVATE KEY-----
|
|
|
@ -1,213 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "EnclaveMessageExchange.h"
|
|
||||||
#include "error_codes.h"
|
|
||||||
#include "Utility_E2.h"
|
|
||||||
#include "stdlib.h"
|
|
||||||
#include "string.h"
|
|
||||||
|
|
||||||
uint32_t marshal_input_parameters_e3_foo1(uint32_t target_fn_id, uint32_t msg_type, param_struct_t *p_struct_var, char** marshalled_buff, size_t* marshalled_buff_len)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
size_t param_len, ms_len;
|
|
||||||
char *temp_buff;
|
|
||||||
if(!p_struct_var || !marshalled_buff_len)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
param_len = sizeof(param_struct_t);
|
|
||||||
temp_buff = (char*)malloc(param_len);
|
|
||||||
if(!temp_buff)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
memcpy(temp_buff, p_struct_var, sizeof(param_struct_t)); //can be optimized
|
|
||||||
ms_len = sizeof(ms_in_msg_exchange_t) + param_len;
|
|
||||||
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
{
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
ms->msg_type = msg_type;
|
|
||||||
ms->target_fn_id = target_fn_id;
|
|
||||||
ms->inparam_buff_len = (uint32_t)param_len;
|
|
||||||
memcpy(&ms->inparam_buff, temp_buff, param_len);
|
|
||||||
*marshalled_buff = (char*)ms;
|
|
||||||
*marshalled_buff_len = ms_len;
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t unmarshal_retval_and_output_parameters_e3_foo1(char* out_buff, param_struct_t *p_struct_var, char** retval)
|
|
||||||
{
|
|
||||||
size_t retval_len;
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
if(!out_buff)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
ms = (ms_out_msg_exchange_t *)out_buff;
|
|
||||||
retval_len = ms->retval_len;
|
|
||||||
*retval = (char*)malloc(retval_len);
|
|
||||||
if(!*retval)
|
|
||||||
{
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
memcpy(*retval, ms->ret_outparam_buff, retval_len);
|
|
||||||
memcpy(&p_struct_var->var1, (ms->ret_outparam_buff) + retval_len, sizeof(p_struct_var->var1));
|
|
||||||
memcpy(&p_struct_var->var2, (ms->ret_outparam_buff) + retval_len + sizeof(p_struct_var->var1), sizeof(p_struct_var->var2));
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
uint32_t unmarshal_input_parameters_e2_foo1(uint32_t* var1, uint32_t* var2, ms_in_msg_exchange_t* ms)
|
|
||||||
{
|
|
||||||
char* buff;
|
|
||||||
size_t len;
|
|
||||||
if(!var1 || !var2 || !ms)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
|
|
||||||
buff = ms->inparam_buff;
|
|
||||||
len = ms->inparam_buff_len;
|
|
||||||
|
|
||||||
if(len != (sizeof(*var1) + sizeof(*var2)))
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
|
|
||||||
memcpy(var1, buff, sizeof(*var1));
|
|
||||||
memcpy(var2, buff + sizeof(*var1), sizeof(*var2));
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t marshal_retval_and_output_parameters_e2_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval)
|
|
||||||
{
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
size_t ret_param_len, ms_len;
|
|
||||||
char *temp_buff;
|
|
||||||
size_t retval_len;
|
|
||||||
if(!resp_length)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
retval_len = sizeof(retval);
|
|
||||||
ret_param_len = retval_len; //no out parameters
|
|
||||||
temp_buff = (char*)malloc(ret_param_len);
|
|
||||||
if(!temp_buff)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
memcpy(temp_buff, &retval, sizeof(retval));
|
|
||||||
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
|
|
||||||
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
{
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
ms->retval_len = (uint32_t)retval_len;
|
|
||||||
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
|
|
||||||
memcpy(&ms->ret_outparam_buff, temp_buff, ret_param_len);
|
|
||||||
*resp_buffer = (char*)ms;
|
|
||||||
*resp_length = ms_len;
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
size_t secret_data_len, ms_len;
|
|
||||||
if(!marshalled_buff_len)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
secret_data_len = sizeof(secret_data);
|
|
||||||
ms_len = sizeof(ms_in_msg_exchange_t) + secret_data_len;
|
|
||||||
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
ms->msg_type = msg_type;
|
|
||||||
ms->target_fn_id = target_fn_id;
|
|
||||||
ms->inparam_buff_len = (uint32_t)secret_data_len;
|
|
||||||
memcpy(&ms->inparam_buff, &secret_data, secret_data_len);
|
|
||||||
*marshalled_buff = (char*)ms;
|
|
||||||
*marshalled_buff_len = ms_len;
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms)
|
|
||||||
{
|
|
||||||
char* buff;
|
|
||||||
size_t len;
|
|
||||||
if(!inp_secret_data || !ms)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
buff = ms->inparam_buff;
|
|
||||||
len = ms->inparam_buff_len;
|
|
||||||
if(len != sizeof(uint32_t))
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
|
|
||||||
memcpy(inp_secret_data, buff, sizeof(uint32_t));
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response)
|
|
||||||
{
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
size_t secret_response_len, ms_len;
|
|
||||||
size_t retval_len, ret_param_len;
|
|
||||||
if(!resp_length)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
secret_response_len = sizeof(secret_response);
|
|
||||||
retval_len = secret_response_len;
|
|
||||||
ret_param_len = secret_response_len;
|
|
||||||
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
|
|
||||||
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
ms->retval_len = (uint32_t)retval_len;
|
|
||||||
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
|
|
||||||
memcpy(&ms->ret_outparam_buff, &secret_response, secret_response_len);
|
|
||||||
*resp_buffer = (char*)ms;
|
|
||||||
*resp_length = ms_len;
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response)
|
|
||||||
{
|
|
||||||
size_t retval_len;
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
if(!out_buff)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
ms = (ms_out_msg_exchange_t *)out_buff;
|
|
||||||
retval_len = ms->retval_len;
|
|
||||||
*secret_response = (char*)malloc(retval_len);
|
|
||||||
if(!*secret_response)
|
|
||||||
{
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
memcpy(*secret_response, ms->ret_outparam_buff, retval_len);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
|
@ -1,59 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
#ifndef UTILITY_E2_H__
|
|
||||||
#define UTILITY_E2_H__
|
|
||||||
#include "stdint.h"
|
|
||||||
|
|
||||||
typedef struct _param_struct_t
|
|
||||||
{
|
|
||||||
uint32_t var1;
|
|
||||||
uint32_t var2;
|
|
||||||
}param_struct_t;
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
extern "C" {
|
|
||||||
#endif
|
|
||||||
|
|
||||||
uint32_t marshal_input_parameters_e3_foo1(uint32_t target_fn_id, uint32_t msg_type, param_struct_t *p_struct_var, char** marshalled_buff, size_t* marshalled_buff_len);
|
|
||||||
uint32_t unmarshal_retval_and_output_parameters_e3_foo1(char* out_buff, param_struct_t *p_struct_var, char** retval);
|
|
||||||
uint32_t unmarshal_input_parameters_e2_foo1(uint32_t* var1, uint32_t* var2, ms_in_msg_exchange_t* ms);
|
|
||||||
uint32_t marshal_retval_and_output_parameters_e2_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval);
|
|
||||||
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len);
|
|
||||||
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms);
|
|
||||||
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response);
|
|
||||||
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response);
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
|
|
|
@ -1,12 +0,0 @@
|
||||||
<EnclaveConfiguration>
|
|
||||||
<ProdID>0</ProdID>
|
|
||||||
<ISVSVN>0</ISVSVN>
|
|
||||||
<StackMaxSize>0x40000</StackMaxSize>
|
|
||||||
<HeapMaxSize>0x100000</HeapMaxSize>
|
|
||||||
<TCSNum>1</TCSNum>
|
|
||||||
<TCSPolicy>1</TCSPolicy>
|
|
||||||
<!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
|
|
||||||
<DisableDebug>0</DisableDebug>
|
|
||||||
<MiscSelect>0</MiscSelect>
|
|
||||||
<MiscMask>0xFFFFFFFF</MiscMask>
|
|
||||||
</EnclaveConfiguration>
|
|
|
@ -1,366 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
// Enclave3.cpp : Defines the exported functions for the DLL application
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "Enclave3_t.h"
|
|
||||||
#include "EnclaveMessageExchange.h"
|
|
||||||
#include "error_codes.h"
|
|
||||||
#include "Utility_E3.h"
|
|
||||||
#include "sgx_thread.h"
|
|
||||||
#include "sgx_dh.h"
|
|
||||||
#include <map>
|
|
||||||
|
|
||||||
#define UNUSED(val) (void)(val)
|
|
||||||
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>g_src_session_info_map;
|
|
||||||
|
|
||||||
static uint32_t e3_foo1_wrapper(ms_in_msg_exchange_t *ms, size_t param_lenth, char** resp_buffer, size_t* resp_length);
|
|
||||||
|
|
||||||
//Function pointer table containing the list of functions that the enclave exposes
|
|
||||||
const struct {
|
|
||||||
size_t num_funcs;
|
|
||||||
const void* table[1];
|
|
||||||
} func_table = {
|
|
||||||
1,
|
|
||||||
{
|
|
||||||
(const void*)e3_foo1_wrapper,
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
//Makes use of the sample code function to establish a secure channel with the destination enclave
|
|
||||||
uint32_t test_create_session(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
dh_session_t dest_session_info;
|
|
||||||
//Core reference code function for creating a session
|
|
||||||
ke_status = create_session(src_enclave_id, dest_enclave_id,&dest_session_info);
|
|
||||||
if(ke_status == SUCCESS)
|
|
||||||
{
|
|
||||||
//Insert the session information into the map under the corresponding destination enclave id
|
|
||||||
g_src_session_info_map.insert(std::pair<sgx_enclave_id_t, dh_session_t>(dest_enclave_id, dest_session_info));
|
|
||||||
}
|
|
||||||
memset(&dest_session_info, 0, sizeof(dh_session_t));
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Makes use of the sample code function to do an enclave to enclave call (Test Vector)
|
|
||||||
uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
external_param_struct_t *p_struct_var, struct_var;
|
|
||||||
internal_param_struct_t internal_struct_var;
|
|
||||||
uint32_t target_fn_id, msg_type;
|
|
||||||
char* marshalled_inp_buff;
|
|
||||||
size_t marshalled_inp_buff_len;
|
|
||||||
char* out_buff;
|
|
||||||
size_t out_buff_len;
|
|
||||||
dh_session_t *dest_session_info;
|
|
||||||
size_t max_out_buff_size;
|
|
||||||
char* retval;
|
|
||||||
|
|
||||||
max_out_buff_size = 50;
|
|
||||||
msg_type = ENCLAVE_TO_ENCLAVE_CALL;
|
|
||||||
target_fn_id = 0;
|
|
||||||
internal_struct_var.ivar1 = 0x5;
|
|
||||||
internal_struct_var.ivar2 = 0x6;
|
|
||||||
struct_var.var1 = 0x3;
|
|
||||||
struct_var.var2 = 0x4;
|
|
||||||
struct_var.p_internal_struct = &internal_struct_var;
|
|
||||||
p_struct_var = &struct_var;
|
|
||||||
|
|
||||||
size_t len_data = sizeof(struct_var) - sizeof(struct_var.p_internal_struct);
|
|
||||||
size_t len_ptr_data = sizeof(internal_struct_var);
|
|
||||||
|
|
||||||
//Marshals the input parameters for calling function foo1 in Enclave1 into a input buffer
|
|
||||||
ke_status = marshal_input_parameters_e1_foo1(target_fn_id, msg_type, p_struct_var, len_data,
|
|
||||||
len_ptr_data, &marshalled_inp_buff, &marshalled_inp_buff_len);
|
|
||||||
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Search the map for the session information associated with the destination enclave id passed in
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
|
|
||||||
if(it != g_src_session_info_map.end())
|
|
||||||
{
|
|
||||||
dest_session_info = &it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Core Reference Code function
|
|
||||||
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info,
|
|
||||||
marshalled_inp_buff, marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
|
|
||||||
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
////Un-marshal the return value and output parameters from foo1 of Enclave1
|
|
||||||
ke_status = unmarshal_retval_and_output_parameters_e1_foo1(out_buff, p_struct_var, &retval);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
SAFE_FREE(retval);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Makes use of the sample code function to do a generic secret message exchange (Test Vector)
|
|
||||||
uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
uint32_t target_fn_id, msg_type;
|
|
||||||
char* marshalled_inp_buff;
|
|
||||||
size_t marshalled_inp_buff_len;
|
|
||||||
char* out_buff;
|
|
||||||
size_t out_buff_len;
|
|
||||||
dh_session_t *dest_session_info;
|
|
||||||
size_t max_out_buff_size;
|
|
||||||
char* secret_response;
|
|
||||||
uint32_t secret_data;
|
|
||||||
|
|
||||||
target_fn_id = 0;
|
|
||||||
msg_type = MESSAGE_EXCHANGE;
|
|
||||||
max_out_buff_size = 50;
|
|
||||||
secret_data = 0x12345678; //Secret Data here is shown only for purpose of demonstration.
|
|
||||||
|
|
||||||
//Marshals the parameters into a buffer
|
|
||||||
ke_status = marshal_message_exchange_request(target_fn_id, msg_type, secret_data, &marshalled_inp_buff, &marshalled_inp_buff_len);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
//Search the map for the session information associated with the destination enclave id passed in
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
|
|
||||||
if(it != g_src_session_info_map.end())
|
|
||||||
{
|
|
||||||
dest_session_info = &it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Core Reference Code function
|
|
||||||
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
|
|
||||||
marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
|
|
||||||
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
//Un-marshal the secret response data
|
|
||||||
ke_status = umarshal_message_exchange_response(out_buff, &secret_response);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
SAFE_FREE(secret_response);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
//Makes use of the sample code function to close a current session
|
|
||||||
uint32_t test_close_session(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
dh_session_t dest_session_info;
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
//Search the map for the session information associated with the destination enclave id passed in
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
|
|
||||||
if(it != g_src_session_info_map.end())
|
|
||||||
{
|
|
||||||
dest_session_info = it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
//Core reference code function for closing a session
|
|
||||||
ke_status = close_session(src_enclave_id, dest_enclave_id);
|
|
||||||
|
|
||||||
//Erase the session information associated with the destination enclave id
|
|
||||||
g_src_session_info_map.erase(dest_enclave_id);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Function that is used to verify the trust of the other enclave
|
|
||||||
//Each enclave can have its own way verifying the peer enclave identity
|
|
||||||
extern "C" uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity)
|
|
||||||
{
|
|
||||||
if(!peer_enclave_identity)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
if(peer_enclave_identity->isv_prod_id != 0 || !(peer_enclave_identity->attributes.flags & SGX_FLAGS_INITTED))
|
|
||||||
// || peer_enclave_identity->attributes.xfrm !=3)// || peer_enclave_identity->mr_signer != xx //TODO: To be hardcoded with values to check
|
|
||||||
{
|
|
||||||
return ENCLAVE_TRUST_ERROR;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
//Dispatch function that calls the approriate enclave function based on the function id
|
|
||||||
//Each enclave can have its own way of dispatching the calls from other enclave
|
|
||||||
extern "C" uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data,
|
|
||||||
size_t decrypted_data_length,
|
|
||||||
char** resp_buffer,
|
|
||||||
size_t* resp_length)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
uint32_t (*fn1)(ms_in_msg_exchange_t *ms, size_t, char**, size_t*);
|
|
||||||
if(!decrypted_data || !resp_length)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
ms = (ms_in_msg_exchange_t *)decrypted_data;
|
|
||||||
if(ms->target_fn_id >= func_table.num_funcs)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
fn1 = (uint32_t (*)(ms_in_msg_exchange_t*, size_t, char**, size_t*))func_table.table[ms->target_fn_id];
|
|
||||||
return fn1(ms, decrypted_data_length, resp_buffer, resp_length);
|
|
||||||
}
|
|
||||||
|
|
||||||
//Operates on the input secret and generates the output secret
|
|
||||||
uint32_t get_message_exchange_response(uint32_t inp_secret_data)
|
|
||||||
{
|
|
||||||
uint32_t secret_response;
|
|
||||||
|
|
||||||
//User should use more complex encryption method to protect their secret, below is just a simple example
|
|
||||||
secret_response = inp_secret_data & 0x11111111;
|
|
||||||
|
|
||||||
return secret_response;
|
|
||||||
|
|
||||||
}
|
|
||||||
//Generates the response from the request message
|
|
||||||
extern "C" uint32_t message_exchange_response_generator(char* decrypted_data,
|
|
||||||
char** resp_buffer,
|
|
||||||
size_t* resp_length)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
uint32_t inp_secret_data;
|
|
||||||
uint32_t out_secret_data;
|
|
||||||
if(!decrypted_data || !resp_length)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
ms = (ms_in_msg_exchange_t *)decrypted_data;
|
|
||||||
|
|
||||||
if(umarshal_message_exchange_request(&inp_secret_data,ms) != SUCCESS)
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
|
|
||||||
out_secret_data = get_message_exchange_response(inp_secret_data);
|
|
||||||
|
|
||||||
if(marshal_message_exchange_response(resp_buffer, resp_length, out_secret_data) != SUCCESS)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
static uint32_t e3_foo1(param_struct_t *p_struct_var)
|
|
||||||
{
|
|
||||||
if(!p_struct_var)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
p_struct_var->var1++;
|
|
||||||
p_struct_var->var2++;
|
|
||||||
|
|
||||||
return(p_struct_var->var1 * p_struct_var->var2);
|
|
||||||
}
|
|
||||||
|
|
||||||
//Function which is executed on request from the source enclave
|
|
||||||
static uint32_t e3_foo1_wrapper(ms_in_msg_exchange_t *ms,
|
|
||||||
size_t param_lenth,
|
|
||||||
char** resp_buffer,
|
|
||||||
size_t* resp_length)
|
|
||||||
{
|
|
||||||
UNUSED(param_lenth);
|
|
||||||
|
|
||||||
uint32_t ret;
|
|
||||||
param_struct_t *p_struct_var;
|
|
||||||
if(!ms || !resp_length)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
p_struct_var = (param_struct_t*)malloc(sizeof(param_struct_t));
|
|
||||||
if(!p_struct_var)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
if(unmarshal_input_parameters_e3_foo1(p_struct_var, ms) != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(p_struct_var);
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = e3_foo1(p_struct_var);
|
|
||||||
|
|
||||||
if(marshal_retval_and_output_parameters_e3_foo1(resp_buffer, resp_length, ret, p_struct_var) != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(p_struct_var);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
SAFE_FREE(p_struct_var);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
|
@ -1,42 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
enclave {
|
|
||||||
include "sgx_eid.h"
|
|
||||||
from "../LocalAttestationCode/LocalAttestationCode.edl" import *;
|
|
||||||
from "sgx_tstdc.edl" import *;
|
|
||||||
trusted{
|
|
||||||
public uint32_t test_create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
public uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
public uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
public uint32_t test_close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
};
|
|
||||||
};
|
|
|
@ -1,10 +0,0 @@
|
||||||
Enclave3.so
|
|
||||||
{
|
|
||||||
global:
|
|
||||||
g_global_data_sim;
|
|
||||||
g_global_data;
|
|
||||||
enclave_entry;
|
|
||||||
g_peak_heap_used;
|
|
||||||
local:
|
|
||||||
*;
|
|
||||||
};
|
|
|
@ -1,39 +0,0 @@
|
||||||
-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIIG4wIBAAKCAYEA0MvI9NpdP4GEqCvtlJQv00OybzTXzxBhPu/257VYt9cYw/ph
|
|
||||||
BN1WRyxBBcrZs15xmcvlb3xNmFGWs4w5oUgrFBNgi6g+CUOCsj0cM8xw7P/y3K0H
|
|
||||||
XaZUf+T3CXCp8NvlkZHzfdWAFA5lGGR9g6kmuk7SojE3h87Zm1KjPU/PvAe+BaMU
|
|
||||||
trlRr4gPNVnu19Vho60xwuswPxfl/pBFUIk7qWEUR3l2hiqWMeLgf3Ays/WSnkXA
|
|
||||||
uijwPt5g0hxsgIlyDrI3jKbf0zkFB56jvPwSykfU8aw4Gkbo5qSZxUAKnwH2L8Uf
|
|
||||||
yM6inBaaYtM79icRwsu45Yt6X0GAt7CSb/1TKBrnm5exmK1sug3YSQ/YuK1FYawU
|
|
||||||
vIaDD0YfzOndTNVBewA+Hr5xNPvqGJoRKHuGbyu2lI9jrKYpVxQWsmx38wnxF6kE
|
|
||||||
zX6N4m7KZiLeLpDdBVQtLuOzIdIE4wT3t/ckeqElxO/1Ut9bj765GcTTrYwMKHRw
|
|
||||||
ukWIH7ZtHtAjj0KzAgEDAoIBgQCLMoX4kZN/q63Fcp5jDXU3gnb0zeU0tZYp9U9F
|
|
||||||
I5B6j2XX/ECt6OQvctYD3JEiPvZmh+5KUt5li7nNCCZrhXINYkBdGtQGLQHMKL13
|
|
||||||
3aCd//c9yK+TxDhVQ09boHFLPUO2YUz+jlVitENlmFOtG28m3zcWy3paieZnjGzT
|
|
||||||
iop9Wn6ubLh50OEfsAojkUnlOOvCc3aB8iAqD+6ptYOLBifGQLgvpk8EHGQhQer/
|
|
||||||
oCHNTmG+2SsmxfV/Pus2vZ2rBkrUbZU0hwrnvKOIPhnt3Qwtmx9xsC67jF+MpWko
|
|
||||||
UisJXC27FAGz2gpIGMhBp35HEppwG9hhCuMQdK2g62bvweyr1tC4qOVdQrKvhksN
|
|
||||||
r6CMjS9eSXvmWdF7lU4oxStN0V56/LICSIsLbggUaxTPKhAVEgfTSqwEJoQuFA3Q
|
|
||||||
4GmgTydPhcRH1L/lhbWJqZQm7V1Gt+5i5J6iATD32uNQQ2iZi5GsUhr+jZC+WlE5
|
|
||||||
6lS813cRNiaK52HIk62bG7IXOksCgcEA+6RxZhQ5GaCPYZNsk7TqxqsKopXKoYAr
|
|
||||||
2R4KWuexJTd+1kcNMk0ETX8OSgpY2cYL2uPFWmdutxPpLfpr8S2u92Da/Wxs70Ti
|
|
||||||
QSb0426ybTmnS5L7nOnGOHiddXILhW175liAszTeoR7nQ6vpr9YjfcnrXiB8bKIm
|
|
||||||
akft2DQoxrBPzEe9tA8gfkyDTsSG2j7kncSbvYRtkKcJOmmypotVU6uhRPSrSXCc
|
|
||||||
J59uBQkg6Bk4CKA1mz8ctG07MluFY0/ZAoHBANRpZlfIFl39gFmuEER7lb80GySO
|
|
||||||
J190LbqOca3dGOvAMsDgEAi6juJyX7ZNpbHFHj++LvmTtw9+kxhVDBcswS7304kt
|
|
||||||
7J2EfnGdctEZtXif1wiq30YWAp1tjRpQENKtt9wssmgcwgK39rZNiEHmStHGv3l+
|
|
||||||
5TnKPKeuFCDnsLvi5lQYoK2wTYvZtsjf+Rnt7H17q90IV54pMjTS8BkGskCkKf2A
|
|
||||||
IYuaZkqX0T3cM6ovoYYDAU6rWL5rrYPLEwkbawKBwQCnwvZEDXtmawpBDPMNI0cv
|
|
||||||
HLHBuTHBAB07aVw8mnYYz6nkL14hiK2I/17cBuXmhAfnQoORmknPYptz/Ef2HnSk
|
|
||||||
6zyo8vNKLewrb03s9Hbze8TdDKe98S7QUGj49rJY86fu5asiIz8WFJotHUZ1OWz+
|
|
||||||
hpzpav2dwW7xhUk6zXCEdYqIL9PNX2r+3azfLa88Ke2+gxJ+WEkLGgYm8SHEXOON
|
|
||||||
HRYt+HIw9b1vv56uBhXwENAFwCO81L3Nnid2565CNTsCgcEAjZuZj9q5k/5VkR61
|
|
||||||
gv0Of3gSGF7E6k1z0bRLyT4QnSrMgJVgBdG0lvbqeYkZIS4UKn7J+7fPX6m3ZY4I
|
|
||||||
D3MrdKU3sMlIaQL+9mj3NhEjpb/ksHHqLrlXE55eEYq14cklPXMhmr3WrHqkeYkF
|
|
||||||
gUQx4S8qUP9De9wob8liwJp10pdEOBBrHnWJB+Z52z/7Zp6dqP0dPgWPvsYheIyg
|
|
||||||
EK8hgG1xU6rBB7xEMbqLfpLNHB/BBAIA3xzl1EfJAodiBhJHAoHAeTS2znDHYayI
|
|
||||||
TvK86tBAPVORiBVTSdRUONdGF3dipo24hyeyrI5MtiOoMc3sKWXnSTkDQWa3WiPx
|
|
||||||
qStBmmO/SbGTuz7T6+oOwGeMiYzYBe87Ayn8Y0KYYshFikieJbGusHjUlIGmCVPy
|
|
||||||
UHrDMYGwFGUGBwW47gBsnZa+YPHtxWCPDe/U80et2Trx0RXJJQPmupAVMSiJWObI
|
|
||||||
9k5gRU+xDqkHanyD1gkGGwhFTUNX94EJEOdQEWw3hxLnVtePoke/
|
|
||||||
-----END RSA PRIVATE KEY-----
|
|
|
@ -1,223 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "EnclaveMessageExchange.h"
|
|
||||||
#include "error_codes.h"
|
|
||||||
#include "Utility_E3.h"
|
|
||||||
#include "stdlib.h"
|
|
||||||
#include "string.h"
|
|
||||||
|
|
||||||
uint32_t marshal_input_parameters_e1_foo1(uint32_t target_fn_id, uint32_t msg_type, external_param_struct_t *p_struct_var, size_t len_data, size_t len_ptr_data, char** marshalled_buff, size_t* marshalled_buff_len)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
size_t param_len, ms_len;
|
|
||||||
char *temp_buff;
|
|
||||||
int* addr;
|
|
||||||
char* struct_data;
|
|
||||||
if(!p_struct_var || !marshalled_buff_len)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
struct_data = (char*)p_struct_var;
|
|
||||||
temp_buff = (char*)malloc(len_data + len_ptr_data);
|
|
||||||
if(!temp_buff)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
memcpy(temp_buff, struct_data, len_data);
|
|
||||||
addr = *(int **)(struct_data + len_data);
|
|
||||||
memcpy(temp_buff + len_data, addr, len_ptr_data); //can be optimized
|
|
||||||
param_len = len_data + len_ptr_data;
|
|
||||||
ms_len = sizeof(ms_in_msg_exchange_t) + param_len;
|
|
||||||
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
{
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
ms->msg_type = msg_type;
|
|
||||||
ms->target_fn_id = target_fn_id;
|
|
||||||
ms->inparam_buff_len = (uint32_t)param_len;
|
|
||||||
memcpy(&ms->inparam_buff, temp_buff, param_len);
|
|
||||||
*marshalled_buff = (char*)ms;
|
|
||||||
*marshalled_buff_len = ms_len;
|
|
||||||
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t marshal_retval_and_output_parameters_e3_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval, param_struct_t *p_struct_var)
|
|
||||||
{
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
size_t ret_param_len, ms_len;
|
|
||||||
char *temp_buff;
|
|
||||||
size_t retval_len;
|
|
||||||
if(!resp_length || !p_struct_var)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
retval_len = sizeof(retval);
|
|
||||||
ret_param_len = sizeof(retval) + sizeof(param_struct_t);
|
|
||||||
temp_buff = (char*)malloc(ret_param_len);
|
|
||||||
if(!temp_buff)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
memcpy(temp_buff, &retval, sizeof(retval));
|
|
||||||
memcpy(temp_buff + sizeof(retval), p_struct_var, sizeof(param_struct_t));
|
|
||||||
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
|
|
||||||
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
{
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
ms->retval_len = (uint32_t)retval_len;
|
|
||||||
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
|
|
||||||
memcpy(&ms->ret_outparam_buff, temp_buff, ret_param_len);
|
|
||||||
*resp_buffer = (char*)ms;
|
|
||||||
*resp_length = ms_len;
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t unmarshal_input_parameters_e3_foo1(param_struct_t *pstruct, ms_in_msg_exchange_t* ms)
|
|
||||||
{
|
|
||||||
char* buff;
|
|
||||||
size_t len;
|
|
||||||
if(!pstruct || !ms)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
buff = ms->inparam_buff;
|
|
||||||
len = ms->inparam_buff_len;
|
|
||||||
|
|
||||||
if(len != (sizeof(pstruct->var1) + sizeof(pstruct->var2)))
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
|
|
||||||
memcpy(&pstruct->var1, buff, sizeof(pstruct->var1));
|
|
||||||
memcpy(&pstruct->var2, buff + sizeof(pstruct->var1), sizeof(pstruct->var2));
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
uint32_t unmarshal_retval_and_output_parameters_e1_foo1(char* out_buff, external_param_struct_t *p_struct_var, char** retval)
|
|
||||||
{
|
|
||||||
size_t retval_len;
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
if(!out_buff || !p_struct_var)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
ms = (ms_out_msg_exchange_t *)out_buff;
|
|
||||||
retval_len = ms->retval_len;
|
|
||||||
*retval = (char*)malloc(retval_len);
|
|
||||||
if(!*retval)
|
|
||||||
{
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
memcpy(*retval, ms->ret_outparam_buff, retval_len);
|
|
||||||
memcpy(&p_struct_var->var1, (ms->ret_outparam_buff) + retval_len, sizeof(p_struct_var->var1));
|
|
||||||
memcpy(&p_struct_var->var2, (ms->ret_outparam_buff) + retval_len + sizeof(p_struct_var->var1), sizeof(p_struct_var->var2));
|
|
||||||
memcpy(&p_struct_var->p_internal_struct->ivar1, (ms->ret_outparam_buff) + retval_len + sizeof(p_struct_var->var1)+ sizeof(p_struct_var->var2), sizeof(p_struct_var->p_internal_struct->ivar1));
|
|
||||||
memcpy(&p_struct_var->p_internal_struct->ivar2, (ms->ret_outparam_buff) + retval_len + sizeof(p_struct_var->var1)+ sizeof(p_struct_var->var2) + sizeof(p_struct_var->p_internal_struct->ivar1), sizeof(p_struct_var->p_internal_struct->ivar2));
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
size_t secret_data_len, ms_len;
|
|
||||||
if(!marshalled_buff_len)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
secret_data_len = sizeof(secret_data);
|
|
||||||
ms_len = sizeof(ms_in_msg_exchange_t) + secret_data_len;
|
|
||||||
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
ms->msg_type = msg_type;
|
|
||||||
ms->target_fn_id = target_fn_id;
|
|
||||||
ms->inparam_buff_len = (uint32_t)secret_data_len;
|
|
||||||
memcpy(&ms->inparam_buff, &secret_data, secret_data_len);
|
|
||||||
|
|
||||||
*marshalled_buff = (char*)ms;
|
|
||||||
*marshalled_buff_len = ms_len;
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms)
|
|
||||||
{
|
|
||||||
char* buff;
|
|
||||||
size_t len;
|
|
||||||
if(!inp_secret_data || !ms)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
buff = ms->inparam_buff;
|
|
||||||
len = ms->inparam_buff_len;
|
|
||||||
|
|
||||||
if(len != sizeof(uint32_t))
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
|
|
||||||
memcpy(inp_secret_data, buff, sizeof(uint32_t));
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response)
|
|
||||||
{
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
size_t secret_response_len, ms_len;
|
|
||||||
size_t retval_len, ret_param_len;
|
|
||||||
if(!resp_length)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
secret_response_len = sizeof(secret_response);
|
|
||||||
retval_len = secret_response_len;
|
|
||||||
ret_param_len = secret_response_len;
|
|
||||||
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
|
|
||||||
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
ms->retval_len = (uint32_t)retval_len;
|
|
||||||
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
|
|
||||||
memcpy(&ms->ret_outparam_buff, &secret_response, secret_response_len);
|
|
||||||
*resp_buffer = (char*)ms;
|
|
||||||
*resp_length = ms_len;
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response)
|
|
||||||
{
|
|
||||||
size_t retval_len;
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
if(!out_buff)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
ms = (ms_out_msg_exchange_t *)out_buff;
|
|
||||||
retval_len = ms->retval_len;
|
|
||||||
*secret_response = (char*)malloc(retval_len);
|
|
||||||
if(!*secret_response)
|
|
||||||
{
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
memcpy(*secret_response, ms->ret_outparam_buff, retval_len);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,73 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
#ifndef UTILITY_E3_H__
|
|
||||||
#define UTILITY_E3_H__
|
|
||||||
|
|
||||||
#include "stdint.h"
|
|
||||||
|
|
||||||
|
|
||||||
typedef struct _internal_param_struct_t
|
|
||||||
{
|
|
||||||
uint32_t ivar1;
|
|
||||||
uint32_t ivar2;
|
|
||||||
}internal_param_struct_t;
|
|
||||||
|
|
||||||
typedef struct _external_param_struct_t
|
|
||||||
{
|
|
||||||
uint32_t var1;
|
|
||||||
uint32_t var2;
|
|
||||||
internal_param_struct_t *p_internal_struct;
|
|
||||||
}external_param_struct_t;
|
|
||||||
|
|
||||||
typedef struct _param_struct_t
|
|
||||||
{
|
|
||||||
uint32_t var1;
|
|
||||||
uint32_t var2;
|
|
||||||
}param_struct_t;
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
extern "C" {
|
|
||||||
#endif
|
|
||||||
|
|
||||||
uint32_t marshal_input_parameters_e1_foo1(uint32_t target_fn_id, uint32_t msg_type, external_param_struct_t *p_struct_var, size_t len_data, size_t len_ptr_data, char** marshalled_buff, size_t* marshalled_buff_len);
|
|
||||||
uint32_t unmarshal_retval_and_output_parameters_e1_foo1(char* out_buff, external_param_struct_t *p_struct_var, char** retval);
|
|
||||||
uint32_t unmarshal_input_parameters_e3_foo1(param_struct_t *pstruct, ms_in_msg_exchange_t* ms);
|
|
||||||
uint32_t marshal_retval_and_output_parameters_e3_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval, param_struct_t *p_struct_var);
|
|
||||||
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len);
|
|
||||||
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms);
|
|
||||||
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response);
|
|
||||||
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response);
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
#endif
|
|
|
@ -1,68 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
#ifndef _DH_SESSION_PROROCOL_H
|
|
||||||
#define _DH_SESSION_PROROCOL_H
|
|
||||||
|
|
||||||
#include "sgx_ecp_types.h"
|
|
||||||
#include "sgx_key.h"
|
|
||||||
#include "sgx_report.h"
|
|
||||||
#include "sgx_attributes.h"
|
|
||||||
|
|
||||||
#define NONCE_SIZE 16
|
|
||||||
#define MAC_SIZE 16
|
|
||||||
|
|
||||||
#define MSG_BUF_LEN sizeof(ec_pub_t)*2
|
|
||||||
#define MSG_HASH_SZ 32
|
|
||||||
|
|
||||||
|
|
||||||
//Session information structure
|
|
||||||
typedef struct _la_dh_session_t
|
|
||||||
{
|
|
||||||
uint32_t session_id; //Identifies the current session
|
|
||||||
uint32_t status; //Indicates session is in progress, active or closed
|
|
||||||
union
|
|
||||||
{
|
|
||||||
struct
|
|
||||||
{
|
|
||||||
sgx_dh_session_t dh_session;
|
|
||||||
}in_progress;
|
|
||||||
|
|
||||||
struct
|
|
||||||
{
|
|
||||||
sgx_key_128bit_t AEK; //Session Key
|
|
||||||
uint32_t counter; //Used to store Message Sequence Number
|
|
||||||
}active;
|
|
||||||
};
|
|
||||||
} dh_session_t;
|
|
||||||
|
|
||||||
|
|
||||||
#endif
|
|
|
@ -1,726 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
#include "sgx_trts.h"
|
|
||||||
#include "sgx_utils.h"
|
|
||||||
#include "EnclaveMessageExchange.h"
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "error_codes.h"
|
|
||||||
#include "sgx_ecp_types.h"
|
|
||||||
#include "sgx_thread.h"
|
|
||||||
#include <map>
|
|
||||||
#include "dh_session_protocol.h"
|
|
||||||
#include "sgx_dh.h"
|
|
||||||
#include "sgx_tcrypto.h"
|
|
||||||
#include "LocalAttestationCode_t.h"
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
extern "C" {
|
|
||||||
#endif
|
|
||||||
|
|
||||||
uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data, size_t decrypted_data_length, char** resp_buffer, size_t* resp_length);
|
|
||||||
uint32_t message_exchange_response_generator(char* decrypted_data, char** resp_buffer, size_t* resp_length);
|
|
||||||
uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity);
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#define MAX_SESSION_COUNT 16
|
|
||||||
|
|
||||||
//number of open sessions
|
|
||||||
uint32_t g_session_count = 0;
|
|
||||||
|
|
||||||
ATTESTATION_STATUS generate_session_id(uint32_t *session_id);
|
|
||||||
ATTESTATION_STATUS end_session(sgx_enclave_id_t src_enclave_id);
|
|
||||||
|
|
||||||
//Array of open session ids
|
|
||||||
session_id_tracker_t *g_session_id_tracker[MAX_SESSION_COUNT];
|
|
||||||
|
|
||||||
//Map between the source enclave id and the session information associated with that particular session
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>g_dest_session_info_map;
|
|
||||||
|
|
||||||
//Create a session with the destination enclave
|
|
||||||
ATTESTATION_STATUS create_session(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id,
|
|
||||||
dh_session_t *session_info)
|
|
||||||
{
|
|
||||||
ocall_print_string("[ECALL] create_session()\n");
|
|
||||||
sgx_dh_msg1_t dh_msg1; //Diffie-Hellman Message 1
|
|
||||||
sgx_key_128bit_t dh_aek; // Session Key
|
|
||||||
sgx_dh_msg2_t dh_msg2; //Diffie-Hellman Message 2
|
|
||||||
sgx_dh_msg3_t dh_msg3; //Diffie-Hellman Message 3
|
|
||||||
uint32_t session_id;
|
|
||||||
uint32_t retstatus;
|
|
||||||
sgx_status_t status = SGX_SUCCESS;
|
|
||||||
sgx_dh_session_t sgx_dh_session;
|
|
||||||
sgx_dh_session_enclave_identity_t responder_identity;
|
|
||||||
|
|
||||||
if(!session_info)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
|
|
||||||
memset(&dh_msg1, 0, sizeof(sgx_dh_msg1_t));
|
|
||||||
memset(&dh_msg2, 0, sizeof(sgx_dh_msg2_t));
|
|
||||||
memset(&dh_msg3, 0, sizeof(sgx_dh_msg3_t));
|
|
||||||
memset(session_info, 0, sizeof(dh_session_t));
|
|
||||||
|
|
||||||
//Intialize the session as a session initiator
|
|
||||||
ocall_print_string("[ECALL] Initializing the session as session initiator...\n");
|
|
||||||
status = sgx_dh_init_session(SGX_DH_SESSION_INITIATOR, &sgx_dh_session);
|
|
||||||
if(SGX_SUCCESS != status)
|
|
||||||
{
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Ocall to request for a session with the destination enclave and obtain session id and Message 1 if successful
|
|
||||||
status = session_request_ocall(&retstatus, src_enclave_id, dest_enclave_id, &dh_msg1, &session_id);
|
|
||||||
if (status == SGX_SUCCESS)
|
|
||||||
{
|
|
||||||
if ((ATTESTATION_STATUS)retstatus != SUCCESS)
|
|
||||||
return ((ATTESTATION_STATUS)retstatus);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return ATTESTATION_SE_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
ocall_print_string("[ECALL] Processing message1 obtained from Enclave2 and generate message2\n");
|
|
||||||
status = sgx_dh_initiator_proc_msg1(&dh_msg1, &dh_msg2, &sgx_dh_session);
|
|
||||||
if(SGX_SUCCESS != status)
|
|
||||||
{
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Send Message 2 to Destination Enclave and get Message 3 in return
|
|
||||||
status = exchange_report_ocall(&retstatus, src_enclave_id, dest_enclave_id, &dh_msg2, &dh_msg3, session_id);
|
|
||||||
if (status == SGX_SUCCESS)
|
|
||||||
{
|
|
||||||
if ((ATTESTATION_STATUS)retstatus != SUCCESS)
|
|
||||||
return ((ATTESTATION_STATUS)retstatus);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return ATTESTATION_SE_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Process Message 3 obtained from the destination enclave
|
|
||||||
ocall_print_string("[ECALL] Processing message3 obtained from Enclave3\n");
|
|
||||||
status = sgx_dh_initiator_proc_msg3(&dh_msg3, &sgx_dh_session, &dh_aek, &responder_identity);
|
|
||||||
if(SGX_SUCCESS != status)
|
|
||||||
{
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Verify the identity of the destination enclave
|
|
||||||
ocall_print_string("[ECALL] Verifying Encalve2(Responder)'s trust\n");
|
|
||||||
if(verify_peer_enclave_trust(&responder_identity) != SUCCESS)
|
|
||||||
{
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
memcpy(session_info->active.AEK, &dh_aek, sizeof(sgx_key_128bit_t));
|
|
||||||
session_info->session_id = session_id;
|
|
||||||
session_info->active.counter = 0;
|
|
||||||
session_info->status = ACTIVE;
|
|
||||||
memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Handle the request from Source Enclave for a session
|
|
||||||
ATTESTATION_STATUS session_request(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_dh_msg1_t *dh_msg1,
|
|
||||||
uint32_t *session_id )
|
|
||||||
{
|
|
||||||
dh_session_t session_info;
|
|
||||||
sgx_dh_session_t sgx_dh_session;
|
|
||||||
sgx_status_t status = SGX_SUCCESS;
|
|
||||||
|
|
||||||
if(!session_id || !dh_msg1)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
//Intialize the session as a session responder
|
|
||||||
status = sgx_dh_init_session(SGX_DH_SESSION_RESPONDER, &sgx_dh_session);
|
|
||||||
if(SGX_SUCCESS != status)
|
|
||||||
{
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//get a new SessionID
|
|
||||||
if ((status = (sgx_status_t)generate_session_id(session_id)) != SUCCESS)
|
|
||||||
return status; //no more sessions available
|
|
||||||
|
|
||||||
//Allocate memory for the session id tracker
|
|
||||||
g_session_id_tracker[*session_id] = (session_id_tracker_t *)malloc(sizeof(session_id_tracker_t));
|
|
||||||
if(!g_session_id_tracker[*session_id])
|
|
||||||
{
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(g_session_id_tracker[*session_id], 0, sizeof(session_id_tracker_t));
|
|
||||||
g_session_id_tracker[*session_id]->session_id = *session_id;
|
|
||||||
session_info.status = IN_PROGRESS;
|
|
||||||
|
|
||||||
//Generate Message1 that will be returned to Source Enclave
|
|
||||||
status = sgx_dh_responder_gen_msg1((sgx_dh_msg1_t*)dh_msg1, &sgx_dh_session);
|
|
||||||
if(SGX_SUCCESS != status)
|
|
||||||
{
|
|
||||||
SAFE_FREE(g_session_id_tracker[*session_id]);
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
memcpy(&session_info.in_progress.dh_session, &sgx_dh_session, sizeof(sgx_dh_session_t));
|
|
||||||
//Store the session information under the correspoding source enlave id key
|
|
||||||
g_dest_session_info_map.insert(std::pair<sgx_enclave_id_t, dh_session_t>(src_enclave_id, session_info));
|
|
||||||
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Verify Message 2, generate Message3 and exchange Message 3 with Source Enclave
|
|
||||||
ATTESTATION_STATUS exchange_report(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_dh_msg2_t *dh_msg2,
|
|
||||||
sgx_dh_msg3_t *dh_msg3,
|
|
||||||
uint32_t session_id)
|
|
||||||
{
|
|
||||||
|
|
||||||
sgx_key_128bit_t dh_aek; // Session key
|
|
||||||
dh_session_t *session_info;
|
|
||||||
ATTESTATION_STATUS status = SUCCESS;
|
|
||||||
sgx_dh_session_t sgx_dh_session;
|
|
||||||
sgx_dh_session_enclave_identity_t initiator_identity;
|
|
||||||
|
|
||||||
if(!dh_msg2 || !dh_msg3)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
|
|
||||||
do
|
|
||||||
{
|
|
||||||
//Retreive the session information for the corresponding source enclave id
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_dest_session_info_map.find(src_enclave_id);
|
|
||||||
if(it != g_dest_session_info_map.end())
|
|
||||||
{
|
|
||||||
session_info = &it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
status = INVALID_SESSION;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(session_info->status != IN_PROGRESS)
|
|
||||||
{
|
|
||||||
status = INVALID_SESSION;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
memcpy(&sgx_dh_session, &session_info->in_progress.dh_session, sizeof(sgx_dh_session_t));
|
|
||||||
|
|
||||||
dh_msg3->msg3_body.additional_prop_length = 0;
|
|
||||||
//Process message 2 from source enclave and obtain message 3
|
|
||||||
sgx_status_t se_ret = sgx_dh_responder_proc_msg2(dh_msg2,
|
|
||||||
dh_msg3,
|
|
||||||
&sgx_dh_session,
|
|
||||||
&dh_aek,
|
|
||||||
&initiator_identity);
|
|
||||||
if(SGX_SUCCESS != se_ret)
|
|
||||||
{
|
|
||||||
status = se_ret;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Verify source enclave's trust
|
|
||||||
if(verify_peer_enclave_trust(&initiator_identity) != SUCCESS)
|
|
||||||
{
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
//save the session ID, status and initialize the session nonce
|
|
||||||
session_info->session_id = session_id;
|
|
||||||
session_info->status = ACTIVE;
|
|
||||||
session_info->active.counter = 0;
|
|
||||||
memcpy(session_info->active.AEK, &dh_aek, sizeof(sgx_key_128bit_t));
|
|
||||||
memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
|
|
||||||
g_session_count++;
|
|
||||||
}while(0);
|
|
||||||
|
|
||||||
if(status != SUCCESS)
|
|
||||||
{
|
|
||||||
end_session(src_enclave_id);
|
|
||||||
}
|
|
||||||
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Request for the response size, send the request message to the destination enclave and receive the response message back
|
|
||||||
ATTESTATION_STATUS send_request_receive_response(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id,
|
|
||||||
dh_session_t *session_info,
|
|
||||||
char *inp_buff,
|
|
||||||
size_t inp_buff_len,
|
|
||||||
size_t max_out_buff_size,
|
|
||||||
char **out_buff,
|
|
||||||
size_t* out_buff_len)
|
|
||||||
{
|
|
||||||
const uint8_t* plaintext;
|
|
||||||
uint32_t plaintext_length;
|
|
||||||
sgx_status_t status;
|
|
||||||
uint32_t retstatus;
|
|
||||||
secure_message_t* req_message;
|
|
||||||
secure_message_t* resp_message;
|
|
||||||
uint8_t *decrypted_data;
|
|
||||||
uint32_t decrypted_data_length;
|
|
||||||
uint32_t plain_text_offset;
|
|
||||||
uint8_t l_tag[TAG_SIZE];
|
|
||||||
size_t max_resp_message_length;
|
|
||||||
plaintext = (const uint8_t*)(" ");
|
|
||||||
plaintext_length = 0;
|
|
||||||
|
|
||||||
if(!session_info || !inp_buff)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
//Check if the nonce for the session has not exceeded 2^32-2 if so end session and start a new session
|
|
||||||
if(session_info->active.counter == ((uint32_t) - 2))
|
|
||||||
{
|
|
||||||
close_session(src_enclave_id, dest_enclave_id);
|
|
||||||
create_session(src_enclave_id, dest_enclave_id, session_info);
|
|
||||||
}
|
|
||||||
|
|
||||||
//Allocate memory for the AES-GCM request message
|
|
||||||
req_message = (secure_message_t*)malloc(sizeof(secure_message_t)+ inp_buff_len);
|
|
||||||
if(!req_message)
|
|
||||||
{
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(req_message,0,sizeof(secure_message_t)+ inp_buff_len);
|
|
||||||
const uint32_t data2encrypt_length = (uint32_t)inp_buff_len;
|
|
||||||
//Set the payload size to data to encrypt length
|
|
||||||
req_message->message_aes_gcm_data.payload_size = data2encrypt_length;
|
|
||||||
|
|
||||||
//Use the session nonce as the payload IV
|
|
||||||
memcpy(req_message->message_aes_gcm_data.reserved,&session_info->active.counter,sizeof(session_info->active.counter));
|
|
||||||
|
|
||||||
//Set the session ID of the message to the current session id
|
|
||||||
req_message->session_id = session_info->session_id;
|
|
||||||
|
|
||||||
//Prepare the request message with the encrypted payload
|
|
||||||
status = sgx_rijndael128GCM_encrypt(&session_info->active.AEK, (uint8_t*)inp_buff, data2encrypt_length,
|
|
||||||
reinterpret_cast<uint8_t *>(&(req_message->message_aes_gcm_data.payload)),
|
|
||||||
reinterpret_cast<uint8_t *>(&(req_message->message_aes_gcm_data.reserved)),
|
|
||||||
sizeof(req_message->message_aes_gcm_data.reserved), plaintext, plaintext_length,
|
|
||||||
&(req_message->message_aes_gcm_data.payload_tag));
|
|
||||||
|
|
||||||
if(SGX_SUCCESS != status)
|
|
||||||
{
|
|
||||||
SAFE_FREE(req_message);
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Allocate memory for the response payload to be copied
|
|
||||||
*out_buff = (char*)malloc(max_out_buff_size);
|
|
||||||
if(!*out_buff)
|
|
||||||
{
|
|
||||||
SAFE_FREE(req_message);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(*out_buff, 0, max_out_buff_size);
|
|
||||||
|
|
||||||
//Allocate memory for the response message
|
|
||||||
resp_message = (secure_message_t*)malloc(sizeof(secure_message_t)+ max_out_buff_size);
|
|
||||||
if(!resp_message)
|
|
||||||
{
|
|
||||||
SAFE_FREE(req_message);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(resp_message, 0, sizeof(secure_message_t)+ max_out_buff_size);
|
|
||||||
|
|
||||||
//Ocall to send the request to the Destination Enclave and get the response message back
|
|
||||||
status = send_request_ocall(&retstatus, src_enclave_id, dest_enclave_id, req_message,
|
|
||||||
(sizeof(secure_message_t)+ inp_buff_len), max_out_buff_size,
|
|
||||||
resp_message, (sizeof(secure_message_t)+ max_out_buff_size));
|
|
||||||
if (status == SGX_SUCCESS)
|
|
||||||
{
|
|
||||||
if ((ATTESTATION_STATUS)retstatus != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(req_message);
|
|
||||||
SAFE_FREE(resp_message);
|
|
||||||
return ((ATTESTATION_STATUS)retstatus);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
SAFE_FREE(req_message);
|
|
||||||
SAFE_FREE(resp_message);
|
|
||||||
return ATTESTATION_SE_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
max_resp_message_length = sizeof(secure_message_t)+ max_out_buff_size;
|
|
||||||
|
|
||||||
if(sizeof(resp_message) > max_resp_message_length)
|
|
||||||
{
|
|
||||||
SAFE_FREE(req_message);
|
|
||||||
SAFE_FREE(resp_message);
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Code to process the response message from the Destination Enclave
|
|
||||||
|
|
||||||
decrypted_data_length = resp_message->message_aes_gcm_data.payload_size;
|
|
||||||
plain_text_offset = decrypted_data_length;
|
|
||||||
decrypted_data = (uint8_t*)malloc(decrypted_data_length);
|
|
||||||
if(!decrypted_data)
|
|
||||||
{
|
|
||||||
SAFE_FREE(req_message);
|
|
||||||
SAFE_FREE(resp_message);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
memset(&l_tag, 0, 16);
|
|
||||||
|
|
||||||
memset(decrypted_data, 0, decrypted_data_length);
|
|
||||||
|
|
||||||
//Decrypt the response message payload
|
|
||||||
status = sgx_rijndael128GCM_decrypt(&session_info->active.AEK, resp_message->message_aes_gcm_data.payload,
|
|
||||||
decrypted_data_length, decrypted_data,
|
|
||||||
reinterpret_cast<uint8_t *>(&(resp_message->message_aes_gcm_data.reserved)),
|
|
||||||
sizeof(resp_message->message_aes_gcm_data.reserved), &(resp_message->message_aes_gcm_data.payload[plain_text_offset]), plaintext_length,
|
|
||||||
&resp_message->message_aes_gcm_data.payload_tag);
|
|
||||||
|
|
||||||
if(SGX_SUCCESS != status)
|
|
||||||
{
|
|
||||||
SAFE_FREE(req_message);
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
SAFE_FREE(resp_message);
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Verify if the nonce obtained in the response is equal to the session nonce + 1 (Prevents replay attacks)
|
|
||||||
if(*(resp_message->message_aes_gcm_data.reserved) != (session_info->active.counter + 1 ))
|
|
||||||
{
|
|
||||||
SAFE_FREE(req_message);
|
|
||||||
SAFE_FREE(resp_message);
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Update the value of the session nonce in the source enclave
|
|
||||||
session_info->active.counter = session_info->active.counter + 1;
|
|
||||||
|
|
||||||
memcpy(out_buff_len, &decrypted_data_length, sizeof(decrypted_data_length));
|
|
||||||
memcpy(*out_buff, decrypted_data, decrypted_data_length);
|
|
||||||
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
SAFE_FREE(req_message);
|
|
||||||
SAFE_FREE(resp_message);
|
|
||||||
return SUCCESS;
|
|
||||||
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
//Process the request from the Source enclave and send the response message back to the Source enclave
|
|
||||||
ATTESTATION_STATUS generate_response(sgx_enclave_id_t src_enclave_id,
|
|
||||||
secure_message_t* req_message,
|
|
||||||
size_t req_message_size,
|
|
||||||
size_t max_payload_size,
|
|
||||||
secure_message_t* resp_message,
|
|
||||||
size_t resp_message_size)
|
|
||||||
{
|
|
||||||
const uint8_t* plaintext;
|
|
||||||
uint32_t plaintext_length;
|
|
||||||
uint8_t *decrypted_data;
|
|
||||||
uint32_t decrypted_data_length;
|
|
||||||
uint32_t plain_text_offset;
|
|
||||||
ms_in_msg_exchange_t * ms;
|
|
||||||
size_t resp_data_length;
|
|
||||||
size_t resp_message_calc_size;
|
|
||||||
char* resp_data;
|
|
||||||
uint8_t l_tag[TAG_SIZE];
|
|
||||||
size_t header_size, expected_payload_size;
|
|
||||||
dh_session_t *session_info;
|
|
||||||
secure_message_t* temp_resp_message;
|
|
||||||
uint32_t ret;
|
|
||||||
sgx_status_t status;
|
|
||||||
|
|
||||||
plaintext = (const uint8_t*)(" ");
|
|
||||||
plaintext_length = 0;
|
|
||||||
|
|
||||||
if(!req_message || !resp_message)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Get the session information from the map corresponding to the source enclave id
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_dest_session_info_map.find(src_enclave_id);
|
|
||||||
if(it != g_dest_session_info_map.end())
|
|
||||||
{
|
|
||||||
session_info = &it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(session_info->status != ACTIVE)
|
|
||||||
{
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Set the decrypted data length to the payload size obtained from the message
|
|
||||||
decrypted_data_length = req_message->message_aes_gcm_data.payload_size;
|
|
||||||
|
|
||||||
header_size = sizeof(secure_message_t);
|
|
||||||
expected_payload_size = req_message_size - header_size;
|
|
||||||
|
|
||||||
//Verify the size of the payload
|
|
||||||
if(expected_payload_size != decrypted_data_length)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
|
|
||||||
memset(&l_tag, 0, 16);
|
|
||||||
plain_text_offset = decrypted_data_length;
|
|
||||||
decrypted_data = (uint8_t*)malloc(decrypted_data_length);
|
|
||||||
if(!decrypted_data)
|
|
||||||
{
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(decrypted_data, 0, decrypted_data_length);
|
|
||||||
|
|
||||||
//Decrypt the request message payload from source enclave
|
|
||||||
status = sgx_rijndael128GCM_decrypt(&session_info->active.AEK, req_message->message_aes_gcm_data.payload,
|
|
||||||
decrypted_data_length, decrypted_data,
|
|
||||||
reinterpret_cast<uint8_t *>(&(req_message->message_aes_gcm_data.reserved)),
|
|
||||||
sizeof(req_message->message_aes_gcm_data.reserved), &(req_message->message_aes_gcm_data.payload[plain_text_offset]), plaintext_length,
|
|
||||||
&req_message->message_aes_gcm_data.payload_tag);
|
|
||||||
|
|
||||||
if(SGX_SUCCESS != status)
|
|
||||||
{
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Casting the decrypted data to the marshaling structure type to obtain type of request (generic message exchange/enclave to enclave call)
|
|
||||||
ms = (ms_in_msg_exchange_t *)decrypted_data;
|
|
||||||
|
|
||||||
|
|
||||||
// Verify if the nonce obtained in the request is equal to the session nonce
|
|
||||||
if((uint32_t)*(req_message->message_aes_gcm_data.reserved) != session_info->active.counter || *(req_message->message_aes_gcm_data.reserved) > ((2^32)-2))
|
|
||||||
{
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(ms->msg_type == MESSAGE_EXCHANGE)
|
|
||||||
{
|
|
||||||
//Call the generic secret response generator for message exchange
|
|
||||||
ret = message_exchange_response_generator((char*)decrypted_data, &resp_data, &resp_data_length);
|
|
||||||
if(ret !=0)
|
|
||||||
{
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
SAFE_FREE(resp_data);
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else if(ms->msg_type == ENCLAVE_TO_ENCLAVE_CALL)
|
|
||||||
{
|
|
||||||
//Call the destination enclave's dispatcher to call the appropriate function in the destination enclave
|
|
||||||
ret = enclave_to_enclave_call_dispatcher((char*)decrypted_data, decrypted_data_length, &resp_data, &resp_data_length);
|
|
||||||
if(ret !=0)
|
|
||||||
{
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
SAFE_FREE(resp_data);
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
return INVALID_REQUEST_TYPE_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
if(resp_data_length > max_payload_size)
|
|
||||||
{
|
|
||||||
SAFE_FREE(resp_data);
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
return OUT_BUFFER_LENGTH_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
resp_message_calc_size = sizeof(secure_message_t)+ resp_data_length;
|
|
||||||
|
|
||||||
if(resp_message_calc_size > resp_message_size)
|
|
||||||
{
|
|
||||||
SAFE_FREE(resp_data);
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
return OUT_BUFFER_LENGTH_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Code to build the response back to the Source Enclave
|
|
||||||
temp_resp_message = (secure_message_t*)malloc(resp_message_calc_size);
|
|
||||||
if(!temp_resp_message)
|
|
||||||
{
|
|
||||||
SAFE_FREE(resp_data);
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(temp_resp_message,0,sizeof(secure_message_t)+ resp_data_length);
|
|
||||||
const uint32_t data2encrypt_length = (uint32_t)resp_data_length;
|
|
||||||
temp_resp_message->session_id = session_info->session_id;
|
|
||||||
temp_resp_message->message_aes_gcm_data.payload_size = data2encrypt_length;
|
|
||||||
|
|
||||||
//Increment the Session Nonce (Replay Protection)
|
|
||||||
session_info->active.counter = session_info->active.counter + 1;
|
|
||||||
|
|
||||||
//Set the response nonce as the session nonce
|
|
||||||
memcpy(&temp_resp_message->message_aes_gcm_data.reserved,&session_info->active.counter,sizeof(session_info->active.counter));
|
|
||||||
|
|
||||||
//Prepare the response message with the encrypted payload
|
|
||||||
status = sgx_rijndael128GCM_encrypt(&session_info->active.AEK, (uint8_t*)resp_data, data2encrypt_length,
|
|
||||||
reinterpret_cast<uint8_t *>(&(temp_resp_message->message_aes_gcm_data.payload)),
|
|
||||||
reinterpret_cast<uint8_t *>(&(temp_resp_message->message_aes_gcm_data.reserved)),
|
|
||||||
sizeof(temp_resp_message->message_aes_gcm_data.reserved), plaintext, plaintext_length,
|
|
||||||
&(temp_resp_message->message_aes_gcm_data.payload_tag));
|
|
||||||
|
|
||||||
if(SGX_SUCCESS != status)
|
|
||||||
{
|
|
||||||
SAFE_FREE(resp_data);
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
SAFE_FREE(temp_resp_message);
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(resp_message, 0, sizeof(secure_message_t)+ resp_data_length);
|
|
||||||
memcpy(resp_message, temp_resp_message, sizeof(secure_message_t)+ resp_data_length);
|
|
||||||
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
SAFE_FREE(resp_data);
|
|
||||||
SAFE_FREE(temp_resp_message);
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Close a current session
|
|
||||||
ATTESTATION_STATUS close_session(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
sgx_status_t status;
|
|
||||||
|
|
||||||
uint32_t retstatus;
|
|
||||||
|
|
||||||
//Ocall to ask the destination enclave to end the session
|
|
||||||
status = end_session_ocall(&retstatus, src_enclave_id, dest_enclave_id);
|
|
||||||
if (status == SGX_SUCCESS)
|
|
||||||
{
|
|
||||||
if ((ATTESTATION_STATUS)retstatus != SUCCESS)
|
|
||||||
return ((ATTESTATION_STATUS)retstatus);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return ATTESTATION_SE_ERROR;
|
|
||||||
}
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Respond to the request from the Source Enclave to close the session
|
|
||||||
ATTESTATION_STATUS end_session(sgx_enclave_id_t src_enclave_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS status = SUCCESS;
|
|
||||||
int i;
|
|
||||||
dh_session_t session_info;
|
|
||||||
uint32_t session_id;
|
|
||||||
|
|
||||||
//Get the session information from the map corresponding to the source enclave id
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_dest_session_info_map.find(src_enclave_id);
|
|
||||||
if(it != g_dest_session_info_map.end())
|
|
||||||
{
|
|
||||||
session_info = it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
session_id = session_info.session_id;
|
|
||||||
//Erase the session information for the current session
|
|
||||||
g_dest_session_info_map.erase(src_enclave_id);
|
|
||||||
|
|
||||||
//Update the session id tracker
|
|
||||||
if (g_session_count > 0)
|
|
||||||
{
|
|
||||||
//check if session exists
|
|
||||||
for (i=1; i <= MAX_SESSION_COUNT; i++)
|
|
||||||
{
|
|
||||||
if(g_session_id_tracker[i-1] != NULL && g_session_id_tracker[i-1]->session_id == session_id)
|
|
||||||
{
|
|
||||||
memset(g_session_id_tracker[i-1], 0, sizeof(session_id_tracker_t));
|
|
||||||
SAFE_FREE(g_session_id_tracker[i-1]);
|
|
||||||
g_session_count--;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return status;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
//Returns a new sessionID for the source destination session
|
|
||||||
ATTESTATION_STATUS generate_session_id(uint32_t *session_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS status = SUCCESS;
|
|
||||||
|
|
||||||
if(!session_id)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
//if the session structure is untintialized, set that as the next session ID
|
|
||||||
for (int i = 0; i < MAX_SESSION_COUNT; i++)
|
|
||||||
{
|
|
||||||
if (g_session_id_tracker[i] == NULL)
|
|
||||||
{
|
|
||||||
*session_id = i;
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
status = NO_AVAILABLE_SESSION_ERROR;
|
|
||||||
|
|
||||||
return status;
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,54 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
#include "datatypes.h"
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "sgx_trts.h"
|
|
||||||
#include <map>
|
|
||||||
#include "dh_session_protocol.h"
|
|
||||||
|
|
||||||
#ifndef LOCALATTESTATION_H_
|
|
||||||
#define LOCALATTESTATION_H_
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
extern "C" {
|
|
||||||
#endif
|
|
||||||
|
|
||||||
uint32_t SGXAPI create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, dh_session_t *p_session_info);
|
|
||||||
uint32_t SGXAPI send_request_receive_response(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, dh_session_t *p_session_info, char *inp_buff, size_t inp_buff_len, size_t max_out_buff_size, char **out_buff, size_t* out_buff_len);
|
|
||||||
uint32_t SGXAPI close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#endif
|
|
|
@ -1,50 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
enclave {
|
|
||||||
include "sgx_eid.h"
|
|
||||||
include "datatypes.h"
|
|
||||||
include "../Include/dh_session_protocol.h"
|
|
||||||
trusted{
|
|
||||||
public uint32_t session_request(sgx_enclave_id_t src_enclave_id, [out] sgx_dh_msg1_t *dh_msg1, [out] uint32_t *session_id);
|
|
||||||
public uint32_t exchange_report(sgx_enclave_id_t src_enclave_id, [in] sgx_dh_msg2_t *dh_msg2, [out] sgx_dh_msg3_t *dh_msg3, uint32_t session_id);
|
|
||||||
public uint32_t generate_response(sgx_enclave_id_t src_enclave_id, [in, size = req_message_size] secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, [out, size=resp_message_size] secure_message_t* resp_message, size_t resp_message_size );
|
|
||||||
public uint32_t end_session(sgx_enclave_id_t src_enclave_id);
|
|
||||||
};
|
|
||||||
|
|
||||||
untrusted{
|
|
||||||
uint32_t session_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [out] sgx_dh_msg1_t *dh_msg1,[out] uint32_t *session_id);
|
|
||||||
uint32_t exchange_report_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [in] sgx_dh_msg2_t *dh_msg2, [out] sgx_dh_msg3_t *dh_msg3, uint32_t session_id);
|
|
||||||
uint32_t send_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [in, size = req_message_size] secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, [out, size=resp_message_size] secure_message_t* resp_message, size_t resp_message_size);
|
|
||||||
uint32_t end_session_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
void ocall_print_string([in, string] const char *str);
|
|
||||||
};
|
|
||||||
};
|
|
|
@ -1,105 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include "sgx_report.h"
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "sgx_ecp_types.h"
|
|
||||||
#include "sgx_dh.h"
|
|
||||||
#include "sgx_tseal.h"
|
|
||||||
|
|
||||||
#ifndef DATATYPES_H_
|
|
||||||
#define DATATYPES_H_
|
|
||||||
|
|
||||||
#define DH_KEY_SIZE 20
|
|
||||||
#define NONCE_SIZE 16
|
|
||||||
#define MAC_SIZE 16
|
|
||||||
#define MAC_KEY_SIZE 16
|
|
||||||
#define PADDING_SIZE 16
|
|
||||||
|
|
||||||
#define TAG_SIZE 16
|
|
||||||
#define IV_SIZE 12
|
|
||||||
|
|
||||||
#define DERIVE_MAC_KEY 0x0
|
|
||||||
#define DERIVE_SESSION_KEY 0x1
|
|
||||||
#define DERIVE_VK1_KEY 0x3
|
|
||||||
#define DERIVE_VK2_KEY 0x4
|
|
||||||
|
|
||||||
#define CLOSED 0x0
|
|
||||||
#define IN_PROGRESS 0x1
|
|
||||||
#define ACTIVE 0x2
|
|
||||||
|
|
||||||
#define MESSAGE_EXCHANGE 0x0
|
|
||||||
#define ENCLAVE_TO_ENCLAVE_CALL 0x1
|
|
||||||
|
|
||||||
#define INVALID_ARGUMENT -2 ///< Invalid function argument
|
|
||||||
#define LOGIC_ERROR -3 ///< Functional logic error
|
|
||||||
#define FILE_NOT_FOUND -4 ///< File not found
|
|
||||||
|
|
||||||
#define SAFE_FREE(ptr) {if (NULL != (ptr)) {free(ptr); (ptr)=NULL;}}
|
|
||||||
|
|
||||||
#define VMC_ATTRIBUTE_MASK 0xFFFFFFFFFFFFFFCB
|
|
||||||
|
|
||||||
typedef uint8_t dh_nonce[NONCE_SIZE];
|
|
||||||
typedef uint8_t cmac_128[MAC_SIZE];
|
|
||||||
|
|
||||||
#pragma pack(push, 1)
|
|
||||||
|
|
||||||
//Format of the AES-GCM message being exchanged between the source and the destination enclaves
|
|
||||||
typedef struct _secure_message_t
|
|
||||||
{
|
|
||||||
uint32_t session_id; //Session ID identifyting the session to which the message belongs
|
|
||||||
sgx_aes_gcm_data_t message_aes_gcm_data;
|
|
||||||
}secure_message_t;
|
|
||||||
|
|
||||||
//Format of the input function parameter structure
|
|
||||||
typedef struct _ms_in_msg_exchange_t {
|
|
||||||
uint32_t msg_type; //Type of Call E2E or general message exchange
|
|
||||||
uint32_t target_fn_id; //Function Id to be called in Destination. Is valid only when msg_type=ENCLAVE_TO_ENCLAVE_CALL
|
|
||||||
uint32_t inparam_buff_len; //Length of the serialized input parameters
|
|
||||||
char inparam_buff[]; //Serialized input parameters
|
|
||||||
} ms_in_msg_exchange_t;
|
|
||||||
|
|
||||||
//Format of the return value and output function parameter structure
|
|
||||||
typedef struct _ms_out_msg_exchange_t {
|
|
||||||
uint32_t retval_len; //Length of the return value
|
|
||||||
uint32_t ret_outparam_buff_len; //Length of the serialized return value and output parameters
|
|
||||||
char ret_outparam_buff[]; //Serialized return value and output parameters
|
|
||||||
} ms_out_msg_exchange_t;
|
|
||||||
|
|
||||||
//Session Tracker to generate session ids
|
|
||||||
typedef struct _session_id_tracker_t
|
|
||||||
{
|
|
||||||
uint32_t session_id;
|
|
||||||
}session_id_tracker_t;
|
|
||||||
|
|
||||||
#pragma pack(pop)
|
|
||||||
|
|
||||||
#endif
|
|
|
@ -1,53 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
#ifndef ERROR_CODES_H_
|
|
||||||
#define ERROR_CODES_H_
|
|
||||||
|
|
||||||
typedef uint32_t ATTESTATION_STATUS;
|
|
||||||
|
|
||||||
#define SUCCESS 0x00
|
|
||||||
#define INVALID_PARAMETER 0xE1
|
|
||||||
#define VALID_SESSION 0xE2
|
|
||||||
#define INVALID_SESSION 0xE3
|
|
||||||
#define ATTESTATION_ERROR 0xE4
|
|
||||||
#define ATTESTATION_SE_ERROR 0xE5
|
|
||||||
#define IPP_ERROR 0xE6
|
|
||||||
#define NO_AVAILABLE_SESSION_ERROR 0xE7
|
|
||||||
#define MALLOC_ERROR 0xE8
|
|
||||||
#define ERROR_TAG_MISMATCH 0xE9
|
|
||||||
#define OUT_BUFFER_LENGTH_ERROR 0xEA
|
|
||||||
#define INVALID_REQUEST_TYPE_ERROR 0xEB
|
|
||||||
#define INVALID_PARAMETER_ERROR 0xEC
|
|
||||||
#define ENCLAVE_TRUST_ERROR 0xED
|
|
||||||
#define ENCRYPT_DECRYPT_ERROR 0xEE
|
|
||||||
#define DUPLICATE_SESSION 0xEF
|
|
||||||
#endif
|
|
|
@ -1,346 +0,0 @@
|
||||||
#
|
|
||||||
# Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
#
|
|
||||||
# Redistribution and use in source and binary forms, with or without
|
|
||||||
# modification, are permitted provided that the following conditions
|
|
||||||
# are met:
|
|
||||||
#
|
|
||||||
# * Redistributions of source code must retain the above copyright
|
|
||||||
# notice, this list of conditions and the following disclaimer.
|
|
||||||
# * Redistributions in binary form must reproduce the above copyright
|
|
||||||
# notice, this list of conditions and the following disclaimer in
|
|
||||||
# the documentation and/or other materials provided with the
|
|
||||||
# distribution.
|
|
||||||
# * Neither the name of Intel Corporation nor the names of its
|
|
||||||
# contributors may be used to endorse or promote products derived
|
|
||||||
# from this software without specific prior written permission.
|
|
||||||
#
|
|
||||||
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
#
|
|
||||||
#
|
|
||||||
|
|
||||||
######## SGX SDK Settings ########
|
|
||||||
|
|
||||||
SGX_SDK ?= /opt/intel/sgxsdk
|
|
||||||
SGX_MODE ?= HW
|
|
||||||
SGX_ARCH ?= x64
|
|
||||||
SGX_DEBUG ?= 1
|
|
||||||
|
|
||||||
ifeq ($(shell getconf LONG_BIT), 32)
|
|
||||||
SGX_ARCH := x86
|
|
||||||
else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32)
|
|
||||||
SGX_ARCH := x86
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifeq ($(SGX_ARCH), x86)
|
|
||||||
SGX_COMMON_CFLAGS := -m32
|
|
||||||
SGX_LIBRARY_PATH := $(SGX_SDK)/lib
|
|
||||||
SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign
|
|
||||||
SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r
|
|
||||||
else
|
|
||||||
SGX_COMMON_CFLAGS := -m64
|
|
||||||
SGX_LIBRARY_PATH := $(SGX_SDK)/lib64
|
|
||||||
SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign
|
|
||||||
SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifeq ($(SGX_DEBUG), 1)
|
|
||||||
ifeq ($(SGX_PRERELEASE), 1)
|
|
||||||
$(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!)
|
|
||||||
endif
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifeq ($(SGX_DEBUG), 1)
|
|
||||||
SGX_COMMON_CFLAGS += -O0 -g
|
|
||||||
else
|
|
||||||
SGX_COMMON_CFLAGS += -O2
|
|
||||||
endif
|
|
||||||
|
|
||||||
######## Library Settings ########
|
|
||||||
|
|
||||||
Trust_Lib_Name := libLocalAttestation_Trusted.a
|
|
||||||
TrustLib_Cpp_Files := $(wildcard LocalAttestationCode/*.cpp)
|
|
||||||
TrustLib_Cpp_Objects := $(TrustLib_Cpp_Files:.cpp=.o)
|
|
||||||
TrustLib_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx -I$(SGX_SDK)/include/epid -I./Include
|
|
||||||
TrustLib_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector $(TrustLib_Include_Paths)
|
|
||||||
TrustLib_Compile_Cxx_Flags := -std=c++11 -nostdinc++
|
|
||||||
|
|
||||||
UnTrustLib_Name := libLocalAttestation_unTrusted.a
|
|
||||||
UnTrustLib_Cpp_Files := $(wildcard Untrusted_LocalAttestation/*.cpp)
|
|
||||||
UnTrustLib_Cpp_Objects := $(UnTrustLib_Cpp_Files:.cpp=.o)
|
|
||||||
UnTrustLib_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/ippcp -I./Include -I./LocalAttestationCode
|
|
||||||
UnTrustLib_Compile_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes -std=c++11 $(UnTrustLib_Include_Paths)
|
|
||||||
|
|
||||||
######## App Settings ########
|
|
||||||
|
|
||||||
ifneq ($(SGX_MODE), HW)
|
|
||||||
Urts_Library_Name := sgx_urts_sim
|
|
||||||
else
|
|
||||||
Urts_Library_Name := sgx_urts
|
|
||||||
endif
|
|
||||||
|
|
||||||
App_Cpp_Files := $(wildcard App/*.cpp)
|
|
||||||
App_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/ippcp -I./Include -I./LocalAttestationCode
|
|
||||||
|
|
||||||
App_Compile_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths)
|
|
||||||
# Three configuration modes - Debug, prerelease, release
|
|
||||||
# Debug - Macro DEBUG enabled.
|
|
||||||
# Prerelease - Macro NDEBUG and EDEBUG enabled.
|
|
||||||
# Release - Macro NDEBUG enabled.
|
|
||||||
ifeq ($(SGX_DEBUG), 1)
|
|
||||||
App_Compile_Flags += -DDEBUG -UNDEBUG -UEDEBUG
|
|
||||||
else ifeq ($(SGX_PRERELEASE), 1)
|
|
||||||
App_Compile_Flags += -DNDEBUG -DEDEBUG -UDEBUG
|
|
||||||
else
|
|
||||||
App_Compile_Flags += -DNDEBUG -UEDEBUG -UDEBUG
|
|
||||||
endif
|
|
||||||
|
|
||||||
App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -L. -lpthread -lLocalAttestation_unTrusted
|
|
||||||
|
|
||||||
ifneq ($(SGX_MODE), HW)
|
|
||||||
App_Link_Flags += -lsgx_uae_service_sim
|
|
||||||
else
|
|
||||||
App_Link_Flags += -lsgx_uae_service
|
|
||||||
endif
|
|
||||||
|
|
||||||
App_Cpp_Objects := $(App_Cpp_Files:.cpp=.o)
|
|
||||||
App_Name := app
|
|
||||||
|
|
||||||
######## Enclave Settings ########
|
|
||||||
|
|
||||||
Enclave1_Version_Script := Enclave1/Enclave1.lds
|
|
||||||
Enclave2_Version_Script := Enclave2/Enclave2.lds
|
|
||||||
Enclave3_Version_Script := Enclave3/Enclave3.lds
|
|
||||||
|
|
||||||
ifneq ($(SGX_MODE), HW)
|
|
||||||
Trts_Library_Name := sgx_trts_sim
|
|
||||||
Service_Library_Name := sgx_tservice_sim
|
|
||||||
else
|
|
||||||
Trts_Library_Name := sgx_trts
|
|
||||||
Service_Library_Name := sgx_tservice
|
|
||||||
endif
|
|
||||||
Crypto_Library_Name := sgx_tcrypto
|
|
||||||
|
|
||||||
Enclave_Cpp_Files_1 := $(wildcard Enclave1/*.cpp)
|
|
||||||
Enclave_Cpp_Files_2 := $(wildcard Enclave2/*.cpp)
|
|
||||||
Enclave_Cpp_Files_3 := $(wildcard Enclave3/*.cpp)
|
|
||||||
Enclave_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx -I./LocalAttestationCode -I./Include
|
|
||||||
|
|
||||||
CC_BELOW_4_9 := $(shell expr "`$(CC) -dumpversion`" \< "4.9")
|
|
||||||
ifeq ($(CC_BELOW_4_9), 1)
|
|
||||||
Enclave_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -ffunction-sections -fdata-sections -fstack-protector
|
|
||||||
else
|
|
||||||
Enclave_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -ffunction-sections -fdata-sections -fstack-protector-strong
|
|
||||||
endif
|
|
||||||
|
|
||||||
Enclave_Compile_Flags += $(Enclave_Include_Paths)
|
|
||||||
|
|
||||||
# To generate a proper enclave, it is recommended to follow below guideline to link the trusted libraries:
|
|
||||||
# 1. Link sgx_trts with the `--whole-archive' and `--no-whole-archive' options,
|
|
||||||
# so that the whole content of trts is included in the enclave.
|
|
||||||
# 2. For other libraries, you just need to pull the required symbols.
|
|
||||||
# Use `--start-group' and `--end-group' to link these libraries.
|
|
||||||
# Do NOT move the libraries linked with `--start-group' and `--end-group' within `--whole-archive' and `--no-whole-archive' options.
|
|
||||||
# Otherwise, you may get some undesirable errors.
|
|
||||||
Common_Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \
|
|
||||||
-Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
|
|
||||||
-Wl,--start-group -lsgx_tstdc -lsgx_tcxx -l$(Crypto_Library_Name) -L. -lLocalAttestation_Trusted -l$(Service_Library_Name) -Wl,--end-group \
|
|
||||||
-Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
|
|
||||||
-Wl,-pie,-eenclave_entry -Wl,--export-dynamic \
|
|
||||||
-Wl,--defsym,__ImageBase=0 -Wl,--gc-sections
|
|
||||||
Enclave1_Link_Flags := $(Common_Enclave_Link_Flags) -Wl,--version-script=$(Enclave1_Version_Script)
|
|
||||||
Enclave2_Link_Flags := $(Common_Enclave_Link_Flags) -Wl,--version-script=$(Enclave2_Version_Script)
|
|
||||||
Enclave3_Link_Flags := $(Common_Enclave_Link_Flags) -Wl,--version-script=$(Enclave3_Version_Script)
|
|
||||||
|
|
||||||
Enclave_Cpp_Objects_1 := $(Enclave_Cpp_Files_1:.cpp=.o)
|
|
||||||
Enclave_Cpp_Objects_2 := $(Enclave_Cpp_Files_2:.cpp=.o)
|
|
||||||
Enclave_Cpp_Objects_3 := $(Enclave_Cpp_Files_3:.cpp=.o)
|
|
||||||
|
|
||||||
Enclave_Name_1 := libenclave1.so
|
|
||||||
Enclave_Name_2 := libenclave2.so
|
|
||||||
Enclave_Name_3 := libenclave3.so
|
|
||||||
|
|
||||||
ifeq ($(SGX_MODE), HW)
|
|
||||||
ifeq ($(SGX_DEBUG), 1)
|
|
||||||
Build_Mode = HW_DEBUG
|
|
||||||
else ifeq ($(SGX_PRERELEASE), 1)
|
|
||||||
Build_Mode = HW_PRERELEASE
|
|
||||||
else
|
|
||||||
Build_Mode = HW_RELEASE
|
|
||||||
endif
|
|
||||||
else
|
|
||||||
ifeq ($(SGX_DEBUG), 1)
|
|
||||||
Build_Mode = SIM_DEBUG
|
|
||||||
else ifeq ($(SGX_PRERELEASE), 1)
|
|
||||||
Build_Mode = SIM_PRERELEASE
|
|
||||||
else
|
|
||||||
Build_Mode = SIM_RELEASE
|
|
||||||
endif
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifeq ($(Build_Mode), HW_RELEASE)
|
|
||||||
all: .config_$(Build_Mode)_$(SGX_ARCH) $(Trust_Lib_Name) $(UnTrustLib_Name) Enclave1.so Enclave2.so Enclave3.so $(App_Name)
|
|
||||||
@echo "The project has been built in release hardware mode."
|
|
||||||
@echo "Please sign the enclaves (Enclave1.so, Enclave2.so, Enclave3.so) first with your signing keys before you run the $(App_Name) to launch and access the enclave."
|
|
||||||
@echo "To sign the enclaves use the following commands:"
|
|
||||||
@echo " $(SGX_ENCLAVE_SIGNER) sign -key <key1> -enclave Enclave1.so -out <$(Enclave_Name_1)> -config Enclave1/Enclave1.config.xml"
|
|
||||||
@echo " $(SGX_ENCLAVE_SIGNER) sign -key <key2> -enclave Enclave2.so -out <$(Enclave_Name_2)> -config Enclave2/Enclave2.config.xml"
|
|
||||||
@echo " $(SGX_ENCLAVE_SIGNER) sign -key <key3> -enclave Enclave3.so -out <$(Enclave_Name_3)> -config Enclave3/Enclave3.config.xml"
|
|
||||||
@echo "You can also sign the enclaves using an external signing tool."
|
|
||||||
@echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW."
|
|
||||||
else
|
|
||||||
all: .config_$(Build_Mode)_$(SGX_ARCH) $(Trust_Lib_Name) $(UnTrustLib_Name) $(Enclave_Name_1) $(Enclave_Name_2) $(Enclave_Name_3) $(App_Name)
|
|
||||||
ifeq ($(Build_Mode), HW_DEBUG)
|
|
||||||
@echo "The project has been built in debug hardware mode."
|
|
||||||
else ifeq ($(Build_Mode), SIM_DEBUG)
|
|
||||||
@echo "The project has been built in debug simulation mode."
|
|
||||||
else ifeq ($(Build_Mode), HW_PRERELEASE)
|
|
||||||
@echo "The project has been built in pre-release hardware mode."
|
|
||||||
else ifeq ($(Build_Mode), SIM_PRERELEASE)
|
|
||||||
@echo "The project has been built in pre-release simulation mode."
|
|
||||||
else
|
|
||||||
@echo "The project has been built in release simulation mode."
|
|
||||||
endif
|
|
||||||
endif
|
|
||||||
|
|
||||||
.config_$(Build_Mode)_$(SGX_ARCH):
|
|
||||||
@rm -rf .config_* $(App_Name) *.so *.a App/*.o Enclave1/*.o Enclave1/*_t.* Enclave1/*_u.* Enclave2/*.o Enclave2/*_t.* Enclave2/*_u.* Enclave3/*.o Enclave3/*_t.* Enclave3/*_u.* LocalAttestationCode/*.o Untrusted_LocalAttestation/*.o LocalAttestationCode/*_t.*
|
|
||||||
@touch .config_$(Build_Mode)_$(SGX_ARCH)
|
|
||||||
|
|
||||||
######## Library Objects ########
|
|
||||||
|
|
||||||
LocalAttestationCode/LocalAttestationCode_t.c LocalAttestationCode/LocalAttestationCode_t.h : $(SGX_EDGER8R) LocalAttestationCode/LocalAttestationCode.edl
|
|
||||||
@cd LocalAttestationCode && $(SGX_EDGER8R) --trusted ../LocalAttestationCode/LocalAttestationCode.edl --search-path $(SGX_SDK)/include
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
LocalAttestationCode/LocalAttestationCode_t.o: LocalAttestationCode/LocalAttestationCode_t.c
|
|
||||||
@$(CC) $(TrustLib_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
LocalAttestationCode/%.o: LocalAttestationCode/%.cpp LocalAttestationCode/LocalAttestationCode_t.h
|
|
||||||
@$(CXX) $(TrustLib_Compile_Flags) $(TrustLib_Compile_Cxx_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
$(Trust_Lib_Name): LocalAttestationCode/LocalAttestationCode_t.o $(TrustLib_Cpp_Objects)
|
|
||||||
@$(AR) rcs $@ $^
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
Untrusted_LocalAttestation/%.o: Untrusted_LocalAttestation/%.cpp
|
|
||||||
@$(CXX) $(UnTrustLib_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
$(UnTrustLib_Name): $(UnTrustLib_Cpp_Objects)
|
|
||||||
@$(AR) rcs $@ $^
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
######## App Objects ########
|
|
||||||
Enclave1/Enclave1_u.c Enclave1/Enclave1_u.h: $(SGX_EDGER8R) Enclave1/Enclave1.edl
|
|
||||||
@cd Enclave1 && $(SGX_EDGER8R) --use-prefix --untrusted ../Enclave1/Enclave1.edl --search-path $(SGX_SDK)/include
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
App/Enclave1_u.o: Enclave1/Enclave1_u.c
|
|
||||||
@$(CC) $(App_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
Enclave2/Enclave2_u.c Enclave2/Enclave2_u.h: $(SGX_EDGER8R) Enclave2/Enclave2.edl
|
|
||||||
@cd Enclave2 && $(SGX_EDGER8R) --use-prefix --untrusted ../Enclave2/Enclave2.edl --search-path $(SGX_SDK)/include
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
App/Enclave2_u.o: Enclave2/Enclave2_u.c
|
|
||||||
@$(CC) $(App_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
Enclave3/Enclave3_u.c Enclave3/Enclave3_u.h: $(SGX_EDGER8R) Enclave3/Enclave3.edl
|
|
||||||
@cd Enclave3 && $(SGX_EDGER8R) --use-prefix --untrusted ../Enclave3/Enclave3.edl --search-path $(SGX_SDK)/include
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
App/Enclave3_u.o: Enclave3/Enclave3_u.c
|
|
||||||
@$(CC) $(App_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
App/%.o: App/%.cpp Enclave1/Enclave1_u.h Enclave2/Enclave2_u.h Enclave3/Enclave3_u.h
|
|
||||||
@$(CXX) $(App_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CXX <= $<"
|
|
||||||
|
|
||||||
$(App_Name): App/Enclave1_u.o App/Enclave2_u.o App/Enclave3_u.o $(App_Cpp_Objects) $(UnTrustLib_Name)
|
|
||||||
@$(CXX) $^ -o $@ $(App_Link_Flags)
|
|
||||||
@echo "LINK => $@"
|
|
||||||
|
|
||||||
|
|
||||||
######## Enclave Objects ########
|
|
||||||
|
|
||||||
Enclave1/Enclave1_t.c Enclave1/Enclave1_t.h: $(SGX_EDGER8R) Enclave1/Enclave1.edl
|
|
||||||
@cd Enclave1 && $(SGX_EDGER8R) --use-prefix --trusted ../Enclave1/Enclave1.edl --search-path $(SGX_SDK)/include
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
Enclave1/Enclave1_t.o: Enclave1/Enclave1_t.c
|
|
||||||
@$(CC) $(Enclave_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
Enclave1/%.o: Enclave1/%.cpp Enclave1/Enclave1_t.h
|
|
||||||
@$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CXX <= $<"
|
|
||||||
|
|
||||||
Enclave1.so: Enclave1/Enclave1_t.o $(Enclave_Cpp_Objects_1) $(Trust_Lib_Name)
|
|
||||||
@$(CXX) Enclave1/Enclave1_t.o $(Enclave_Cpp_Objects_1) -o $@ $(Enclave1_Link_Flags)
|
|
||||||
@echo "LINK => $@"
|
|
||||||
|
|
||||||
$(Enclave_Name_1): Enclave1.so
|
|
||||||
@$(SGX_ENCLAVE_SIGNER) sign -key Enclave1/Enclave1_private.pem -enclave Enclave1.so -out $@ -config Enclave1/Enclave1.config.xml
|
|
||||||
@echo "SIGN => $@"
|
|
||||||
|
|
||||||
Enclave2/Enclave2_t.c: $(SGX_EDGER8R) Enclave2/Enclave2.edl
|
|
||||||
@cd Enclave2 && $(SGX_EDGER8R) --use-prefix --trusted ../Enclave2/Enclave2.edl --search-path $(SGX_SDK)/include
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
Enclave2/Enclave2_t.o: Enclave2/Enclave2_t.c
|
|
||||||
@$(CC) $(Enclave_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
Enclave2/%.o: Enclave2/%.cpp
|
|
||||||
@$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CXX <= $<"
|
|
||||||
|
|
||||||
Enclave2.so: Enclave2/Enclave2_t.o $(Enclave_Cpp_Objects_2) $(Trust_Lib_Name)
|
|
||||||
@$(CXX) Enclave2/Enclave2_t.o $(Enclave_Cpp_Objects_2) -o $@ $(Enclave2_Link_Flags)
|
|
||||||
@echo "LINK => $@"
|
|
||||||
|
|
||||||
$(Enclave_Name_2): Enclave2.so
|
|
||||||
@$(SGX_ENCLAVE_SIGNER) sign -key Enclave2/Enclave2_private.pem -enclave Enclave2.so -out $@ -config Enclave2/Enclave2.config.xml
|
|
||||||
@echo "SIGN => $@"
|
|
||||||
|
|
||||||
Enclave3/Enclave3_t.c: $(SGX_EDGER8R) Enclave3/Enclave3.edl
|
|
||||||
@cd Enclave3 && $(SGX_EDGER8R) --use-prefix --trusted ../Enclave3/Enclave3.edl --search-path $(SGX_SDK)/include
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
Enclave3/Enclave3_t.o: Enclave3/Enclave3_t.c
|
|
||||||
@$(CC) $(Enclave_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
Enclave3/%.o: Enclave3/%.cpp
|
|
||||||
@$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CXX <= $<"
|
|
||||||
|
|
||||||
Enclave3.so: Enclave3/Enclave3_t.o $(Enclave_Cpp_Objects_3) $(Trust_Lib_Name)
|
|
||||||
@$(CXX) Enclave3/Enclave3_t.o $(Enclave_Cpp_Objects_3) -o $@ $(Enclave3_Link_Flags)
|
|
||||||
@echo "LINK => $@"
|
|
||||||
|
|
||||||
$(Enclave_Name_3): Enclave3.so
|
|
||||||
@$(SGX_ENCLAVE_SIGNER) sign -key Enclave3/Enclave3_private.pem -enclave Enclave3.so -out $@ -config Enclave3/Enclave3.config.xml
|
|
||||||
@echo "SIGN => $@"
|
|
||||||
|
|
||||||
######## Clean ########
|
|
||||||
.PHONY: clean
|
|
||||||
|
|
||||||
clean:
|
|
||||||
@rm -rf .config_* $(App_Name) *.so *.a App/*.o Enclave1/*.o Enclave1/*_t.* Enclave1/*_u.* Enclave2/*.o Enclave2/*_t.* Enclave2/*_u.* Enclave3/*.o Enclave3/*_t.* Enclave3/*_u.* LocalAttestationCode/*.o Untrusted_LocalAttestation/*.o LocalAttestationCode/*_t.*
|
|
|
@ -1,29 +0,0 @@
|
||||||
---------------------------
|
|
||||||
Purpose of LocalAttestation
|
|
||||||
---------------------------
|
|
||||||
The project demonstrates:
|
|
||||||
- How to establish a protected channel
|
|
||||||
- Secret message exchange using enclave to enclave function calls
|
|
||||||
|
|
||||||
------------------------------------
|
|
||||||
How to Build/Execute the Sample Code
|
|
||||||
------------------------------------
|
|
||||||
1. Install Intel(R) Software Guard Extensions (Intel(R) SGX) SDK for Linux* OS
|
|
||||||
2. Make sure your environment is set:
|
|
||||||
$ source ${sgx-sdk-install-path}/environment
|
|
||||||
3. Build the project with the prepared Makefile:
|
|
||||||
a. Hardware Mode, Debug build:
|
|
||||||
$ make
|
|
||||||
b. Hardware Mode, Pre-release build:
|
|
||||||
$ make SGX_PRERELEASE=1 SGX_DEBUG=0
|
|
||||||
c. Hardware Mode, Release build:
|
|
||||||
$ make SGX_DEBUG=0
|
|
||||||
d. Simulation Mode, Debug build:
|
|
||||||
$ make SGX_MODE=SIM
|
|
||||||
e. Simulation Mode, Pre-release build:
|
|
||||||
$ make SGX_MODE=SIM SGX_PRERELEASE=1 SGX_DEBUG=0
|
|
||||||
f. Simulation Mode, Release build:
|
|
||||||
$ make SGX_MODE=SIM SGX_DEBUG=0
|
|
||||||
4. Execute the binary directly:
|
|
||||||
$ ./app
|
|
||||||
5. Remember to "make clean" before switching build mode
|
|
|
@ -1,194 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "error_codes.h"
|
|
||||||
#include "datatypes.h"
|
|
||||||
#include "sgx_urts.h"
|
|
||||||
#include "UntrustedEnclaveMessageExchange.h"
|
|
||||||
#include "sgx_dh.h"
|
|
||||||
#include <map>
|
|
||||||
#include <sys/ipc.h>
|
|
||||||
#include <sys/shm.h>
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <unistd.h>
|
|
||||||
|
|
||||||
std::map<sgx_enclave_id_t, uint32_t>g_enclave_id_map;
|
|
||||||
|
|
||||||
//Makes an sgx_ecall to the destination enclave to get session id and message1
|
|
||||||
ATTESTATION_STATUS session_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id)
|
|
||||||
{
|
|
||||||
uint32_t status = 0;
|
|
||||||
sgx_status_t ret = SGX_SUCCESS;
|
|
||||||
|
|
||||||
// wait for Enclave2 to fill msg1
|
|
||||||
printf("[OCALL IPC] Waiting for Enclave2 to generate SessionID and message1...\n");
|
|
||||||
sleep(5);
|
|
||||||
|
|
||||||
printf("[OCALL IPC] SessionID and message1 should be ready\n");
|
|
||||||
|
|
||||||
// for session id
|
|
||||||
printf("[OCALL IPC] Retriving SessionID from shared memory\n");
|
|
||||||
key_t key_session_id = ftok("../..", 3);
|
|
||||||
int shmid_session_id = shmget(key_session_id, sizeof(uint32_t), 0666|IPC_CREAT);
|
|
||||||
uint32_t* tmp_session_id = (uint32_t*)shmat(shmid_session_id, (void*)0, 0);
|
|
||||||
memcpy(session_id, tmp_session_id, sizeof(uint32_t));
|
|
||||||
shmdt(tmp_session_id);
|
|
||||||
|
|
||||||
// for msg1
|
|
||||||
printf("[OCALL IPC] Retriving message1 from shared memory\n");
|
|
||||||
key_t key_msg1 = ftok("../..", 2);
|
|
||||||
int shmid_msg1 = shmget(key_msg1, sizeof(sgx_dh_msg1_t), 0666|IPC_CREAT);
|
|
||||||
sgx_dh_msg1_t *tmp_msg1 = (sgx_dh_msg1_t*)shmat(shmid_msg1, (void*)0, 0);
|
|
||||||
memcpy(dh_msg1, tmp_msg1, sizeof(sgx_dh_msg1_t));
|
|
||||||
shmdt(tmp_msg1);
|
|
||||||
|
|
||||||
ret = SGX_SUCCESS;
|
|
||||||
|
|
||||||
if (ret == SGX_SUCCESS)
|
|
||||||
return SUCCESS;
|
|
||||||
else
|
|
||||||
return INVALID_SESSION;
|
|
||||||
|
|
||||||
}
|
|
||||||
//Makes an sgx_ecall to the destination enclave sends message2 from the source enclave and gets message 3 from the destination enclave
|
|
||||||
ATTESTATION_STATUS exchange_report_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t session_id)
|
|
||||||
{
|
|
||||||
uint32_t status = 0;
|
|
||||||
sgx_status_t ret = SGX_SUCCESS;
|
|
||||||
|
|
||||||
// for msg2 (filled by Enclave1)
|
|
||||||
printf("[OCALL IPC] Passing message2 to shared memory for Enclave2\n");
|
|
||||||
key_t key_msg2 = ftok("../..", 4);
|
|
||||||
int shmid_msg2 = shmget(key_msg2, sizeof(sgx_dh_msg2_t), 0666|IPC_CREAT);
|
|
||||||
sgx_dh_msg2_t *tmp_msg2 = (sgx_dh_msg2_t*)shmat(shmid_msg2, (void*)0, 0);
|
|
||||||
memcpy(tmp_msg2, dh_msg2, sizeof(sgx_dh_msg2_t));
|
|
||||||
shmdt(tmp_msg2);
|
|
||||||
|
|
||||||
// wait for Enclave2 to process msg2
|
|
||||||
printf("[OCALL IPC] Waiting for Enclave2 to process message2 and generate message3...\n");
|
|
||||||
sleep(5);
|
|
||||||
|
|
||||||
// retrieve msg3 (filled by Enclave2)
|
|
||||||
printf("[OCALL IPC] Message3 should be ready\n");
|
|
||||||
printf("[OCALL IPC] Retrieving message3 from shared memory\n");
|
|
||||||
key_t key_msg3 = ftok("../..", 5);
|
|
||||||
int shmid_msg3 = shmget(key_msg3, sizeof(sgx_dh_msg3_t), 0666|IPC_CREAT);
|
|
||||||
sgx_dh_msg3_t *tmp_msg3 = (sgx_dh_msg3_t*)shmat(shmid_msg3, (void*)0, 0);
|
|
||||||
memcpy(dh_msg3, tmp_msg3, sizeof(sgx_dh_msg3_t));
|
|
||||||
shmdt(tmp_msg3);
|
|
||||||
|
|
||||||
ret = SGX_SUCCESS;
|
|
||||||
if (ret == SGX_SUCCESS)
|
|
||||||
return SUCCESS;
|
|
||||||
else
|
|
||||||
return INVALID_SESSION;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
//Make an sgx_ecall to the destination enclave function that generates the actual response
|
|
||||||
ATTESTATION_STATUS send_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id,secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size)
|
|
||||||
{
|
|
||||||
uint32_t status = 0;
|
|
||||||
sgx_status_t ret = SGX_SUCCESS;
|
|
||||||
uint32_t temp_enclave_no;
|
|
||||||
|
|
||||||
std::map<sgx_enclave_id_t, uint32_t>::iterator it = g_enclave_id_map.find(dest_enclave_id);
|
|
||||||
if(it != g_enclave_id_map.end())
|
|
||||||
{
|
|
||||||
temp_enclave_no = it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
switch(temp_enclave_no)
|
|
||||||
{
|
|
||||||
case 1:
|
|
||||||
ret = Enclave1_generate_response(dest_enclave_id, &status, src_enclave_id, req_message, req_message_size, max_payload_size, resp_message, resp_message_size);
|
|
||||||
break;
|
|
||||||
case 2:
|
|
||||||
ret = Enclave2_generate_response(dest_enclave_id, &status, src_enclave_id, req_message, req_message_size, max_payload_size, resp_message, resp_message_size);
|
|
||||||
break;
|
|
||||||
case 3:
|
|
||||||
ret = Enclave3_generate_response(dest_enclave_id, &status, src_enclave_id, req_message, req_message_size, max_payload_size, resp_message, resp_message_size);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
if (ret == SGX_SUCCESS)
|
|
||||||
return (ATTESTATION_STATUS)status;
|
|
||||||
else
|
|
||||||
return INVALID_SESSION;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
//Make an sgx_ecall to the destination enclave to close the session
|
|
||||||
ATTESTATION_STATUS end_session_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
uint32_t status = 0;
|
|
||||||
sgx_status_t ret = SGX_SUCCESS;
|
|
||||||
uint32_t temp_enclave_no;
|
|
||||||
|
|
||||||
std::map<sgx_enclave_id_t, uint32_t>::iterator it = g_enclave_id_map.find(dest_enclave_id);
|
|
||||||
if(it != g_enclave_id_map.end())
|
|
||||||
{
|
|
||||||
temp_enclave_no = it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
switch(temp_enclave_no)
|
|
||||||
{
|
|
||||||
case 1:
|
|
||||||
ret = Enclave1_end_session(dest_enclave_id, &status, src_enclave_id);
|
|
||||||
break;
|
|
||||||
case 2:
|
|
||||||
ret = Enclave2_end_session(dest_enclave_id, &status, src_enclave_id);
|
|
||||||
break;
|
|
||||||
case 3:
|
|
||||||
ret = Enclave3_end_session(dest_enclave_id, &status, src_enclave_id);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
if (ret == SGX_SUCCESS)
|
|
||||||
return (ATTESTATION_STATUS)status;
|
|
||||||
else
|
|
||||||
return INVALID_SESSION;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
void ocall_print_string(const char *str)
|
|
||||||
{
|
|
||||||
printf("%s", str);
|
|
||||||
}
|
|
|
@ -1,74 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "error_codes.h"
|
|
||||||
#include "datatypes.h"
|
|
||||||
#include "sgx_urts.h"
|
|
||||||
#include "dh_session_protocol.h"
|
|
||||||
#include "sgx_dh.h"
|
|
||||||
#include <cstddef>
|
|
||||||
|
|
||||||
|
|
||||||
#ifndef ULOCALATTESTATION_H_
|
|
||||||
#define ULOCALATTESTATION_H_
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
extern "C" {
|
|
||||||
#endif
|
|
||||||
|
|
||||||
sgx_status_t Enclave1_session_request(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id);
|
|
||||||
sgx_status_t Enclave1_exchange_report(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id);
|
|
||||||
sgx_status_t Enclave1_generate_response(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size);
|
|
||||||
sgx_status_t Enclave1_end_session(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id);
|
|
||||||
|
|
||||||
sgx_status_t Enclave2_session_request(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id);
|
|
||||||
sgx_status_t Enclave2_exchange_report(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id);
|
|
||||||
sgx_status_t Enclave2_generate_response(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size);
|
|
||||||
sgx_status_t Enclave2_end_session(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id);
|
|
||||||
|
|
||||||
sgx_status_t Enclave3_session_request(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id);
|
|
||||||
sgx_status_t Enclave3_exchange_report(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id);
|
|
||||||
sgx_status_t Enclave3_generate_response(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size);
|
|
||||||
sgx_status_t Enclave3_end_session(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id);
|
|
||||||
|
|
||||||
uint32_t session_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id);
|
|
||||||
uint32_t exchange_report_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id);
|
|
||||||
uint32_t send_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size);
|
|
||||||
uint32_t end_session_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
void ocall_print_string(const char *str);
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#endif
|
|
|
@ -1,216 +0,0 @@
|
||||||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
|
||||||
<?fileVersion 4.0.0?><cproject storage_type_id="org.eclipse.cdt.core.XmlProjectDescriptionStorage">
|
|
||||||
<storageModule moduleId="org.eclipse.cdt.core.settings">
|
|
||||||
<cconfiguration id="com.intel.sgx.configuration.Sim.Debug">
|
|
||||||
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.Sim.Debug" moduleId="org.eclipse.cdt.core.settings" name="Intel(R) SGX Simulation Debug">
|
|
||||||
<externalSettings/>
|
|
||||||
<extensions>
|
|
||||||
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
</extensions>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
|
|
||||||
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.Sim.Debug" name="Intel(R) SGX Simulation Debug" parent="com.intel.sgx.configuration.Sim.Debug">
|
|
||||||
<folderInfo id="com.intel.sgx.configuration.Sim.Debug.935873960" name="/" resourcePath="">
|
|
||||||
<toolChain id="com.intel.sgx.toolChain.Sim.Debug.2132595457" name="Intel(R) SGX" superClass="com.intel.sgx.toolChain.Sim.Debug">
|
|
||||||
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.1678491512" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
|
|
||||||
<builder arguments="SGX_DEBUG=1 SGX_MODE=SIM -f Makefile" command="make" id="com.intel.sgx.builder2.229166714" keepEnvironmentInBuildfile="false" name="Intel(R) Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder2"/>
|
|
||||||
<tool id="com.intel.sgx.compiler.81269967" name="Intel(R) SGX" superClass="com.intel.sgx.compiler">
|
|
||||||
<option id="com.intel.sgx.option.includePath.1694375039" superClass="com.intel.sgx.option.includePath" valueType="includePath">
|
|
||||||
<listOptionValue builtIn="false" value=""${SGX_SDK}/include""/>
|
|
||||||
</option>
|
|
||||||
<inputType id="com.intel.sgx.inputType.742388855" superClass="com.intel.sgx.inputType"/>
|
|
||||||
</tool>
|
|
||||||
</toolChain>
|
|
||||||
</folderInfo>
|
|
||||||
</configuration>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
|
|
||||||
</cconfiguration>
|
|
||||||
<cconfiguration id="com.intel.sgx.configuration.Sim.Release">
|
|
||||||
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.Sim.Release" moduleId="org.eclipse.cdt.core.settings" name="Intel(R) SGX Simulation">
|
|
||||||
<externalSettings/>
|
|
||||||
<extensions>
|
|
||||||
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
</extensions>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
|
|
||||||
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.Sim.Release" name="Intel(R) SGX Simulation" parent="com.intel.sgx.configuration.Sim.Release">
|
|
||||||
<folderInfo id="com.intel.sgx.configuration.Sim.Release.428839196" name="/" resourcePath="">
|
|
||||||
<toolChain id="com.intel.sgx.toolChain.Sim.Release.709775329" name="Intel(R) SGX" superClass="com.intel.sgx.toolChain.Sim.Release">
|
|
||||||
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.1866379479" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
|
|
||||||
<builder arguments="SGX_DEBUG=0 SGX_MODE=SIM -f Makefile" command="make" id="com.intel.sgx.builder3.1000705250" keepEnvironmentInBuildfile="false" name="Intel(R) Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder3"/>
|
|
||||||
<tool id="com.intel.sgx.compiler.301453474" name="Intel(R) SGX" superClass="com.intel.sgx.compiler">
|
|
||||||
<option id="com.intel.sgx.option.includePath.1312096753" superClass="com.intel.sgx.option.includePath" valueType="includePath">
|
|
||||||
<listOptionValue builtIn="false" value=""${SGX_SDK}/include""/>
|
|
||||||
</option>
|
|
||||||
<inputType id="com.intel.sgx.inputType.596141238" superClass="com.intel.sgx.inputType"/>
|
|
||||||
</tool>
|
|
||||||
</toolChain>
|
|
||||||
</folderInfo>
|
|
||||||
</configuration>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
|
|
||||||
</cconfiguration>
|
|
||||||
<cconfiguration id="com.intel.sgx.configuration.HW.Debug">
|
|
||||||
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.HW.Debug" moduleId="org.eclipse.cdt.core.settings" name="Intel(R) SGX Hardware Debug">
|
|
||||||
<externalSettings/>
|
|
||||||
<extensions>
|
|
||||||
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
</extensions>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
|
|
||||||
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.HW.Debug" name="Intel(R) SGX Hardware Debug" parent="com.intel.sgx.configuration.HW.Debug">
|
|
||||||
<folderInfo id="com.intel.sgx.configuration.HW.Debug.562917509" name="/" resourcePath="">
|
|
||||||
<toolChain id="com.intel.sgx.toolChain.HW.Debug.2046051538" name="Intel(R) SGX" superClass="com.intel.sgx.toolChain.HW.Debug">
|
|
||||||
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.999277922" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
|
|
||||||
<builder arguments="SGX_DEBUG=1 SGX_MODE=HW -f Makefile" command="make" id="com.intel.sgx.builder1.577701014" keepEnvironmentInBuildfile="false" name="Intel(R) Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder1"/>
|
|
||||||
<tool id="com.intel.sgx.compiler.1898704176" name="Intel(R) SGX" superClass="com.intel.sgx.compiler">
|
|
||||||
<option id="com.intel.sgx.option.includePath.1026657138" superClass="com.intel.sgx.option.includePath" valueType="includePath">
|
|
||||||
<listOptionValue builtIn="false" value=""${SGX_SDK}/include""/>
|
|
||||||
</option>
|
|
||||||
<inputType id="com.intel.sgx.inputType.393162412" superClass="com.intel.sgx.inputType"/>
|
|
||||||
</tool>
|
|
||||||
</toolChain>
|
|
||||||
</folderInfo>
|
|
||||||
</configuration>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
|
|
||||||
</cconfiguration>
|
|
||||||
<cconfiguration id="com.intel.sgx.configuration.HW.Prerelease">
|
|
||||||
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.HW.Prerelease" moduleId="org.eclipse.cdt.core.settings" name="Intel(R) SGX Hardware Prerelease">
|
|
||||||
<externalSettings/>
|
|
||||||
<extensions>
|
|
||||||
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
</extensions>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
|
|
||||||
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.HW.Prerelease" name="Intel(R) SGX Hardware Prerelease" parent="com.intel.sgx.configuration.HW.Prerelease">
|
|
||||||
<folderInfo id="com.intel.sgx.configuration.HW.Prerelease.2074448686" name="/" resourcePath="">
|
|
||||||
<toolChain id="com.intel.sgx.toolChain.HW.Prerelease.2016152654" name="Intel(R) SGX" superClass="com.intel.sgx.toolChain.HW.Prerelease">
|
|
||||||
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.1520324017" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
|
|
||||||
<builder arguments="SGX_PRERELEASE=1 SGX_MODE=HW -f Makefile" command="make" id="com.intel.sgx.builder5.293910513" keepEnvironmentInBuildfile="false" name="Intel(R) Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder5"/>
|
|
||||||
<tool id="com.intel.sgx.compiler.845441552" name="Intel(R) SGX" superClass="com.intel.sgx.compiler">
|
|
||||||
<option id="com.intel.sgx.option.includePath.199398937" superClass="com.intel.sgx.option.includePath" valueType="includePath">
|
|
||||||
<listOptionValue builtIn="false" value=""${SGX_SDK}/include""/>
|
|
||||||
</option>
|
|
||||||
<inputType id="com.intel.sgx.inputType.1555926498" superClass="com.intel.sgx.inputType"/>
|
|
||||||
</tool>
|
|
||||||
</toolChain>
|
|
||||||
</folderInfo>
|
|
||||||
</configuration>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
|
|
||||||
</cconfiguration>
|
|
||||||
<cconfiguration id="com.intel.sgx.configuration.HW.Release">
|
|
||||||
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.HW.Release" moduleId="org.eclipse.cdt.core.settings" name="Intel(R) SGX Hardware Release">
|
|
||||||
<externalSettings/>
|
|
||||||
<extensions>
|
|
||||||
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
|
|
||||||
</extensions>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
|
|
||||||
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.HW.Release" name="Intel(R) SGX Hardware Release" parent="com.intel.sgx.configuration.HW.Release">
|
|
||||||
<folderInfo id="com.intel.sgx.configuration.HW.Release.1347223665" name="/" resourcePath="">
|
|
||||||
<toolChain id="com.intel.sgx.toolChain.HW.Release.1050674831" name="Intel(R) SGX" superClass="com.intel.sgx.toolChain.HW.Release">
|
|
||||||
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.987781695" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
|
|
||||||
<builder arguments="SGX_DEBUG=0 SGX_MODE=HW -f Makefile" command="make" id="com.intel.sgx.builder6.484951388" keepEnvironmentInBuildfile="false" name="Intel(R) Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder6"/>
|
|
||||||
<tool id="com.intel.sgx.compiler.945246695" name="Intel(R) SGX" superClass="com.intel.sgx.compiler">
|
|
||||||
<option id="com.intel.sgx.option.includePath.119487102" superClass="com.intel.sgx.option.includePath" valueType="includePath">
|
|
||||||
<listOptionValue builtIn="false" value=""${SGX_SDK}/include""/>
|
|
||||||
</option>
|
|
||||||
<inputType id="com.intel.sgx.inputType.593431891" superClass="com.intel.sgx.inputType"/>
|
|
||||||
</tool>
|
|
||||||
</toolChain>
|
|
||||||
</folderInfo>
|
|
||||||
</configuration>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
|
|
||||||
</cconfiguration>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
|
|
||||||
<project id="LocalAttestation.cdt.managedbuild.target.gnu.exe.872917958" name="Executable" projectType="cdt.managedbuild.target.gnu.exe"/>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="org.eclipse.cdt.core.LanguageSettingsProviders"/>
|
|
||||||
<storageModule moduleId="refreshScope" versionNumber="2">
|
|
||||||
<configuration configurationName="Intel(R) SGX Hardware Debug">
|
|
||||||
<resource resourceType="PROJECT" workspacePath="/LocalAttestation"/>
|
|
||||||
</configuration>
|
|
||||||
<configuration configurationName="Intel(R) SGX Simulation Debug">
|
|
||||||
<resource resourceType="PROJECT" workspacePath="/LocalAttestation"/>
|
|
||||||
</configuration>
|
|
||||||
<configuration configurationName="Intel(R) SGX Hardware Prerelease">
|
|
||||||
<resource resourceType="PROJECT" workspacePath="/LocalAttestation"/>
|
|
||||||
</configuration>
|
|
||||||
<configuration configurationName="Intel(R) SGX Simulation">
|
|
||||||
<resource resourceType="PROJECT" workspacePath="/LocalAttestation"/>
|
|
||||||
</configuration>
|
|
||||||
<configuration configurationName="Intel(R) SGX Hardware Release">
|
|
||||||
<resource resourceType="PROJECT" workspacePath="/LocalAttestation"/>
|
|
||||||
</configuration>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="scannerConfiguration">
|
|
||||||
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
|
|
||||||
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.HW.Release;com.intel.sgx.configuration.HW.Release.1347223665;com.intel.sgx.compiler.945246695;com.intel.sgx.inputType.593431891">
|
|
||||||
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
|
|
||||||
</scannerConfigBuildInfo>
|
|
||||||
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.Sim.Debug;com.intel.sgx.configuration.Sim.Debug.935873960;com.intel.sgx.compiler.81269967;com.intel.sgx.inputType.742388855">
|
|
||||||
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
|
|
||||||
</scannerConfigBuildInfo>
|
|
||||||
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.Sim.Release;com.intel.sgx.configuration.Sim.Release.428839196;com.intel.sgx.compiler.301453474;com.intel.sgx.inputType.596141238">
|
|
||||||
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
|
|
||||||
</scannerConfigBuildInfo>
|
|
||||||
<scannerConfigBuildInfo instanceId="cdt.managedbuild.config.gnu.exe.debug.1609650460;cdt.managedbuild.config.gnu.exe.debug.1609650460.;cdt.managedbuild.tool.gnu.c.compiler.exe.debug.1644119147;cdt.managedbuild.tool.gnu.c.compiler.input.938348551">
|
|
||||||
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
|
|
||||||
</scannerConfigBuildInfo>
|
|
||||||
<scannerConfigBuildInfo instanceId="cdt.managedbuild.config.gnu.exe.release.1394873887;cdt.managedbuild.config.gnu.exe.release.1394873887.;cdt.managedbuild.tool.gnu.c.compiler.exe.release.2035356548;cdt.managedbuild.tool.gnu.c.compiler.input.793813290">
|
|
||||||
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
|
|
||||||
</scannerConfigBuildInfo>
|
|
||||||
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.HW.Debug;com.intel.sgx.configuration.HW.Debug.562917509;com.intel.sgx.compiler.1898704176;com.intel.sgx.inputType.393162412">
|
|
||||||
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
|
|
||||||
</scannerConfigBuildInfo>
|
|
||||||
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.HW.Prerelease;com.intel.sgx.configuration.HW.Prerelease.2074448686;com.intel.sgx.compiler.845441552;com.intel.sgx.inputType.1555926498">
|
|
||||||
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
|
|
||||||
</scannerConfigBuildInfo>
|
|
||||||
</storageModule>
|
|
||||||
<storageModule moduleId="org.eclipse.cdt.internal.ui.text.commentOwnerProjectMappings"/>
|
|
||||||
</cproject>
|
|
|
@ -1,28 +0,0 @@
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
|
||||||
<projectDescription>
|
|
||||||
<name>LocalAttestation</name>
|
|
||||||
<comment></comment>
|
|
||||||
<projects>
|
|
||||||
</projects>
|
|
||||||
<buildSpec>
|
|
||||||
<buildCommand>
|
|
||||||
<name>org.eclipse.cdt.managedbuilder.core.genmakebuilder</name>
|
|
||||||
<triggers>clean,full,incremental,</triggers>
|
|
||||||
<arguments>
|
|
||||||
</arguments>
|
|
||||||
</buildCommand>
|
|
||||||
<buildCommand>
|
|
||||||
<name>org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder</name>
|
|
||||||
<triggers>full,incremental,</triggers>
|
|
||||||
<arguments>
|
|
||||||
</arguments>
|
|
||||||
</buildCommand>
|
|
||||||
</buildSpec>
|
|
||||||
<natures>
|
|
||||||
<nature>org.eclipse.cdt.core.cnature</nature>
|
|
||||||
<nature>org.eclipse.cdt.managedbuilder.core.managedBuildNature</nature>
|
|
||||||
<nature>org.eclipse.cdt.managedbuilder.core.ScannerConfigNature</nature>
|
|
||||||
<nature>org.eclipse.cdt.core.ccnature</nature>
|
|
||||||
<nature>com.intel.sgx.sgxnature</nature>
|
|
||||||
</natures>
|
|
||||||
</projectDescription>
|
|
|
@ -1,73 +0,0 @@
|
||||||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
|
||||||
<project>
|
|
||||||
<configuration id="com.intel.sgx.configuration.Sim.Debug" name="Intel(R) SGX Simulation Debug">
|
|
||||||
<extension point="org.eclipse.cdt.core.LanguageSettingsProvider">
|
|
||||||
<provider class="org.eclipse.cdt.core.language.settings.providers.LanguageSettingsGenericProvider" id="org.eclipse.cdt.ui.UserLanguageSettingsProvider" name="CDT User Setting Entries" prefer-non-shared="true" store-entries-with-project="true">
|
|
||||||
<resource project-relative-path="">
|
|
||||||
<entry kind="includePath" name="${SGX_SDK}/include">
|
|
||||||
<flag value="LOCAL"/>
|
|
||||||
</entry>
|
|
||||||
</resource>
|
|
||||||
</provider>
|
|
||||||
<provider-reference id="org.eclipse.cdt.core.ReferencedProjectsLanguageSettingsProvider" ref="shared-provider"/>
|
|
||||||
<provider-reference id="org.eclipse.cdt.managedbuilder.core.MBSLanguageSettingsProvider" ref="shared-provider"/>
|
|
||||||
<provider-reference id="org.eclipse.cdt.managedbuilder.core.GCCBuiltinSpecsDetector" ref="shared-provider"/>
|
|
||||||
</extension>
|
|
||||||
</configuration>
|
|
||||||
<configuration id="com.intel.sgx.configuration.Sim.Release" name="Intel(R) SGX Simulation">
|
|
||||||
<extension point="org.eclipse.cdt.core.LanguageSettingsProvider">
|
|
||||||
<provider class="org.eclipse.cdt.core.language.settings.providers.LanguageSettingsGenericProvider" id="org.eclipse.cdt.ui.UserLanguageSettingsProvider" name="CDT User Setting Entries" prefer-non-shared="true" store-entries-with-project="true">
|
|
||||||
<resource project-relative-path="">
|
|
||||||
<entry kind="includePath" name="${SGX_SDK}/include">
|
|
||||||
<flag value="LOCAL"/>
|
|
||||||
</entry>
|
|
||||||
</resource>
|
|
||||||
</provider>
|
|
||||||
<provider-reference id="org.eclipse.cdt.core.ReferencedProjectsLanguageSettingsProvider" ref="shared-provider"/>
|
|
||||||
<provider-reference id="org.eclipse.cdt.managedbuilder.core.MBSLanguageSettingsProvider" ref="shared-provider"/>
|
|
||||||
<provider-reference id="org.eclipse.cdt.managedbuilder.core.GCCBuiltinSpecsDetector" ref="shared-provider"/>
|
|
||||||
</extension>
|
|
||||||
</configuration>
|
|
||||||
<configuration id="com.intel.sgx.configuration.HW.Debug" name="Intel(R) SGX Hardware Debug">
|
|
||||||
<extension point="org.eclipse.cdt.core.LanguageSettingsProvider">
|
|
||||||
<provider class="org.eclipse.cdt.core.language.settings.providers.LanguageSettingsGenericProvider" id="org.eclipse.cdt.ui.UserLanguageSettingsProvider" name="CDT User Setting Entries" prefer-non-shared="true" store-entries-with-project="true">
|
|
||||||
<resource project-relative-path="">
|
|
||||||
<entry kind="includePath" name="${SGX_SDK}/include">
|
|
||||||
<flag value="LOCAL"/>
|
|
||||||
</entry>
|
|
||||||
</resource>
|
|
||||||
</provider>
|
|
||||||
<provider-reference id="org.eclipse.cdt.core.ReferencedProjectsLanguageSettingsProvider" ref="shared-provider"/>
|
|
||||||
<provider-reference id="org.eclipse.cdt.managedbuilder.core.MBSLanguageSettingsProvider" ref="shared-provider"/>
|
|
||||||
<provider-reference id="org.eclipse.cdt.managedbuilder.core.GCCBuiltinSpecsDetector" ref="shared-provider"/>
|
|
||||||
</extension>
|
|
||||||
</configuration>
|
|
||||||
<configuration id="com.intel.sgx.configuration.HW.Prerelease" name="Intel(R) SGX Hardware Prerelease">
|
|
||||||
<extension point="org.eclipse.cdt.core.LanguageSettingsProvider">
|
|
||||||
<provider class="org.eclipse.cdt.core.language.settings.providers.LanguageSettingsGenericProvider" id="org.eclipse.cdt.ui.UserLanguageSettingsProvider" name="CDT User Setting Entries" prefer-non-shared="true" store-entries-with-project="true">
|
|
||||||
<resource project-relative-path="">
|
|
||||||
<entry kind="includePath" name="${SGX_SDK}/include">
|
|
||||||
<flag value="LOCAL"/>
|
|
||||||
</entry>
|
|
||||||
</resource>
|
|
||||||
</provider>
|
|
||||||
<provider-reference id="org.eclipse.cdt.core.ReferencedProjectsLanguageSettingsProvider" ref="shared-provider"/>
|
|
||||||
<provider-reference id="org.eclipse.cdt.managedbuilder.core.MBSLanguageSettingsProvider" ref="shared-provider"/>
|
|
||||||
<provider-reference id="org.eclipse.cdt.managedbuilder.core.GCCBuiltinSpecsDetector" ref="shared-provider"/>
|
|
||||||
</extension>
|
|
||||||
</configuration>
|
|
||||||
<configuration id="com.intel.sgx.configuration.HW.Release" name="Intel(R) SGX Hardware Release">
|
|
||||||
<extension point="org.eclipse.cdt.core.LanguageSettingsProvider">
|
|
||||||
<provider class="org.eclipse.cdt.core.language.settings.providers.LanguageSettingsGenericProvider" id="org.eclipse.cdt.ui.UserLanguageSettingsProvider" name="CDT User Setting Entries" prefer-non-shared="true" store-entries-with-project="true">
|
|
||||||
<resource project-relative-path="">
|
|
||||||
<entry kind="includePath" name="${SGX_SDK}/include">
|
|
||||||
<flag value="LOCAL"/>
|
|
||||||
</entry>
|
|
||||||
</resource>
|
|
||||||
</provider>
|
|
||||||
<provider-reference id="org.eclipse.cdt.core.ReferencedProjectsLanguageSettingsProvider" ref="shared-provider"/>
|
|
||||||
<provider-reference id="org.eclipse.cdt.managedbuilder.core.MBSLanguageSettingsProvider" ref="shared-provider"/>
|
|
||||||
<provider-reference id="org.eclipse.cdt.managedbuilder.core.GCCBuiltinSpecsDetector" ref="shared-provider"/>
|
|
||||||
</extension>
|
|
||||||
</configuration>
|
|
||||||
</project>
|
|
|
@ -1,151 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
// App.cpp : Defines the entry point for the console application.
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <map>
|
|
||||||
#include "../Enclave1/Enclave1_u.h"
|
|
||||||
#include "../Enclave2/Enclave2_u.h"
|
|
||||||
#include "../Enclave3/Enclave3_u.h"
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "sgx_urts.h"
|
|
||||||
#define __STDC_FORMAT_MACROS
|
|
||||||
#include <inttypes.h>
|
|
||||||
|
|
||||||
#include <sys/ipc.h>
|
|
||||||
#include <sys/shm.h>
|
|
||||||
#include <unistd.h>
|
|
||||||
|
|
||||||
#define UNUSED(val) (void)(val)
|
|
||||||
#define TCHAR char
|
|
||||||
#define _TCHAR char
|
|
||||||
#define _T(str) str
|
|
||||||
#define scanf_s scanf
|
|
||||||
#define _tmain main
|
|
||||||
|
|
||||||
extern std::map<sgx_enclave_id_t, uint32_t>g_enclave_id_map;
|
|
||||||
|
|
||||||
|
|
||||||
sgx_enclave_id_t e1_enclave_id = 0;
|
|
||||||
sgx_enclave_id_t e2_enclave_id = 0;
|
|
||||||
sgx_enclave_id_t e3_enclave_id = 0;
|
|
||||||
|
|
||||||
#define ENCLAVE1_PATH "libenclave1.so"
|
|
||||||
#define ENCLAVE2_PATH "libenclave2.so"
|
|
||||||
#define ENCLAVE3_PATH "libenclave3.so"
|
|
||||||
|
|
||||||
void waitForKeyPress()
|
|
||||||
{
|
|
||||||
char ch;
|
|
||||||
int temp;
|
|
||||||
printf("\n\nHit a key....\n");
|
|
||||||
temp = scanf_s("%c", &ch);
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t load_enclaves()
|
|
||||||
{
|
|
||||||
uint32_t enclave_temp_no;
|
|
||||||
int ret, launch_token_updated;
|
|
||||||
sgx_launch_token_t launch_token;
|
|
||||||
|
|
||||||
enclave_temp_no = 0;
|
|
||||||
|
|
||||||
ret = sgx_create_enclave(ENCLAVE1_PATH, SGX_DEBUG_FLAG, &launch_token, &launch_token_updated, &e1_enclave_id, NULL);
|
|
||||||
if (ret != SGX_SUCCESS) {
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
enclave_temp_no++;
|
|
||||||
g_enclave_id_map.insert(std::pair<sgx_enclave_id_t, uint32_t>(e1_enclave_id, enclave_temp_no));
|
|
||||||
|
|
||||||
return SGX_SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
int _tmain(int argc, _TCHAR* argv[])
|
|
||||||
{
|
|
||||||
uint32_t ret_status;
|
|
||||||
sgx_status_t status;
|
|
||||||
|
|
||||||
UNUSED(argc);
|
|
||||||
UNUSED(argv);
|
|
||||||
|
|
||||||
if(load_enclaves() != SGX_SUCCESS)
|
|
||||||
{
|
|
||||||
printf("\nLoad Enclave Failure");
|
|
||||||
}
|
|
||||||
|
|
||||||
//printf("\nAvailable Enclaves");
|
|
||||||
//printf("\nEnclave1 - EnclaveID %" PRIx64 "\n", e1_enclave_id);
|
|
||||||
|
|
||||||
// shared memory between Enlave1 and Enclave2 to pass data
|
|
||||||
key_t key = ftok("../..", 1);
|
|
||||||
int shmid = shmget(key, 1024, 0666 | IPC_CREAT);
|
|
||||||
char *str = (char*)shmat(shmid, (void*)0, 0);
|
|
||||||
|
|
||||||
printf("[TEST IPC] Receiving from Enclave1: %s", str);
|
|
||||||
|
|
||||||
shmdt(str);
|
|
||||||
shmctl(shmid, IPC_RMID, NULL);
|
|
||||||
|
|
||||||
do
|
|
||||||
{
|
|
||||||
printf("[START] Testing create session between Enclave1 (Initiator) and Enclave2 (Responder)\n");
|
|
||||||
status = Enclave1_test_create_session(e1_enclave_id, &ret_status, e1_enclave_id, 0);
|
|
||||||
if (status!=SGX_SUCCESS)
|
|
||||||
{
|
|
||||||
printf("[END] test_create_session Ecall failed: Error code is %x\n", status);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
if(ret_status==0)
|
|
||||||
{
|
|
||||||
printf("[END] Secure Channel Establishment between Initiator (E1) and Responder (E2) Enclaves successful !!!\n");
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
printf("[END] Session establishment and key exchange failure between Initiator (E1) and Responder (E2): Error code is %x\n", ret_status);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#pragma warning (push)
|
|
||||||
#pragma warning (disable : 4127)
|
|
||||||
}while(0);
|
|
||||||
#pragma warning (pop)
|
|
||||||
|
|
||||||
sgx_destroy_enclave(e1_enclave_id);
|
|
||||||
|
|
||||||
waitForKeyPress();
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
|
@ -1,12 +0,0 @@
|
||||||
<EnclaveConfiguration>
|
|
||||||
<ProdID>0</ProdID>
|
|
||||||
<ISVSVN>0</ISVSVN>
|
|
||||||
<StackMaxSize>0x40000</StackMaxSize>
|
|
||||||
<HeapMaxSize>0x100000</HeapMaxSize>
|
|
||||||
<TCSNum>1</TCSNum>
|
|
||||||
<TCSPolicy>1</TCSPolicy>
|
|
||||||
<!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
|
|
||||||
<DisableDebug>0</DisableDebug>
|
|
||||||
<MiscSelect>0</MiscSelect>
|
|
||||||
<MiscMask>0xFFFFFFFF</MiscMask>
|
|
||||||
</EnclaveConfiguration>
|
|
|
@ -1,367 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
// Enclave1.cpp : Defines the exported functions for the .so application
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "Enclave1_t.h"
|
|
||||||
#include "EnclaveMessageExchange.h"
|
|
||||||
#include "error_codes.h"
|
|
||||||
#include "Utility_E1.h"
|
|
||||||
#include "sgx_thread.h"
|
|
||||||
#include "sgx_dh.h"
|
|
||||||
#include <map>
|
|
||||||
|
|
||||||
#define UNUSED(val) (void)(val)
|
|
||||||
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>g_src_session_info_map;
|
|
||||||
|
|
||||||
static uint32_t e1_foo1_wrapper(ms_in_msg_exchange_t *ms, size_t param_lenth, char** resp_buffer, size_t* resp_length);
|
|
||||||
|
|
||||||
//Function pointer table containing the list of functions that the enclave exposes
|
|
||||||
const struct {
|
|
||||||
size_t num_funcs;
|
|
||||||
const void* table[1];
|
|
||||||
} func_table = {
|
|
||||||
1,
|
|
||||||
{
|
|
||||||
(const void*)e1_foo1_wrapper,
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
//Makes use of the sample code function to establish a secure channel with the destination enclave (Test Vector)
|
|
||||||
uint32_t test_create_session(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
dh_session_t dest_session_info;
|
|
||||||
|
|
||||||
//Core reference code function for creating a session
|
|
||||||
ke_status = create_session(src_enclave_id, dest_enclave_id, &dest_session_info);
|
|
||||||
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Makes use of the sample code function to do an enclave to enclave call (Test Vector)
|
|
||||||
uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
uint32_t var1,var2;
|
|
||||||
uint32_t target_fn_id, msg_type;
|
|
||||||
char* marshalled_inp_buff;
|
|
||||||
size_t marshalled_inp_buff_len;
|
|
||||||
char* out_buff;
|
|
||||||
size_t out_buff_len;
|
|
||||||
dh_session_t *dest_session_info;
|
|
||||||
size_t max_out_buff_size;
|
|
||||||
char* retval;
|
|
||||||
|
|
||||||
var1 = 0x4;
|
|
||||||
var2 = 0x5;
|
|
||||||
target_fn_id = 0;
|
|
||||||
msg_type = ENCLAVE_TO_ENCLAVE_CALL;
|
|
||||||
max_out_buff_size = 50;
|
|
||||||
|
|
||||||
//Marshals the input parameters for calling function foo1 in Enclave2 into a input buffer
|
|
||||||
ke_status = marshal_input_parameters_e2_foo1(target_fn_id, msg_type, var1, var2, &marshalled_inp_buff, &marshalled_inp_buff_len);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Search the map for the session information associated with the destination enclave id of Enclave2 passed in
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
|
|
||||||
if(it != g_src_session_info_map.end())
|
|
||||||
{
|
|
||||||
dest_session_info = &it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Core Reference Code function
|
|
||||||
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
|
|
||||||
marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
|
|
||||||
|
|
||||||
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Un-marshal the return value and output parameters from foo1 of Enclave 2
|
|
||||||
ke_status = unmarshal_retval_and_output_parameters_e2_foo1(out_buff, &retval);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
SAFE_FREE(retval);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Makes use of the sample code function to do a generic secret message exchange (Test Vector)
|
|
||||||
uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
uint32_t target_fn_id, msg_type;
|
|
||||||
char* marshalled_inp_buff;
|
|
||||||
size_t marshalled_inp_buff_len;
|
|
||||||
char* out_buff;
|
|
||||||
size_t out_buff_len;
|
|
||||||
dh_session_t *dest_session_info;
|
|
||||||
size_t max_out_buff_size;
|
|
||||||
char* secret_response;
|
|
||||||
uint32_t secret_data;
|
|
||||||
|
|
||||||
target_fn_id = 0;
|
|
||||||
msg_type = MESSAGE_EXCHANGE;
|
|
||||||
max_out_buff_size = 50;
|
|
||||||
secret_data = 0x12345678; //Secret Data here is shown only for purpose of demonstration.
|
|
||||||
|
|
||||||
//Marshals the secret data into a buffer
|
|
||||||
ke_status = marshal_message_exchange_request(target_fn_id, msg_type, secret_data, &marshalled_inp_buff, &marshalled_inp_buff_len);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
//Search the map for the session information associated with the destination enclave id passed in
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
|
|
||||||
if(it != g_src_session_info_map.end())
|
|
||||||
{
|
|
||||||
dest_session_info = &it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Core Reference Code function
|
|
||||||
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
|
|
||||||
marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Un-marshal the secret response data
|
|
||||||
ke_status = umarshal_message_exchange_response(out_buff, &secret_response);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
SAFE_FREE(secret_response);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
//Makes use of the sample code function to close a current session
|
|
||||||
uint32_t test_close_session(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
dh_session_t dest_session_info;
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
//Search the map for the session information associated with the destination enclave id passed in
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
|
|
||||||
if(it != g_src_session_info_map.end())
|
|
||||||
{
|
|
||||||
dest_session_info = it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Core reference code function for closing a session
|
|
||||||
ke_status = close_session(src_enclave_id, dest_enclave_id);
|
|
||||||
|
|
||||||
//Erase the session information associated with the destination enclave id
|
|
||||||
g_src_session_info_map.erase(dest_enclave_id);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Function that is used to verify the trust of the other enclave
|
|
||||||
//Each enclave can have its own way verifying the peer enclave identity
|
|
||||||
extern "C" uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity)
|
|
||||||
{
|
|
||||||
if(!peer_enclave_identity)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
if(peer_enclave_identity->isv_prod_id != 0 || !(peer_enclave_identity->attributes.flags & SGX_FLAGS_INITTED))
|
|
||||||
// || peer_enclave_identity->attributes.xfrm !=3)// || peer_enclave_identity->mr_signer != xx //TODO: To be hardcoded with values to check
|
|
||||||
{
|
|
||||||
return ENCLAVE_TRUST_ERROR;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
//Dispatcher function that calls the approriate enclave function based on the function id
|
|
||||||
//Each enclave can have its own way of dispatching the calls from other enclave
|
|
||||||
extern "C" uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data,
|
|
||||||
size_t decrypted_data_length,
|
|
||||||
char** resp_buffer,
|
|
||||||
size_t* resp_length)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
uint32_t (*fn1)(ms_in_msg_exchange_t *ms, size_t, char**, size_t*);
|
|
||||||
if(!decrypted_data || !resp_length)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
ms = (ms_in_msg_exchange_t *)decrypted_data;
|
|
||||||
if(ms->target_fn_id >= func_table.num_funcs)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
fn1 = (uint32_t (*)(ms_in_msg_exchange_t*, size_t, char**, size_t*))func_table.table[ms->target_fn_id];
|
|
||||||
return fn1(ms, decrypted_data_length, resp_buffer, resp_length);
|
|
||||||
}
|
|
||||||
|
|
||||||
//Operates on the input secret and generates the output secret
|
|
||||||
uint32_t get_message_exchange_response(uint32_t inp_secret_data)
|
|
||||||
{
|
|
||||||
uint32_t secret_response;
|
|
||||||
|
|
||||||
//User should use more complex encryption method to protect their secret, below is just a simple example
|
|
||||||
secret_response = inp_secret_data & 0x11111111;
|
|
||||||
|
|
||||||
return secret_response;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
//Generates the response from the request message
|
|
||||||
extern "C" uint32_t message_exchange_response_generator(char* decrypted_data,
|
|
||||||
char** resp_buffer,
|
|
||||||
size_t* resp_length)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
uint32_t inp_secret_data;
|
|
||||||
uint32_t out_secret_data;
|
|
||||||
if(!decrypted_data || !resp_length)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
ms = (ms_in_msg_exchange_t *)decrypted_data;
|
|
||||||
|
|
||||||
if(umarshal_message_exchange_request(&inp_secret_data,ms) != SUCCESS)
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
|
|
||||||
out_secret_data = get_message_exchange_response(inp_secret_data);
|
|
||||||
|
|
||||||
if(marshal_message_exchange_response(resp_buffer, resp_length, out_secret_data) != SUCCESS)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
static uint32_t e1_foo1(external_param_struct_t *p_struct_var)
|
|
||||||
{
|
|
||||||
if(!p_struct_var)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
(p_struct_var->var1)++;
|
|
||||||
(p_struct_var->var2)++;
|
|
||||||
(p_struct_var->p_internal_struct->ivar1)++;
|
|
||||||
(p_struct_var->p_internal_struct->ivar2)++;
|
|
||||||
|
|
||||||
return (p_struct_var->var1 + p_struct_var->var2 + p_struct_var->p_internal_struct->ivar1 + p_struct_var->p_internal_struct->ivar2);
|
|
||||||
}
|
|
||||||
|
|
||||||
//Function which is executed on request from the source enclave
|
|
||||||
static uint32_t e1_foo1_wrapper(ms_in_msg_exchange_t *ms,
|
|
||||||
size_t param_lenth,
|
|
||||||
char** resp_buffer,
|
|
||||||
size_t* resp_length)
|
|
||||||
{
|
|
||||||
UNUSED(param_lenth);
|
|
||||||
|
|
||||||
uint32_t ret;
|
|
||||||
size_t len_data, len_ptr_data;
|
|
||||||
external_param_struct_t *p_struct_var;
|
|
||||||
internal_param_struct_t internal_struct_var;
|
|
||||||
|
|
||||||
if(!ms || !resp_length)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
p_struct_var = (external_param_struct_t*)malloc(sizeof(external_param_struct_t));
|
|
||||||
if(!p_struct_var)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
p_struct_var->p_internal_struct = &internal_struct_var;
|
|
||||||
|
|
||||||
if(unmarshal_input_parameters_e1_foo1(p_struct_var, ms) != SUCCESS)//can use the stack
|
|
||||||
{
|
|
||||||
SAFE_FREE(p_struct_var);
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = e1_foo1(p_struct_var);
|
|
||||||
|
|
||||||
len_data = sizeof(external_param_struct_t) - sizeof(p_struct_var->p_internal_struct);
|
|
||||||
len_ptr_data = sizeof(internal_struct_var);
|
|
||||||
|
|
||||||
if(marshal_retval_and_output_parameters_e1_foo1(resp_buffer, resp_length, ret, p_struct_var, len_data, len_ptr_data) != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(p_struct_var);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
SAFE_FREE(p_struct_var);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,43 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
enclave {
|
|
||||||
include "sgx_eid.h"
|
|
||||||
from "../LocalAttestationCode/LocalAttestationCode.edl" import *;
|
|
||||||
from "sgx_tstdc.edl" import *;
|
|
||||||
trusted{
|
|
||||||
public uint32_t test_create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
public uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
public uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
public uint32_t test_close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
|
|
@ -1,10 +0,0 @@
|
||||||
Enclave1.so
|
|
||||||
{
|
|
||||||
global:
|
|
||||||
g_global_data_sim;
|
|
||||||
g_global_data;
|
|
||||||
enclave_entry;
|
|
||||||
g_peak_heap_used;
|
|
||||||
local:
|
|
||||||
*;
|
|
||||||
};
|
|
|
@ -1,39 +0,0 @@
|
||||||
-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIIG4wIBAAKCAYEAuJh4w/KzndQhzEqwH6Ut/3BmOom5CN117KT1/cemEbDLPhn0
|
|
||||||
c5yjAfe4NL1qtGqz0RTK9X9BBSi89b6BrsM9S6c2cUJaeYAPrAtJ+IuzN/5BAmmf
|
|
||||||
RXbPccETd7rHvDdQ9KBRjCipTx+H0D5nOB76S5PZPVrduwrCmSqVFmLNVWWfPYQx
|
|
||||||
YewbJ2QfEfioICZFYR0Jou38mJqDTl+CH0gLAuQ4n1kdpQ3VGymzt3oUiPzf5ImJ
|
|
||||||
oZh5HjarRRiWV+cyNyXYJTnx0dOtFQDgd8HhniagbRB0ZOIt6599JjMkWGkVP0Ni
|
|
||||||
U/NIlXG5musU35GfLB8MbTcxblMNm9sMYz1R8y/eAreoPTXUhtK8NG2TEywRh3UP
|
|
||||||
RF9/jM9WczjQXxJ3RznKOwNVwg4cRY2AOqD2vb1iGSqyc/WMzVULgfclkcScp75/
|
|
||||||
Auz9Y6473CQvaxyrseSWHGwCG7KG1GxYE8Bg8T6OlYD4mzKggoMdwVLAzUepRaPZ
|
|
||||||
5hqRDZzbTGUxJ+GLAgEDAoIBgHsQUIKhzRPiwTLcdWpuHqpK7tGxJgXo+Uht+VPa
|
|
||||||
brZ13NQRTaJobKv6es3TnHhHIotjMfj/gK4bKKPUVnSCKN0aJEuBkaZVX8gHhqWy
|
|
||||||
d3qpgKxGai5PNPaAt6UnL9LPi03ANl1wcN9qWorURNAUpt0NO348k9IHLGYcY2RB
|
|
||||||
3jjuaikCy5adZ2+YFLalxWrELkC+BmyeqGW8V4mVAWowB1dC0Go7aRiz42dxInpR
|
|
||||||
YwX96phbsRZlphQkci4QZDqaIFg3ndzTO5bo704zaMcbWtEjmFrYRyb519tRoDkN
|
|
||||||
Y0rGwOxFANeRV5dSfGGLm7K5JztiuHN0nMu3PhY4LOV0SeZ4+5sYn0LzB2nyKqgy
|
|
||||||
/c3AA2OG34DEdGxxh94kD66iKFVPyJG38/gnu9CsGmrLl3n4fgutPEVIbPdSSjex
|
|
||||||
4Y9EQfcnqImPxTrpP9CqD208VPcQHD/uy8s9q3961Ew3RPdHMZ8amIJdXkOmPEme
|
|
||||||
KZ7SG+VENBaj8r038iq1mPzcWwKBwQDcvJg75LfVuKX+cWMrTO2+MFVcEFiZ/NB/
|
|
||||||
gh7mgL6lCleROVa9P6iR2Wn6vHq8nP5BkChehm/rXEG78fgXEMoArimF7FrrICfI
|
|
||||||
4yB0opDJz/tWrE/62impN7OR8Ce+RQThFj4RTnibQEEVt++JMUXFiMKLdWDSpC2i
|
|
||||||
tNWnlTOb7d89bk0yk62IoLElCZK/MIMxkCHBKW6YgrmvlPJKQwpA6Z3wQbUpE6Rb
|
|
||||||
9f8xJfxZGEJPH0s3Ds9A0CVuEt8OOXcCgcEA1hXTHhhgmb2gIUJgIcvrpkDmiLux
|
|
||||||
EG6ZoyLt6h5QwzScS6KKU1mcoJyVDd0wlt7mEXrPYYHWUWPuvpTQ8/4ZGMw7FCZe
|
|
||||||
bakhnwRbw36FlLwRG35wCF6nQO1XFBKRGto15ivfTyDvMpJBdtNpET5NwT/ifDF3
|
|
||||||
OWS7t6TGhtcfnvBad5S1AgGoAq+q/huFiBGpDbxJ+1xh0lNL5Z8nVypvPWomNpde
|
|
||||||
rpLuwRPEIb+GBfQ9Hp5AjRXVsPjKnkHsnl2NAoHBAJMoZX1DJTklw/72Qhzd89Qg
|
|
||||||
OOgK5bv94FUBae8Afxixj7YmOdN/xbaQ8VHS/H29/tZgGumu9UeS1n1L+roLMVXJ
|
|
||||||
cQPy50dqxTCXavhsYIaKp48diqc8G8YlImFKxSmDWJYO1AuJpbzVgLklSlt2LoOw
|
|
||||||
gbJOQIxtc8HN48UOImfz6ij0M3cNHlsVy24GYdTLAiEKwStw9GWse8pjTDGCBtXx
|
|
||||||
E/WBI3C3wuf5VMtuqDtlgYoU3M9fNNXgGPQMlLQmTwKBwQCOuTdpZZW708AWLEAW
|
|
||||||
h/Ju1e8F0nYK9GZswfPxaYsszb2HwbGM5mhrEw4JPiBklJlg/IpBATmLl/R/DeCi
|
|
||||||
qWYQiCdixD7zxhZqAufXqa5jKAtnqaAFlG+AnjoNYbYR5s6ZcpTfa0ohttZPN5tg
|
|
||||||
1DPWKpb9dk97mH0lGIRZ5L+/Sub6YyNWq8VXH8dUElkFYRtefYankuvhjN1Dv2+P
|
|
||||||
cZ9+RsQkZOnJt0nWDS1r1QQD+Ci/FCsIuTkgpdxpgUhpk7MCgcEAkfkmaBDb7DG2
|
|
||||||
Kc39R6ZZuPnV10w+WOpph7ugwcguG/E0wGq+jFWv6HFckCPeHT4BNtOk8Dem/kPp
|
|
||||||
teF51eAuFWEefj2tScvlSBBPcnla+WzMWXrlxVnajTt73w+oT2Ql//WhgREpsNfx
|
|
||||||
SvU80YPVu4GJfl+hhxBifLx+0FM20OESW93qFRc3p040bNrDY9JIZuly/y5zaiBa
|
|
||||||
mRZF9H8P+x3Lu5AJpdXQEOMZ/XJ/xkoWWjbTojkmgOmmZSMLd5Te
|
|
||||||
-----END RSA PRIVATE KEY-----
|
|
|
@ -1,222 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "EnclaveMessageExchange.h"
|
|
||||||
#include "error_codes.h"
|
|
||||||
#include "Utility_E1.h"
|
|
||||||
#include "stdlib.h"
|
|
||||||
#include "string.h"
|
|
||||||
|
|
||||||
uint32_t marshal_input_parameters_e2_foo1(uint32_t target_fn_id, uint32_t msg_type, uint32_t var1, uint32_t var2, char** marshalled_buff, size_t* marshalled_buff_len)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
size_t param_len, ms_len;
|
|
||||||
char *temp_buff;
|
|
||||||
|
|
||||||
param_len = sizeof(var1)+sizeof(var2);
|
|
||||||
temp_buff = (char*)malloc(param_len);
|
|
||||||
if(!temp_buff)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
memcpy(temp_buff,&var1,sizeof(var1));
|
|
||||||
memcpy(temp_buff+sizeof(var1),&var2,sizeof(var2));
|
|
||||||
ms_len = sizeof(ms_in_msg_exchange_t) + param_len;
|
|
||||||
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
{
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
ms->msg_type = msg_type;
|
|
||||||
ms->target_fn_id = target_fn_id;
|
|
||||||
ms->inparam_buff_len = (uint32_t)param_len;
|
|
||||||
memcpy(&ms->inparam_buff, temp_buff, param_len);
|
|
||||||
*marshalled_buff = (char*)ms;
|
|
||||||
*marshalled_buff_len = ms_len;
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t unmarshal_retval_and_output_parameters_e2_foo1(char* out_buff, char** retval)
|
|
||||||
{
|
|
||||||
size_t retval_len;
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
if(!out_buff)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
ms = (ms_out_msg_exchange_t *)out_buff;
|
|
||||||
retval_len = ms->retval_len;
|
|
||||||
*retval = (char*)malloc(retval_len);
|
|
||||||
if(!*retval)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
memcpy(*retval, ms->ret_outparam_buff, retval_len);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t unmarshal_input_parameters_e1_foo1(external_param_struct_t *pstruct, ms_in_msg_exchange_t* ms)
|
|
||||||
{
|
|
||||||
char* buff;
|
|
||||||
size_t len;
|
|
||||||
if(!pstruct || !ms)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
|
|
||||||
buff = ms->inparam_buff;
|
|
||||||
len = ms->inparam_buff_len;
|
|
||||||
if(len != (sizeof(pstruct->var1)+sizeof(pstruct->var2)+sizeof(pstruct->p_internal_struct->ivar1)+sizeof(pstruct->p_internal_struct->ivar2)))
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
|
|
||||||
memcpy(&pstruct->var1, buff, sizeof(pstruct->var1));
|
|
||||||
memcpy(&pstruct->var2, buff + sizeof(pstruct->var1), sizeof(pstruct->var2));
|
|
||||||
memcpy(&pstruct->p_internal_struct->ivar1, buff+(sizeof(pstruct->var1)+sizeof(pstruct->var2)), sizeof(pstruct->p_internal_struct->ivar1));
|
|
||||||
memcpy(&pstruct->p_internal_struct->ivar2, buff+(sizeof(pstruct->var1)+sizeof(pstruct->var2)+sizeof(pstruct->p_internal_struct->ivar1)), sizeof(pstruct->p_internal_struct->ivar2));
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t marshal_retval_and_output_parameters_e1_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval, external_param_struct_t *p_struct_var, size_t len_data, size_t len_ptr_data)
|
|
||||||
{
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
size_t param_len, ms_len, ret_param_len;;
|
|
||||||
char *temp_buff;
|
|
||||||
int* addr;
|
|
||||||
char* struct_data;
|
|
||||||
size_t retval_len;
|
|
||||||
|
|
||||||
if(!resp_length || !p_struct_var)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
|
|
||||||
retval_len = sizeof(retval);
|
|
||||||
struct_data = (char*)p_struct_var;
|
|
||||||
param_len = len_data + len_ptr_data;
|
|
||||||
ret_param_len = param_len + retval_len;
|
|
||||||
addr = *(int **)(struct_data + len_data);
|
|
||||||
temp_buff = (char*)malloc(ret_param_len);
|
|
||||||
if(!temp_buff)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
memcpy(temp_buff, &retval, sizeof(retval));
|
|
||||||
memcpy(temp_buff + sizeof(retval), struct_data, len_data);
|
|
||||||
memcpy(temp_buff + sizeof(retval) + len_data, addr, len_ptr_data);
|
|
||||||
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
|
|
||||||
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
{
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
ms->retval_len = (uint32_t)retval_len;
|
|
||||||
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
|
|
||||||
memcpy(&ms->ret_outparam_buff, temp_buff, ret_param_len);
|
|
||||||
*resp_buffer = (char*)ms;
|
|
||||||
*resp_length = ms_len;
|
|
||||||
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
size_t secret_data_len, ms_len;
|
|
||||||
if(!marshalled_buff_len)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
secret_data_len = sizeof(secret_data);
|
|
||||||
ms_len = sizeof(ms_in_msg_exchange_t) + secret_data_len;
|
|
||||||
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
ms->msg_type = msg_type;
|
|
||||||
ms->target_fn_id = target_fn_id;
|
|
||||||
ms->inparam_buff_len = (uint32_t)secret_data_len;
|
|
||||||
memcpy(&ms->inparam_buff, &secret_data, secret_data_len);
|
|
||||||
*marshalled_buff = (char*)ms;
|
|
||||||
*marshalled_buff_len = ms_len;
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms)
|
|
||||||
{
|
|
||||||
char* buff;
|
|
||||||
size_t len;
|
|
||||||
if(!inp_secret_data || !ms)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
buff = ms->inparam_buff;
|
|
||||||
len = ms->inparam_buff_len;
|
|
||||||
if(len != sizeof(uint32_t))
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
|
|
||||||
memcpy(inp_secret_data, buff, sizeof(uint32_t));
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response)
|
|
||||||
{
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
size_t secret_response_len, ms_len;
|
|
||||||
size_t retval_len, ret_param_len;
|
|
||||||
if(!resp_length)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
secret_response_len = sizeof(secret_response);
|
|
||||||
retval_len = secret_response_len;
|
|
||||||
ret_param_len = secret_response_len;
|
|
||||||
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
|
|
||||||
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
ms->retval_len = (uint32_t)retval_len;
|
|
||||||
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
|
|
||||||
memcpy(&ms->ret_outparam_buff, &secret_response, secret_response_len);
|
|
||||||
*resp_buffer = (char*)ms;
|
|
||||||
*resp_length = ms_len;
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response)
|
|
||||||
{
|
|
||||||
size_t retval_len;
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
if(!out_buff)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
ms = (ms_out_msg_exchange_t *)out_buff;
|
|
||||||
retval_len = ms->retval_len;
|
|
||||||
*secret_response = (char*)malloc(retval_len);
|
|
||||||
if(!*secret_response)
|
|
||||||
{
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
memcpy(*secret_response, ms->ret_outparam_buff, retval_len);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,65 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
#ifndef UTILITY_E1_H__
|
|
||||||
#define UTILITY_E1_H__
|
|
||||||
|
|
||||||
#include "stdint.h"
|
|
||||||
|
|
||||||
typedef struct _internal_param_struct_t
|
|
||||||
{
|
|
||||||
uint32_t ivar1;
|
|
||||||
uint32_t ivar2;
|
|
||||||
}internal_param_struct_t;
|
|
||||||
|
|
||||||
typedef struct _external_param_struct_t
|
|
||||||
{
|
|
||||||
uint32_t var1;
|
|
||||||
uint32_t var2;
|
|
||||||
internal_param_struct_t *p_internal_struct;
|
|
||||||
}external_param_struct_t;
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
extern "C" {
|
|
||||||
#endif
|
|
||||||
|
|
||||||
uint32_t marshal_input_parameters_e2_foo1(uint32_t target_fn_id, uint32_t msg_type, uint32_t var1, uint32_t var2, char** marshalled_buff, size_t* marshalled_buff_len);
|
|
||||||
uint32_t unmarshal_retval_and_output_parameters_e2_foo1(char* out_buff, char** retval);
|
|
||||||
uint32_t unmarshal_input_parameters_e1_foo1(external_param_struct_t *pstruct, ms_in_msg_exchange_t* ms);
|
|
||||||
uint32_t marshal_retval_and_output_parameters_e1_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval, external_param_struct_t *p_struct_var, size_t len_data, size_t len_ptr_data);
|
|
||||||
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len);
|
|
||||||
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms);
|
|
||||||
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response);
|
|
||||||
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response);
|
|
||||||
#ifdef __cplusplus
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
#endif
|
|
|
@ -1,12 +0,0 @@
|
||||||
<EnclaveConfiguration>
|
|
||||||
<ProdID>0</ProdID>
|
|
||||||
<ISVSVN>0</ISVSVN>
|
|
||||||
<StackMaxSize>0x40000</StackMaxSize>
|
|
||||||
<HeapMaxSize>0x100000</HeapMaxSize>
|
|
||||||
<TCSNum>1</TCSNum>
|
|
||||||
<TCSPolicy>1</TCSPolicy>
|
|
||||||
<!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
|
|
||||||
<DisableDebug>0</DisableDebug>
|
|
||||||
<MiscSelect>0</MiscSelect>
|
|
||||||
<MiscMask>0xFFFFFFFF</MiscMask>
|
|
||||||
</EnclaveConfiguration>
|
|
|
@ -1,339 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
// Enclave2.cpp : Defines the exported functions for the DLL application
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "Enclave2_t.h"
|
|
||||||
#include "EnclaveMessageExchange.h"
|
|
||||||
#include "error_codes.h"
|
|
||||||
#include "Utility_E2.h"
|
|
||||||
#include "sgx_thread.h"
|
|
||||||
#include "sgx_dh.h"
|
|
||||||
#include <map>
|
|
||||||
|
|
||||||
#define UNUSED(val) (void)(val)
|
|
||||||
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>g_src_session_info_map;
|
|
||||||
|
|
||||||
static uint32_t e2_foo1_wrapper(ms_in_msg_exchange_t *ms, size_t param_lenth, char** resp_buffer, size_t* resp_length);
|
|
||||||
|
|
||||||
//Function pointer table containing the list of functions that the enclave exposes
|
|
||||||
const struct {
|
|
||||||
size_t num_funcs;
|
|
||||||
const void* table[1];
|
|
||||||
} func_table = {
|
|
||||||
1,
|
|
||||||
{
|
|
||||||
(const void*)e2_foo1_wrapper,
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
//Makes use of the sample code function to establish a secure channel with the destination enclave
|
|
||||||
uint32_t test_create_session(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
dh_session_t dest_session_info;
|
|
||||||
//Core reference code function for creating a session
|
|
||||||
ke_status = create_session(src_enclave_id, dest_enclave_id,&dest_session_info);
|
|
||||||
if(ke_status == SUCCESS)
|
|
||||||
{
|
|
||||||
//Insert the session information into the map under the corresponding destination enclave id
|
|
||||||
g_src_session_info_map.insert(std::pair<sgx_enclave_id_t, dh_session_t>(dest_enclave_id, dest_session_info));
|
|
||||||
}
|
|
||||||
memset(&dest_session_info, 0, sizeof(dh_session_t));
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Makes use of the sample code function to do an enclave to enclave call (Test Vector)
|
|
||||||
uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
param_struct_t *p_struct_var, struct_var;
|
|
||||||
uint32_t target_fn_id, msg_type;
|
|
||||||
char* marshalled_inp_buff;
|
|
||||||
size_t marshalled_inp_buff_len;
|
|
||||||
char* out_buff;
|
|
||||||
size_t out_buff_len;
|
|
||||||
dh_session_t *dest_session_info;
|
|
||||||
size_t max_out_buff_size;
|
|
||||||
char* retval;
|
|
||||||
|
|
||||||
max_out_buff_size = 50;
|
|
||||||
target_fn_id = 0;
|
|
||||||
msg_type = ENCLAVE_TO_ENCLAVE_CALL;
|
|
||||||
|
|
||||||
struct_var.var1 = 0x3;
|
|
||||||
struct_var.var2 = 0x4;
|
|
||||||
p_struct_var = &struct_var;
|
|
||||||
|
|
||||||
//Marshals the input parameters for calling function foo1 in Enclave3 into a input buffer
|
|
||||||
ke_status = marshal_input_parameters_e3_foo1(target_fn_id, msg_type, p_struct_var, &marshalled_inp_buff, &marshalled_inp_buff_len);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Search the map for the session information associated with the destination enclave id passed in
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
|
|
||||||
if(it != g_src_session_info_map.end())
|
|
||||||
{
|
|
||||||
dest_session_info = &it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Core Reference Code function
|
|
||||||
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
|
|
||||||
marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
|
|
||||||
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Un-marshal the return value and output parameters from foo1 of Enclave3
|
|
||||||
ke_status = unmarshal_retval_and_output_parameters_e3_foo1(out_buff, p_struct_var, &retval);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
SAFE_FREE(retval);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Makes use of the sample code function to do a generic secret message exchange (Test Vector)
|
|
||||||
uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
uint32_t target_fn_id, msg_type;
|
|
||||||
char* marshalled_inp_buff;
|
|
||||||
size_t marshalled_inp_buff_len;
|
|
||||||
char* out_buff;
|
|
||||||
size_t out_buff_len;
|
|
||||||
dh_session_t *dest_session_info;
|
|
||||||
size_t max_out_buff_size;
|
|
||||||
char* secret_response;
|
|
||||||
uint32_t secret_data;
|
|
||||||
|
|
||||||
target_fn_id = 0;
|
|
||||||
msg_type = MESSAGE_EXCHANGE;
|
|
||||||
max_out_buff_size = 50;
|
|
||||||
secret_data = 0x12345678; //Secret Data here is shown only for purpose of demonstration.
|
|
||||||
|
|
||||||
//Marshals the secret data into a buffer
|
|
||||||
ke_status = marshal_message_exchange_request(target_fn_id, msg_type, secret_data, &marshalled_inp_buff, &marshalled_inp_buff_len);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
//Search the map for the session information associated with the destination enclave id passed in
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
|
|
||||||
if(it != g_src_session_info_map.end())
|
|
||||||
{
|
|
||||||
dest_session_info = &it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Core Reference Code function
|
|
||||||
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
|
|
||||||
marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Un-marshal the secret response data
|
|
||||||
ke_status = umarshal_message_exchange_response(out_buff, &secret_response);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
SAFE_FREE(secret_response);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
//Makes use of the sample code function to close a current session
|
|
||||||
uint32_t test_close_session(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
dh_session_t dest_session_info;
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
//Search the map for the session information associated with the destination enclave id passed in
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
|
|
||||||
if(it != g_src_session_info_map.end())
|
|
||||||
{
|
|
||||||
dest_session_info = it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
//Core reference code function for closing a session
|
|
||||||
ke_status = close_session(src_enclave_id, dest_enclave_id);
|
|
||||||
|
|
||||||
//Erase the session information associated with the destination enclave id
|
|
||||||
g_src_session_info_map.erase(dest_enclave_id);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Function that is used to verify the trust of the other enclave
|
|
||||||
//Each enclave can have its own way verifying the peer enclave identity
|
|
||||||
extern "C" uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity)
|
|
||||||
{
|
|
||||||
if(!peer_enclave_identity)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
if(peer_enclave_identity->isv_prod_id != 0 || !(peer_enclave_identity->attributes.flags & SGX_FLAGS_INITTED))
|
|
||||||
// || peer_enclave_identity->attributes.xfrm !=3)// || peer_enclave_identity->mr_signer != xx //TODO: To be hardcoded with values to check
|
|
||||||
{
|
|
||||||
return ENCLAVE_TRUST_ERROR;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
//Dispatch function that calls the approriate enclave function based on the function id
|
|
||||||
//Each enclave can have its own way of dispatching the calls from other enclave
|
|
||||||
extern "C" uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data,
|
|
||||||
size_t decrypted_data_length,
|
|
||||||
char** resp_buffer,
|
|
||||||
size_t* resp_length)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
uint32_t (*fn1)(ms_in_msg_exchange_t *ms, size_t, char**, size_t*);
|
|
||||||
if(!decrypted_data || !resp_length)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
ms = (ms_in_msg_exchange_t *)decrypted_data;
|
|
||||||
if(ms->target_fn_id >= func_table.num_funcs)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
fn1 = (uint32_t (*)(ms_in_msg_exchange_t*, size_t, char**, size_t*))func_table.table[ms->target_fn_id];
|
|
||||||
return fn1(ms, decrypted_data_length, resp_buffer, resp_length);
|
|
||||||
}
|
|
||||||
|
|
||||||
//Operates on the input secret and generates the output secret
|
|
||||||
uint32_t get_message_exchange_response(uint32_t inp_secret_data)
|
|
||||||
{
|
|
||||||
uint32_t secret_response;
|
|
||||||
|
|
||||||
//User should use more complex encryption method to protect their secret, below is just a simple example
|
|
||||||
secret_response = inp_secret_data & 0x11111111;
|
|
||||||
|
|
||||||
return secret_response;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
//Generates the response from the request message
|
|
||||||
extern "C" uint32_t message_exchange_response_generator(char* decrypted_data,
|
|
||||||
char** resp_buffer,
|
|
||||||
size_t* resp_length)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
uint32_t inp_secret_data;
|
|
||||||
uint32_t out_secret_data;
|
|
||||||
if(!decrypted_data || !resp_length)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
ms = (ms_in_msg_exchange_t *)decrypted_data;
|
|
||||||
|
|
||||||
if(umarshal_message_exchange_request(&inp_secret_data,ms) != SUCCESS)
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
|
|
||||||
out_secret_data = get_message_exchange_response(inp_secret_data);
|
|
||||||
|
|
||||||
if(marshal_message_exchange_response(resp_buffer, resp_length, out_secret_data) != SUCCESS)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
static uint32_t e2_foo1(uint32_t var1, uint32_t var2)
|
|
||||||
{
|
|
||||||
return(var1 + var2);
|
|
||||||
}
|
|
||||||
|
|
||||||
//Function which is executed on request from the source enclave
|
|
||||||
static uint32_t e2_foo1_wrapper(ms_in_msg_exchange_t *ms,
|
|
||||||
size_t param_lenth,
|
|
||||||
char** resp_buffer,
|
|
||||||
size_t* resp_length)
|
|
||||||
{
|
|
||||||
UNUSED(param_lenth);
|
|
||||||
|
|
||||||
uint32_t var1,var2,ret;
|
|
||||||
if(!ms || !resp_length)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
if(unmarshal_input_parameters_e2_foo1(&var1, &var2, ms) != SUCCESS)
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
|
|
||||||
ret = e2_foo1(var1, var2);
|
|
||||||
|
|
||||||
if(marshal_retval_and_output_parameters_e2_foo1(resp_buffer, resp_length, ret) != SUCCESS )
|
|
||||||
return MALLOC_ERROR; //can set resp buffer to null here
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
|
@ -1,43 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
enclave {
|
|
||||||
include "sgx_eid.h"
|
|
||||||
from "../LocalAttestationCode/LocalAttestationCode.edl" import *;
|
|
||||||
from "sgx_tstdc.edl" import *;
|
|
||||||
trusted{
|
|
||||||
public uint32_t test_create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
public uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
public uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
public uint32_t test_close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
};
|
|
||||||
};
|
|
|
@ -1,10 +0,0 @@
|
||||||
Enclave2.so
|
|
||||||
{
|
|
||||||
global:
|
|
||||||
g_global_data_sim;
|
|
||||||
g_global_data;
|
|
||||||
enclave_entry;
|
|
||||||
g_peak_heap_used;
|
|
||||||
local:
|
|
||||||
*;
|
|
||||||
};
|
|
|
@ -1,39 +0,0 @@
|
||||||
-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIIG4gIBAAKCAYEAroOogvsj/fZDZY8XFdkl6dJmky0lRvnWMmpeH41Bla6U1qLZ
|
|
||||||
AmZuyIF+mQC/cgojIsrBMzBxb1kKqzATF4+XwPwgKz7fmiddmHyYz2WDJfAjIveJ
|
|
||||||
ZjdMjM4+EytGlkkJ52T8V8ds0/L2qKexJ+NBLxkeQLfV8n1mIk7zX7jguwbCG1Pr
|
|
||||||
nEMdJ3Sew20vnje+RsngAzdPChoJpVsWi/K7cettX/tbnre1DL02GXc5qJoQYk7b
|
|
||||||
3zkmhz31TgFrd9VVtmUGyFXAysuSAb3EN+5VnHGr0xKkeg8utErea2FNtNIgua8H
|
|
||||||
ONfm9Eiyaav1SVKzPHlyqLtcdxH3I8Wg7yqMsaprZ1n5A1v/levxnL8+It02KseD
|
|
||||||
5HqV4rf/cImSlCt3lpRg8U5E1pyFQ2IVEC/XTDMiI3c+AR+w2jSRB3Bwn9zJtFlW
|
|
||||||
KHG3m1xGI4ck+Lci1JvWWLXQagQSPtZTsubxTQNx1gsgZhgv1JHVZMdbVlAbbRMC
|
|
||||||
1nSuJNl7KPAS/VfzAgEDAoIBgHRXxaynbVP5gkO0ug6Qw/E27wzIw4SmjsxG6Wpe
|
|
||||||
K7kfDeRskKxESdsA/xCrKkwGwhcx1iIgS5+Qscd1Yg+1D9X9asd/P7waPmWoZd+Z
|
|
||||||
AhlKwhdPsO7PiF3e1AzHhGQwsUTt/Y/aSI1MpHBvy2/s1h9mFCslOUxTmWw0oj/Q
|
|
||||||
ldIEgWeNR72CE2+jFIJIyml6ftnb6qzPiga8Bm48ubKh0kvySOqnkmnPzgh+JBD6
|
|
||||||
JnBmtZbfPT97bwTT+N6rnPqOOApvfHPf15kWI8yDbprG1l4OCUaIUH1AszxLd826
|
|
||||||
5IPM+8gINLRDP1MA6azECPjTyHXhtnSIBZCyWSVkc05vYmNXYUNiXWMajcxW9M02
|
|
||||||
wKzFELO8NCEAkaTPxwo4SCyIjUxiK1LbQ9h8PSy4c1+gGP4LAMR8xqP4QKg6zdu9
|
|
||||||
osUGG/xRe/uufgTBFkcjqBHtK5L5VI0jeNIUAgW/6iNbYXjBMJ0GfauLs+g1VsOm
|
|
||||||
WfdgXzsb9DYdMa0OXXHypmV4GwKBwQDUwQj8RKJ6c8cT4vcWCoJvJF00+RFL+P3i
|
|
||||||
Gx2DLERxRrDa8AVGfqaCjsR+3vLgG8V/py+z+dxZYSqeB80Qeo6PDITcRKoeAYh9
|
|
||||||
xlT3LJOS+k1cJcEmlbbO2IjLkTmzSwa80fWexKu8/Xv6vv15gpqYl1ngYoqJM3pd
|
|
||||||
vzmTIOi7MKSZ0WmEQavrZj8zK4endE3v0eAEeQ55j1GImbypSf7Idh7wOXtjZ7WD
|
|
||||||
Dg6yWDrri+AP/L3gClMj8wsAxMV4ZR8CgcEA0fzDHkFa6raVOxWnObmRoDhAtE0a
|
|
||||||
cjUj976NM5yyfdf2MrKy4/RhdTiPZ6b08/lBC/+xRfV3xKVGzacm6QjqjZrUpgHC
|
|
||||||
0LKiZaMtccCJjLtPwQd0jGQEnKfMFaPsnhOc5y8qVkCzVOSthY5qhz0XNotHHFmJ
|
|
||||||
gffVgB0iqrMTvSL7IA2yqqpOqNRlhaYhNl8TiFP3gIeMtVa9rZy31JPgT2uJ+kfo
|
|
||||||
gV7sdTPEjPWZd7OshGxWpT6QfVDj/T9T7L6tAoHBAI3WBf2DFvxNL2KXT2QHAZ9t
|
|
||||||
k3imC4f7U+wSE6zILaDZyzygA4RUbwG0gv8/TJVn2P/Eynf76DuWHGlaiLWnCbSz
|
|
||||||
Az2DHBQBBaku409zDQym3j1ugMRjzzSQWzJg0SIyBH3hTmnYcn3+Uqcp/lEBvGW6
|
|
||||||
O+rsXFt3pukqJmIV8HzLGGaLm62BHUeZf3dyWm+i3p/hQAL7Xvu04QW70xuGqdr5
|
|
||||||
afV7p5eaeQIJXyGQJ0eylV/90+qxjMKiB1XYg6WYvwKBwQCL/ddpgOdHJGN8uRom
|
|
||||||
e7Zq0Csi3hGheMKlKbN3vcxT5U7MdyHtTZZOJbTvxKNNUNYH/8uD+PqDGNneb29G
|
|
||||||
BfGzvI3EASyLIcGZF3OhKwZd0jUrWk2y7Vhob91jwp2+t73vdMbkKyI4mHOuXvGv
|
|
||||||
fg95si9oO7EBT+Oqvhccd2J+F1IVXncccYnF4u5ZGWt5lLewN/pVr7MjjykeaHqN
|
|
||||||
t+rfnQam2psA6fL4zS2zTmZPzR2tnY8Y1GBTi0Ko1OKd1HMCgcAb5cB/7/AQlhP9
|
|
||||||
yQa04PLH9ygQkKKptZp7dy5WcWRx0K/hAHRoi2aw1wZqfm7VBNu2SLcs90kCCCxp
|
|
||||||
6C5sfJi6b8NpNbIPC+sc9wsFr7pGo9SFzQ78UlcWYK2Gu2FxlMjonhka5hvo4zvg
|
|
||||||
WxlpXKEkaFt3gLd92m/dMqBrHfafH7VwOJY2zT3WIpjwuk0ZzmRg5p0pG/svVQEH
|
|
||||||
NZmwRwlopysbR69B/n1nefJ84UO50fLh5s5Zr3gBRwbWNZyzhXk=
|
|
||||||
-----END RSA PRIVATE KEY-----
|
|
|
@ -1,213 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "EnclaveMessageExchange.h"
|
|
||||||
#include "error_codes.h"
|
|
||||||
#include "Utility_E2.h"
|
|
||||||
#include "stdlib.h"
|
|
||||||
#include "string.h"
|
|
||||||
|
|
||||||
uint32_t marshal_input_parameters_e3_foo1(uint32_t target_fn_id, uint32_t msg_type, param_struct_t *p_struct_var, char** marshalled_buff, size_t* marshalled_buff_len)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
size_t param_len, ms_len;
|
|
||||||
char *temp_buff;
|
|
||||||
if(!p_struct_var || !marshalled_buff_len)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
param_len = sizeof(param_struct_t);
|
|
||||||
temp_buff = (char*)malloc(param_len);
|
|
||||||
if(!temp_buff)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
memcpy(temp_buff, p_struct_var, sizeof(param_struct_t)); //can be optimized
|
|
||||||
ms_len = sizeof(ms_in_msg_exchange_t) + param_len;
|
|
||||||
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
{
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
ms->msg_type = msg_type;
|
|
||||||
ms->target_fn_id = target_fn_id;
|
|
||||||
ms->inparam_buff_len = (uint32_t)param_len;
|
|
||||||
memcpy(&ms->inparam_buff, temp_buff, param_len);
|
|
||||||
*marshalled_buff = (char*)ms;
|
|
||||||
*marshalled_buff_len = ms_len;
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t unmarshal_retval_and_output_parameters_e3_foo1(char* out_buff, param_struct_t *p_struct_var, char** retval)
|
|
||||||
{
|
|
||||||
size_t retval_len;
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
if(!out_buff)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
ms = (ms_out_msg_exchange_t *)out_buff;
|
|
||||||
retval_len = ms->retval_len;
|
|
||||||
*retval = (char*)malloc(retval_len);
|
|
||||||
if(!*retval)
|
|
||||||
{
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
memcpy(*retval, ms->ret_outparam_buff, retval_len);
|
|
||||||
memcpy(&p_struct_var->var1, (ms->ret_outparam_buff) + retval_len, sizeof(p_struct_var->var1));
|
|
||||||
memcpy(&p_struct_var->var2, (ms->ret_outparam_buff) + retval_len + sizeof(p_struct_var->var1), sizeof(p_struct_var->var2));
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
uint32_t unmarshal_input_parameters_e2_foo1(uint32_t* var1, uint32_t* var2, ms_in_msg_exchange_t* ms)
|
|
||||||
{
|
|
||||||
char* buff;
|
|
||||||
size_t len;
|
|
||||||
if(!var1 || !var2 || !ms)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
|
|
||||||
buff = ms->inparam_buff;
|
|
||||||
len = ms->inparam_buff_len;
|
|
||||||
|
|
||||||
if(len != (sizeof(*var1) + sizeof(*var2)))
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
|
|
||||||
memcpy(var1, buff, sizeof(*var1));
|
|
||||||
memcpy(var2, buff + sizeof(*var1), sizeof(*var2));
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t marshal_retval_and_output_parameters_e2_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval)
|
|
||||||
{
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
size_t ret_param_len, ms_len;
|
|
||||||
char *temp_buff;
|
|
||||||
size_t retval_len;
|
|
||||||
if(!resp_length)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
retval_len = sizeof(retval);
|
|
||||||
ret_param_len = retval_len; //no out parameters
|
|
||||||
temp_buff = (char*)malloc(ret_param_len);
|
|
||||||
if(!temp_buff)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
memcpy(temp_buff, &retval, sizeof(retval));
|
|
||||||
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
|
|
||||||
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
{
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
ms->retval_len = (uint32_t)retval_len;
|
|
||||||
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
|
|
||||||
memcpy(&ms->ret_outparam_buff, temp_buff, ret_param_len);
|
|
||||||
*resp_buffer = (char*)ms;
|
|
||||||
*resp_length = ms_len;
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
size_t secret_data_len, ms_len;
|
|
||||||
if(!marshalled_buff_len)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
secret_data_len = sizeof(secret_data);
|
|
||||||
ms_len = sizeof(ms_in_msg_exchange_t) + secret_data_len;
|
|
||||||
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
ms->msg_type = msg_type;
|
|
||||||
ms->target_fn_id = target_fn_id;
|
|
||||||
ms->inparam_buff_len = (uint32_t)secret_data_len;
|
|
||||||
memcpy(&ms->inparam_buff, &secret_data, secret_data_len);
|
|
||||||
*marshalled_buff = (char*)ms;
|
|
||||||
*marshalled_buff_len = ms_len;
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms)
|
|
||||||
{
|
|
||||||
char* buff;
|
|
||||||
size_t len;
|
|
||||||
if(!inp_secret_data || !ms)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
buff = ms->inparam_buff;
|
|
||||||
len = ms->inparam_buff_len;
|
|
||||||
if(len != sizeof(uint32_t))
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
|
|
||||||
memcpy(inp_secret_data, buff, sizeof(uint32_t));
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response)
|
|
||||||
{
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
size_t secret_response_len, ms_len;
|
|
||||||
size_t retval_len, ret_param_len;
|
|
||||||
if(!resp_length)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
secret_response_len = sizeof(secret_response);
|
|
||||||
retval_len = secret_response_len;
|
|
||||||
ret_param_len = secret_response_len;
|
|
||||||
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
|
|
||||||
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
ms->retval_len = (uint32_t)retval_len;
|
|
||||||
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
|
|
||||||
memcpy(&ms->ret_outparam_buff, &secret_response, secret_response_len);
|
|
||||||
*resp_buffer = (char*)ms;
|
|
||||||
*resp_length = ms_len;
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response)
|
|
||||||
{
|
|
||||||
size_t retval_len;
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
if(!out_buff)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
ms = (ms_out_msg_exchange_t *)out_buff;
|
|
||||||
retval_len = ms->retval_len;
|
|
||||||
*secret_response = (char*)malloc(retval_len);
|
|
||||||
if(!*secret_response)
|
|
||||||
{
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
memcpy(*secret_response, ms->ret_outparam_buff, retval_len);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
|
@ -1,59 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
#ifndef UTILITY_E2_H__
|
|
||||||
#define UTILITY_E2_H__
|
|
||||||
#include "stdint.h"
|
|
||||||
|
|
||||||
typedef struct _param_struct_t
|
|
||||||
{
|
|
||||||
uint32_t var1;
|
|
||||||
uint32_t var2;
|
|
||||||
}param_struct_t;
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
extern "C" {
|
|
||||||
#endif
|
|
||||||
|
|
||||||
uint32_t marshal_input_parameters_e3_foo1(uint32_t target_fn_id, uint32_t msg_type, param_struct_t *p_struct_var, char** marshalled_buff, size_t* marshalled_buff_len);
|
|
||||||
uint32_t unmarshal_retval_and_output_parameters_e3_foo1(char* out_buff, param_struct_t *p_struct_var, char** retval);
|
|
||||||
uint32_t unmarshal_input_parameters_e2_foo1(uint32_t* var1, uint32_t* var2, ms_in_msg_exchange_t* ms);
|
|
||||||
uint32_t marshal_retval_and_output_parameters_e2_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval);
|
|
||||||
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len);
|
|
||||||
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms);
|
|
||||||
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response);
|
|
||||||
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response);
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
|
|
|
@ -1,12 +0,0 @@
|
||||||
<EnclaveConfiguration>
|
|
||||||
<ProdID>0</ProdID>
|
|
||||||
<ISVSVN>0</ISVSVN>
|
|
||||||
<StackMaxSize>0x40000</StackMaxSize>
|
|
||||||
<HeapMaxSize>0x100000</HeapMaxSize>
|
|
||||||
<TCSNum>1</TCSNum>
|
|
||||||
<TCSPolicy>1</TCSPolicy>
|
|
||||||
<!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
|
|
||||||
<DisableDebug>0</DisableDebug>
|
|
||||||
<MiscSelect>0</MiscSelect>
|
|
||||||
<MiscMask>0xFFFFFFFF</MiscMask>
|
|
||||||
</EnclaveConfiguration>
|
|
|
@ -1,366 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
// Enclave3.cpp : Defines the exported functions for the DLL application
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "Enclave3_t.h"
|
|
||||||
#include "EnclaveMessageExchange.h"
|
|
||||||
#include "error_codes.h"
|
|
||||||
#include "Utility_E3.h"
|
|
||||||
#include "sgx_thread.h"
|
|
||||||
#include "sgx_dh.h"
|
|
||||||
#include <map>
|
|
||||||
|
|
||||||
#define UNUSED(val) (void)(val)
|
|
||||||
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>g_src_session_info_map;
|
|
||||||
|
|
||||||
static uint32_t e3_foo1_wrapper(ms_in_msg_exchange_t *ms, size_t param_lenth, char** resp_buffer, size_t* resp_length);
|
|
||||||
|
|
||||||
//Function pointer table containing the list of functions that the enclave exposes
|
|
||||||
const struct {
|
|
||||||
size_t num_funcs;
|
|
||||||
const void* table[1];
|
|
||||||
} func_table = {
|
|
||||||
1,
|
|
||||||
{
|
|
||||||
(const void*)e3_foo1_wrapper,
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
//Makes use of the sample code function to establish a secure channel with the destination enclave
|
|
||||||
uint32_t test_create_session(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
dh_session_t dest_session_info;
|
|
||||||
//Core reference code function for creating a session
|
|
||||||
ke_status = create_session(src_enclave_id, dest_enclave_id,&dest_session_info);
|
|
||||||
if(ke_status == SUCCESS)
|
|
||||||
{
|
|
||||||
//Insert the session information into the map under the corresponding destination enclave id
|
|
||||||
g_src_session_info_map.insert(std::pair<sgx_enclave_id_t, dh_session_t>(dest_enclave_id, dest_session_info));
|
|
||||||
}
|
|
||||||
memset(&dest_session_info, 0, sizeof(dh_session_t));
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Makes use of the sample code function to do an enclave to enclave call (Test Vector)
|
|
||||||
uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
external_param_struct_t *p_struct_var, struct_var;
|
|
||||||
internal_param_struct_t internal_struct_var;
|
|
||||||
uint32_t target_fn_id, msg_type;
|
|
||||||
char* marshalled_inp_buff;
|
|
||||||
size_t marshalled_inp_buff_len;
|
|
||||||
char* out_buff;
|
|
||||||
size_t out_buff_len;
|
|
||||||
dh_session_t *dest_session_info;
|
|
||||||
size_t max_out_buff_size;
|
|
||||||
char* retval;
|
|
||||||
|
|
||||||
max_out_buff_size = 50;
|
|
||||||
msg_type = ENCLAVE_TO_ENCLAVE_CALL;
|
|
||||||
target_fn_id = 0;
|
|
||||||
internal_struct_var.ivar1 = 0x5;
|
|
||||||
internal_struct_var.ivar2 = 0x6;
|
|
||||||
struct_var.var1 = 0x3;
|
|
||||||
struct_var.var2 = 0x4;
|
|
||||||
struct_var.p_internal_struct = &internal_struct_var;
|
|
||||||
p_struct_var = &struct_var;
|
|
||||||
|
|
||||||
size_t len_data = sizeof(struct_var) - sizeof(struct_var.p_internal_struct);
|
|
||||||
size_t len_ptr_data = sizeof(internal_struct_var);
|
|
||||||
|
|
||||||
//Marshals the input parameters for calling function foo1 in Enclave1 into a input buffer
|
|
||||||
ke_status = marshal_input_parameters_e1_foo1(target_fn_id, msg_type, p_struct_var, len_data,
|
|
||||||
len_ptr_data, &marshalled_inp_buff, &marshalled_inp_buff_len);
|
|
||||||
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Search the map for the session information associated with the destination enclave id passed in
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
|
|
||||||
if(it != g_src_session_info_map.end())
|
|
||||||
{
|
|
||||||
dest_session_info = &it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Core Reference Code function
|
|
||||||
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info,
|
|
||||||
marshalled_inp_buff, marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
|
|
||||||
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
////Un-marshal the return value and output parameters from foo1 of Enclave1
|
|
||||||
ke_status = unmarshal_retval_and_output_parameters_e1_foo1(out_buff, p_struct_var, &retval);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
SAFE_FREE(retval);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Makes use of the sample code function to do a generic secret message exchange (Test Vector)
|
|
||||||
uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
uint32_t target_fn_id, msg_type;
|
|
||||||
char* marshalled_inp_buff;
|
|
||||||
size_t marshalled_inp_buff_len;
|
|
||||||
char* out_buff;
|
|
||||||
size_t out_buff_len;
|
|
||||||
dh_session_t *dest_session_info;
|
|
||||||
size_t max_out_buff_size;
|
|
||||||
char* secret_response;
|
|
||||||
uint32_t secret_data;
|
|
||||||
|
|
||||||
target_fn_id = 0;
|
|
||||||
msg_type = MESSAGE_EXCHANGE;
|
|
||||||
max_out_buff_size = 50;
|
|
||||||
secret_data = 0x12345678; //Secret Data here is shown only for purpose of demonstration.
|
|
||||||
|
|
||||||
//Marshals the parameters into a buffer
|
|
||||||
ke_status = marshal_message_exchange_request(target_fn_id, msg_type, secret_data, &marshalled_inp_buff, &marshalled_inp_buff_len);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
//Search the map for the session information associated with the destination enclave id passed in
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
|
|
||||||
if(it != g_src_session_info_map.end())
|
|
||||||
{
|
|
||||||
dest_session_info = &it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Core Reference Code function
|
|
||||||
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
|
|
||||||
marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
|
|
||||||
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
//Un-marshal the secret response data
|
|
||||||
ke_status = umarshal_message_exchange_response(out_buff, &secret_response);
|
|
||||||
if(ke_status != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
SAFE_FREE(marshalled_inp_buff);
|
|
||||||
SAFE_FREE(out_buff);
|
|
||||||
SAFE_FREE(secret_response);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
//Makes use of the sample code function to close a current session
|
|
||||||
uint32_t test_close_session(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
dh_session_t dest_session_info;
|
|
||||||
ATTESTATION_STATUS ke_status = SUCCESS;
|
|
||||||
//Search the map for the session information associated with the destination enclave id passed in
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
|
|
||||||
if(it != g_src_session_info_map.end())
|
|
||||||
{
|
|
||||||
dest_session_info = it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return NULL;
|
|
||||||
}
|
|
||||||
//Core reference code function for closing a session
|
|
||||||
ke_status = close_session(src_enclave_id, dest_enclave_id);
|
|
||||||
|
|
||||||
//Erase the session information associated with the destination enclave id
|
|
||||||
g_src_session_info_map.erase(dest_enclave_id);
|
|
||||||
return ke_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Function that is used to verify the trust of the other enclave
|
|
||||||
//Each enclave can have its own way verifying the peer enclave identity
|
|
||||||
extern "C" uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity)
|
|
||||||
{
|
|
||||||
if(!peer_enclave_identity)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
if(peer_enclave_identity->isv_prod_id != 0 || !(peer_enclave_identity->attributes.flags & SGX_FLAGS_INITTED))
|
|
||||||
// || peer_enclave_identity->attributes.xfrm !=3)// || peer_enclave_identity->mr_signer != xx //TODO: To be hardcoded with values to check
|
|
||||||
{
|
|
||||||
return ENCLAVE_TRUST_ERROR;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
//Dispatch function that calls the approriate enclave function based on the function id
|
|
||||||
//Each enclave can have its own way of dispatching the calls from other enclave
|
|
||||||
extern "C" uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data,
|
|
||||||
size_t decrypted_data_length,
|
|
||||||
char** resp_buffer,
|
|
||||||
size_t* resp_length)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
uint32_t (*fn1)(ms_in_msg_exchange_t *ms, size_t, char**, size_t*);
|
|
||||||
if(!decrypted_data || !resp_length)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
ms = (ms_in_msg_exchange_t *)decrypted_data;
|
|
||||||
if(ms->target_fn_id >= func_table.num_funcs)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
fn1 = (uint32_t (*)(ms_in_msg_exchange_t*, size_t, char**, size_t*))func_table.table[ms->target_fn_id];
|
|
||||||
return fn1(ms, decrypted_data_length, resp_buffer, resp_length);
|
|
||||||
}
|
|
||||||
|
|
||||||
//Operates on the input secret and generates the output secret
|
|
||||||
uint32_t get_message_exchange_response(uint32_t inp_secret_data)
|
|
||||||
{
|
|
||||||
uint32_t secret_response;
|
|
||||||
|
|
||||||
//User should use more complex encryption method to protect their secret, below is just a simple example
|
|
||||||
secret_response = inp_secret_data & 0x11111111;
|
|
||||||
|
|
||||||
return secret_response;
|
|
||||||
|
|
||||||
}
|
|
||||||
//Generates the response from the request message
|
|
||||||
extern "C" uint32_t message_exchange_response_generator(char* decrypted_data,
|
|
||||||
char** resp_buffer,
|
|
||||||
size_t* resp_length)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
uint32_t inp_secret_data;
|
|
||||||
uint32_t out_secret_data;
|
|
||||||
if(!decrypted_data || !resp_length)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
ms = (ms_in_msg_exchange_t *)decrypted_data;
|
|
||||||
|
|
||||||
if(umarshal_message_exchange_request(&inp_secret_data,ms) != SUCCESS)
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
|
|
||||||
out_secret_data = get_message_exchange_response(inp_secret_data);
|
|
||||||
|
|
||||||
if(marshal_message_exchange_response(resp_buffer, resp_length, out_secret_data) != SUCCESS)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
static uint32_t e3_foo1(param_struct_t *p_struct_var)
|
|
||||||
{
|
|
||||||
if(!p_struct_var)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
p_struct_var->var1++;
|
|
||||||
p_struct_var->var2++;
|
|
||||||
|
|
||||||
return(p_struct_var->var1 * p_struct_var->var2);
|
|
||||||
}
|
|
||||||
|
|
||||||
//Function which is executed on request from the source enclave
|
|
||||||
static uint32_t e3_foo1_wrapper(ms_in_msg_exchange_t *ms,
|
|
||||||
size_t param_lenth,
|
|
||||||
char** resp_buffer,
|
|
||||||
size_t* resp_length)
|
|
||||||
{
|
|
||||||
UNUSED(param_lenth);
|
|
||||||
|
|
||||||
uint32_t ret;
|
|
||||||
param_struct_t *p_struct_var;
|
|
||||||
if(!ms || !resp_length)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
p_struct_var = (param_struct_t*)malloc(sizeof(param_struct_t));
|
|
||||||
if(!p_struct_var)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
if(unmarshal_input_parameters_e3_foo1(p_struct_var, ms) != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(p_struct_var);
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = e3_foo1(p_struct_var);
|
|
||||||
|
|
||||||
if(marshal_retval_and_output_parameters_e3_foo1(resp_buffer, resp_length, ret, p_struct_var) != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(p_struct_var);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
SAFE_FREE(p_struct_var);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
|
@ -1,42 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
enclave {
|
|
||||||
include "sgx_eid.h"
|
|
||||||
from "../LocalAttestationCode/LocalAttestationCode.edl" import *;
|
|
||||||
from "sgx_tstdc.edl" import *;
|
|
||||||
trusted{
|
|
||||||
public uint32_t test_create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
public uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
public uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
public uint32_t test_close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
};
|
|
||||||
};
|
|
|
@ -1,10 +0,0 @@
|
||||||
Enclave3.so
|
|
||||||
{
|
|
||||||
global:
|
|
||||||
g_global_data_sim;
|
|
||||||
g_global_data;
|
|
||||||
enclave_entry;
|
|
||||||
g_peak_heap_used;
|
|
||||||
local:
|
|
||||||
*;
|
|
||||||
};
|
|
|
@ -1,39 +0,0 @@
|
||||||
-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIIG4wIBAAKCAYEA0MvI9NpdP4GEqCvtlJQv00OybzTXzxBhPu/257VYt9cYw/ph
|
|
||||||
BN1WRyxBBcrZs15xmcvlb3xNmFGWs4w5oUgrFBNgi6g+CUOCsj0cM8xw7P/y3K0H
|
|
||||||
XaZUf+T3CXCp8NvlkZHzfdWAFA5lGGR9g6kmuk7SojE3h87Zm1KjPU/PvAe+BaMU
|
|
||||||
trlRr4gPNVnu19Vho60xwuswPxfl/pBFUIk7qWEUR3l2hiqWMeLgf3Ays/WSnkXA
|
|
||||||
uijwPt5g0hxsgIlyDrI3jKbf0zkFB56jvPwSykfU8aw4Gkbo5qSZxUAKnwH2L8Uf
|
|
||||||
yM6inBaaYtM79icRwsu45Yt6X0GAt7CSb/1TKBrnm5exmK1sug3YSQ/YuK1FYawU
|
|
||||||
vIaDD0YfzOndTNVBewA+Hr5xNPvqGJoRKHuGbyu2lI9jrKYpVxQWsmx38wnxF6kE
|
|
||||||
zX6N4m7KZiLeLpDdBVQtLuOzIdIE4wT3t/ckeqElxO/1Ut9bj765GcTTrYwMKHRw
|
|
||||||
ukWIH7ZtHtAjj0KzAgEDAoIBgQCLMoX4kZN/q63Fcp5jDXU3gnb0zeU0tZYp9U9F
|
|
||||||
I5B6j2XX/ECt6OQvctYD3JEiPvZmh+5KUt5li7nNCCZrhXINYkBdGtQGLQHMKL13
|
|
||||||
3aCd//c9yK+TxDhVQ09boHFLPUO2YUz+jlVitENlmFOtG28m3zcWy3paieZnjGzT
|
|
||||||
iop9Wn6ubLh50OEfsAojkUnlOOvCc3aB8iAqD+6ptYOLBifGQLgvpk8EHGQhQer/
|
|
||||||
oCHNTmG+2SsmxfV/Pus2vZ2rBkrUbZU0hwrnvKOIPhnt3Qwtmx9xsC67jF+MpWko
|
|
||||||
UisJXC27FAGz2gpIGMhBp35HEppwG9hhCuMQdK2g62bvweyr1tC4qOVdQrKvhksN
|
|
||||||
r6CMjS9eSXvmWdF7lU4oxStN0V56/LICSIsLbggUaxTPKhAVEgfTSqwEJoQuFA3Q
|
|
||||||
4GmgTydPhcRH1L/lhbWJqZQm7V1Gt+5i5J6iATD32uNQQ2iZi5GsUhr+jZC+WlE5
|
|
||||||
6lS813cRNiaK52HIk62bG7IXOksCgcEA+6RxZhQ5GaCPYZNsk7TqxqsKopXKoYAr
|
|
||||||
2R4KWuexJTd+1kcNMk0ETX8OSgpY2cYL2uPFWmdutxPpLfpr8S2u92Da/Wxs70Ti
|
|
||||||
QSb0426ybTmnS5L7nOnGOHiddXILhW175liAszTeoR7nQ6vpr9YjfcnrXiB8bKIm
|
|
||||||
akft2DQoxrBPzEe9tA8gfkyDTsSG2j7kncSbvYRtkKcJOmmypotVU6uhRPSrSXCc
|
|
||||||
J59uBQkg6Bk4CKA1mz8ctG07MluFY0/ZAoHBANRpZlfIFl39gFmuEER7lb80GySO
|
|
||||||
J190LbqOca3dGOvAMsDgEAi6juJyX7ZNpbHFHj++LvmTtw9+kxhVDBcswS7304kt
|
|
||||||
7J2EfnGdctEZtXif1wiq30YWAp1tjRpQENKtt9wssmgcwgK39rZNiEHmStHGv3l+
|
|
||||||
5TnKPKeuFCDnsLvi5lQYoK2wTYvZtsjf+Rnt7H17q90IV54pMjTS8BkGskCkKf2A
|
|
||||||
IYuaZkqX0T3cM6ovoYYDAU6rWL5rrYPLEwkbawKBwQCnwvZEDXtmawpBDPMNI0cv
|
|
||||||
HLHBuTHBAB07aVw8mnYYz6nkL14hiK2I/17cBuXmhAfnQoORmknPYptz/Ef2HnSk
|
|
||||||
6zyo8vNKLewrb03s9Hbze8TdDKe98S7QUGj49rJY86fu5asiIz8WFJotHUZ1OWz+
|
|
||||||
hpzpav2dwW7xhUk6zXCEdYqIL9PNX2r+3azfLa88Ke2+gxJ+WEkLGgYm8SHEXOON
|
|
||||||
HRYt+HIw9b1vv56uBhXwENAFwCO81L3Nnid2565CNTsCgcEAjZuZj9q5k/5VkR61
|
|
||||||
gv0Of3gSGF7E6k1z0bRLyT4QnSrMgJVgBdG0lvbqeYkZIS4UKn7J+7fPX6m3ZY4I
|
|
||||||
D3MrdKU3sMlIaQL+9mj3NhEjpb/ksHHqLrlXE55eEYq14cklPXMhmr3WrHqkeYkF
|
|
||||||
gUQx4S8qUP9De9wob8liwJp10pdEOBBrHnWJB+Z52z/7Zp6dqP0dPgWPvsYheIyg
|
|
||||||
EK8hgG1xU6rBB7xEMbqLfpLNHB/BBAIA3xzl1EfJAodiBhJHAoHAeTS2znDHYayI
|
|
||||||
TvK86tBAPVORiBVTSdRUONdGF3dipo24hyeyrI5MtiOoMc3sKWXnSTkDQWa3WiPx
|
|
||||||
qStBmmO/SbGTuz7T6+oOwGeMiYzYBe87Ayn8Y0KYYshFikieJbGusHjUlIGmCVPy
|
|
||||||
UHrDMYGwFGUGBwW47gBsnZa+YPHtxWCPDe/U80et2Trx0RXJJQPmupAVMSiJWObI
|
|
||||||
9k5gRU+xDqkHanyD1gkGGwhFTUNX94EJEOdQEWw3hxLnVtePoke/
|
|
||||||
-----END RSA PRIVATE KEY-----
|
|
|
@ -1,223 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "EnclaveMessageExchange.h"
|
|
||||||
#include "error_codes.h"
|
|
||||||
#include "Utility_E3.h"
|
|
||||||
#include "stdlib.h"
|
|
||||||
#include "string.h"
|
|
||||||
|
|
||||||
uint32_t marshal_input_parameters_e1_foo1(uint32_t target_fn_id, uint32_t msg_type, external_param_struct_t *p_struct_var, size_t len_data, size_t len_ptr_data, char** marshalled_buff, size_t* marshalled_buff_len)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
size_t param_len, ms_len;
|
|
||||||
char *temp_buff;
|
|
||||||
int* addr;
|
|
||||||
char* struct_data;
|
|
||||||
if(!p_struct_var || !marshalled_buff_len)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
struct_data = (char*)p_struct_var;
|
|
||||||
temp_buff = (char*)malloc(len_data + len_ptr_data);
|
|
||||||
if(!temp_buff)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
memcpy(temp_buff, struct_data, len_data);
|
|
||||||
addr = *(int **)(struct_data + len_data);
|
|
||||||
memcpy(temp_buff + len_data, addr, len_ptr_data); //can be optimized
|
|
||||||
param_len = len_data + len_ptr_data;
|
|
||||||
ms_len = sizeof(ms_in_msg_exchange_t) + param_len;
|
|
||||||
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
{
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
ms->msg_type = msg_type;
|
|
||||||
ms->target_fn_id = target_fn_id;
|
|
||||||
ms->inparam_buff_len = (uint32_t)param_len;
|
|
||||||
memcpy(&ms->inparam_buff, temp_buff, param_len);
|
|
||||||
*marshalled_buff = (char*)ms;
|
|
||||||
*marshalled_buff_len = ms_len;
|
|
||||||
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t marshal_retval_and_output_parameters_e3_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval, param_struct_t *p_struct_var)
|
|
||||||
{
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
size_t ret_param_len, ms_len;
|
|
||||||
char *temp_buff;
|
|
||||||
size_t retval_len;
|
|
||||||
if(!resp_length || !p_struct_var)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
retval_len = sizeof(retval);
|
|
||||||
ret_param_len = sizeof(retval) + sizeof(param_struct_t);
|
|
||||||
temp_buff = (char*)malloc(ret_param_len);
|
|
||||||
if(!temp_buff)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
memcpy(temp_buff, &retval, sizeof(retval));
|
|
||||||
memcpy(temp_buff + sizeof(retval), p_struct_var, sizeof(param_struct_t));
|
|
||||||
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
|
|
||||||
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
{
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
ms->retval_len = (uint32_t)retval_len;
|
|
||||||
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
|
|
||||||
memcpy(&ms->ret_outparam_buff, temp_buff, ret_param_len);
|
|
||||||
*resp_buffer = (char*)ms;
|
|
||||||
*resp_length = ms_len;
|
|
||||||
SAFE_FREE(temp_buff);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t unmarshal_input_parameters_e3_foo1(param_struct_t *pstruct, ms_in_msg_exchange_t* ms)
|
|
||||||
{
|
|
||||||
char* buff;
|
|
||||||
size_t len;
|
|
||||||
if(!pstruct || !ms)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
buff = ms->inparam_buff;
|
|
||||||
len = ms->inparam_buff_len;
|
|
||||||
|
|
||||||
if(len != (sizeof(pstruct->var1) + sizeof(pstruct->var2)))
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
|
|
||||||
memcpy(&pstruct->var1, buff, sizeof(pstruct->var1));
|
|
||||||
memcpy(&pstruct->var2, buff + sizeof(pstruct->var1), sizeof(pstruct->var2));
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
uint32_t unmarshal_retval_and_output_parameters_e1_foo1(char* out_buff, external_param_struct_t *p_struct_var, char** retval)
|
|
||||||
{
|
|
||||||
size_t retval_len;
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
if(!out_buff || !p_struct_var)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
ms = (ms_out_msg_exchange_t *)out_buff;
|
|
||||||
retval_len = ms->retval_len;
|
|
||||||
*retval = (char*)malloc(retval_len);
|
|
||||||
if(!*retval)
|
|
||||||
{
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
memcpy(*retval, ms->ret_outparam_buff, retval_len);
|
|
||||||
memcpy(&p_struct_var->var1, (ms->ret_outparam_buff) + retval_len, sizeof(p_struct_var->var1));
|
|
||||||
memcpy(&p_struct_var->var2, (ms->ret_outparam_buff) + retval_len + sizeof(p_struct_var->var1), sizeof(p_struct_var->var2));
|
|
||||||
memcpy(&p_struct_var->p_internal_struct->ivar1, (ms->ret_outparam_buff) + retval_len + sizeof(p_struct_var->var1)+ sizeof(p_struct_var->var2), sizeof(p_struct_var->p_internal_struct->ivar1));
|
|
||||||
memcpy(&p_struct_var->p_internal_struct->ivar2, (ms->ret_outparam_buff) + retval_len + sizeof(p_struct_var->var1)+ sizeof(p_struct_var->var2) + sizeof(p_struct_var->p_internal_struct->ivar1), sizeof(p_struct_var->p_internal_struct->ivar2));
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len)
|
|
||||||
{
|
|
||||||
ms_in_msg_exchange_t *ms;
|
|
||||||
size_t secret_data_len, ms_len;
|
|
||||||
if(!marshalled_buff_len)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
secret_data_len = sizeof(secret_data);
|
|
||||||
ms_len = sizeof(ms_in_msg_exchange_t) + secret_data_len;
|
|
||||||
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
|
|
||||||
ms->msg_type = msg_type;
|
|
||||||
ms->target_fn_id = target_fn_id;
|
|
||||||
ms->inparam_buff_len = (uint32_t)secret_data_len;
|
|
||||||
memcpy(&ms->inparam_buff, &secret_data, secret_data_len);
|
|
||||||
|
|
||||||
*marshalled_buff = (char*)ms;
|
|
||||||
*marshalled_buff_len = ms_len;
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms)
|
|
||||||
{
|
|
||||||
char* buff;
|
|
||||||
size_t len;
|
|
||||||
if(!inp_secret_data || !ms)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
buff = ms->inparam_buff;
|
|
||||||
len = ms->inparam_buff_len;
|
|
||||||
|
|
||||||
if(len != sizeof(uint32_t))
|
|
||||||
return ATTESTATION_ERROR;
|
|
||||||
|
|
||||||
memcpy(inp_secret_data, buff, sizeof(uint32_t));
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response)
|
|
||||||
{
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
size_t secret_response_len, ms_len;
|
|
||||||
size_t retval_len, ret_param_len;
|
|
||||||
if(!resp_length)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
secret_response_len = sizeof(secret_response);
|
|
||||||
retval_len = secret_response_len;
|
|
||||||
ret_param_len = secret_response_len;
|
|
||||||
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
|
|
||||||
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
|
|
||||||
if(!ms)
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
ms->retval_len = (uint32_t)retval_len;
|
|
||||||
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
|
|
||||||
memcpy(&ms->ret_outparam_buff, &secret_response, secret_response_len);
|
|
||||||
*resp_buffer = (char*)ms;
|
|
||||||
*resp_length = ms_len;
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response)
|
|
||||||
{
|
|
||||||
size_t retval_len;
|
|
||||||
ms_out_msg_exchange_t *ms;
|
|
||||||
if(!out_buff)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
ms = (ms_out_msg_exchange_t *)out_buff;
|
|
||||||
retval_len = ms->retval_len;
|
|
||||||
*secret_response = (char*)malloc(retval_len);
|
|
||||||
if(!*secret_response)
|
|
||||||
{
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
memcpy(*secret_response, ms->ret_outparam_buff, retval_len);
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,73 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
#ifndef UTILITY_E3_H__
|
|
||||||
#define UTILITY_E3_H__
|
|
||||||
|
|
||||||
#include "stdint.h"
|
|
||||||
|
|
||||||
|
|
||||||
typedef struct _internal_param_struct_t
|
|
||||||
{
|
|
||||||
uint32_t ivar1;
|
|
||||||
uint32_t ivar2;
|
|
||||||
}internal_param_struct_t;
|
|
||||||
|
|
||||||
typedef struct _external_param_struct_t
|
|
||||||
{
|
|
||||||
uint32_t var1;
|
|
||||||
uint32_t var2;
|
|
||||||
internal_param_struct_t *p_internal_struct;
|
|
||||||
}external_param_struct_t;
|
|
||||||
|
|
||||||
typedef struct _param_struct_t
|
|
||||||
{
|
|
||||||
uint32_t var1;
|
|
||||||
uint32_t var2;
|
|
||||||
}param_struct_t;
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
extern "C" {
|
|
||||||
#endif
|
|
||||||
|
|
||||||
uint32_t marshal_input_parameters_e1_foo1(uint32_t target_fn_id, uint32_t msg_type, external_param_struct_t *p_struct_var, size_t len_data, size_t len_ptr_data, char** marshalled_buff, size_t* marshalled_buff_len);
|
|
||||||
uint32_t unmarshal_retval_and_output_parameters_e1_foo1(char* out_buff, external_param_struct_t *p_struct_var, char** retval);
|
|
||||||
uint32_t unmarshal_input_parameters_e3_foo1(param_struct_t *pstruct, ms_in_msg_exchange_t* ms);
|
|
||||||
uint32_t marshal_retval_and_output_parameters_e3_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval, param_struct_t *p_struct_var);
|
|
||||||
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len);
|
|
||||||
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms);
|
|
||||||
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response);
|
|
||||||
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response);
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
#endif
|
|
|
@ -1,68 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
#ifndef _DH_SESSION_PROROCOL_H
|
|
||||||
#define _DH_SESSION_PROROCOL_H
|
|
||||||
|
|
||||||
#include "sgx_ecp_types.h"
|
|
||||||
#include "sgx_key.h"
|
|
||||||
#include "sgx_report.h"
|
|
||||||
#include "sgx_attributes.h"
|
|
||||||
|
|
||||||
#define NONCE_SIZE 16
|
|
||||||
#define MAC_SIZE 16
|
|
||||||
|
|
||||||
#define MSG_BUF_LEN sizeof(ec_pub_t)*2
|
|
||||||
#define MSG_HASH_SZ 32
|
|
||||||
|
|
||||||
|
|
||||||
//Session information structure
|
|
||||||
typedef struct _la_dh_session_t
|
|
||||||
{
|
|
||||||
uint32_t session_id; //Identifies the current session
|
|
||||||
uint32_t status; //Indicates session is in progress, active or closed
|
|
||||||
union
|
|
||||||
{
|
|
||||||
struct
|
|
||||||
{
|
|
||||||
sgx_dh_session_t dh_session;
|
|
||||||
}in_progress;
|
|
||||||
|
|
||||||
struct
|
|
||||||
{
|
|
||||||
sgx_key_128bit_t AEK; //Session Key
|
|
||||||
uint32_t counter; //Used to store Message Sequence Number
|
|
||||||
}active;
|
|
||||||
};
|
|
||||||
} dh_session_t;
|
|
||||||
|
|
||||||
|
|
||||||
#endif
|
|
|
@ -1,760 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
#include "sgx_trts.h"
|
|
||||||
#include "sgx_utils.h"
|
|
||||||
#include "EnclaveMessageExchange.h"
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "error_codes.h"
|
|
||||||
#include "sgx_ecp_types.h"
|
|
||||||
#include "sgx_thread.h"
|
|
||||||
#include <map>
|
|
||||||
#include "dh_session_protocol.h"
|
|
||||||
#include "sgx_dh.h"
|
|
||||||
#include "sgx_tcrypto.h"
|
|
||||||
#include "LocalAttestationCode_t.h"
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
extern "C" {
|
|
||||||
#endif
|
|
||||||
|
|
||||||
uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data, size_t decrypted_data_length, char** resp_buffer, size_t* resp_length);
|
|
||||||
uint32_t message_exchange_response_generator(char* decrypted_data, char** resp_buffer, size_t* resp_length);
|
|
||||||
uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity);
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#define MAX_SESSION_COUNT 16
|
|
||||||
|
|
||||||
//number of open sessions
|
|
||||||
uint32_t g_session_count = 0;
|
|
||||||
|
|
||||||
ATTESTATION_STATUS generate_session_id(uint32_t *session_id);
|
|
||||||
ATTESTATION_STATUS end_session(sgx_enclave_id_t src_enclave_id);
|
|
||||||
|
|
||||||
//Array of open session ids
|
|
||||||
session_id_tracker_t *g_session_id_tracker[MAX_SESSION_COUNT];
|
|
||||||
|
|
||||||
//Map between the source enclave id and the session information associated with that particular session
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>g_dest_session_info_map;
|
|
||||||
|
|
||||||
//Create a session with the destination enclave
|
|
||||||
ATTESTATION_STATUS create_session(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id,
|
|
||||||
dh_session_t *session_info)
|
|
||||||
{
|
|
||||||
ocall_print_string("[ECALL] create_session()\n");
|
|
||||||
sgx_dh_msg1_t dh_msg1; //Diffie-Hellman Message 1
|
|
||||||
sgx_key_128bit_t dh_aek; // Session Key
|
|
||||||
sgx_dh_msg2_t dh_msg2; //Diffie-Hellman Message 2
|
|
||||||
sgx_dh_msg3_t dh_msg3; //Diffie-Hellman Message 3
|
|
||||||
uint32_t session_id;
|
|
||||||
uint32_t retstatus;
|
|
||||||
sgx_status_t status = SGX_SUCCESS;
|
|
||||||
sgx_dh_session_t sgx_dh_session;
|
|
||||||
sgx_dh_session_enclave_identity_t responder_identity;
|
|
||||||
// for exchange report
|
|
||||||
// ATTESTATION_STATUS status = SUCCESS;
|
|
||||||
sgx_dh_session_enclave_identity_t initiator_identity;
|
|
||||||
|
|
||||||
if(!session_info)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
|
|
||||||
memset(&dh_msg1, 0, sizeof(sgx_dh_msg1_t));
|
|
||||||
memset(&dh_msg2, 0, sizeof(sgx_dh_msg2_t));
|
|
||||||
memset(&dh_msg3, 0, sizeof(sgx_dh_msg3_t));
|
|
||||||
memset(session_info, 0, sizeof(dh_session_t));
|
|
||||||
|
|
||||||
//Intialize the session as a session responder
|
|
||||||
ocall_print_string("[ECALL] Initializing the session as session responder...\n");
|
|
||||||
status = sgx_dh_init_session(SGX_DH_SESSION_RESPONDER, &sgx_dh_session);
|
|
||||||
if(SGX_SUCCESS != status)
|
|
||||||
{
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//get a new SessionID
|
|
||||||
ocall_print_string("[ECALL] Getting a new SessionID\n");
|
|
||||||
if ((status = (sgx_status_t)generate_session_id(&session_id)) != SUCCESS)
|
|
||||||
return status; //no more sessions available
|
|
||||||
|
|
||||||
//Allocate memory for the session id tracker
|
|
||||||
g_session_id_tracker[session_id] = (session_id_tracker_t *)malloc(sizeof(session_id_tracker_t));
|
|
||||||
if(!g_session_id_tracker[session_id])
|
|
||||||
{
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(g_session_id_tracker[session_id], 0, sizeof(session_id_tracker_t));
|
|
||||||
g_session_id_tracker[session_id]->session_id = session_id;
|
|
||||||
session_info->status = IN_PROGRESS;
|
|
||||||
|
|
||||||
//Generate Message1 that will be returned to Source Enclave
|
|
||||||
ocall_print_string("[ECALL] Generating message1 that will be passed to session initiator\n");
|
|
||||||
status = sgx_dh_responder_gen_msg1((sgx_dh_msg1_t*)&dh_msg1, &sgx_dh_session);
|
|
||||||
if(SGX_SUCCESS != status)
|
|
||||||
{
|
|
||||||
SAFE_FREE(g_session_id_tracker[session_id]);
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
memcpy(&session_info->in_progress.dh_session, &sgx_dh_session, sizeof(sgx_dh_session_t));
|
|
||||||
//Store the session information under the correspoding source enlave id key
|
|
||||||
g_dest_session_info_map.insert(std::pair<sgx_enclave_id_t, dh_session_t>(0, *session_info));
|
|
||||||
|
|
||||||
// pass session id and msg1 to shared memory
|
|
||||||
// ocall_print_string("Entering session_request_ocall for IPC\n");
|
|
||||||
status = session_request_ocall(&retstatus, src_enclave_id, dest_enclave_id, &dh_msg1, &session_id);
|
|
||||||
if (status == SGX_SUCCESS)
|
|
||||||
{
|
|
||||||
if ((ATTESTATION_STATUS)retstatus != SUCCESS)
|
|
||||||
return ((ATTESTATION_STATUS)retstatus);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return ATTESTATION_SE_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
// starts report exchange
|
|
||||||
|
|
||||||
//first retrieve msg2 from initiator
|
|
||||||
status = exchange_report_ocall(&retstatus, src_enclave_id, dest_enclave_id, &dh_msg2, NULL, session_id);
|
|
||||||
|
|
||||||
dh_msg3.msg3_body.additional_prop_length = 0;
|
|
||||||
//Process message 2 from source enclave and obtain message 3
|
|
||||||
ocall_print_string("[ECALL] Processing message2 from Enclave1(Initiator) and obtain message3\n");
|
|
||||||
sgx_status_t se_ret = sgx_dh_responder_proc_msg2(&dh_msg2,
|
|
||||||
&dh_msg3,
|
|
||||||
&sgx_dh_session,
|
|
||||||
&dh_aek,
|
|
||||||
&initiator_identity);
|
|
||||||
|
|
||||||
if(SGX_SUCCESS != se_ret)
|
|
||||||
{
|
|
||||||
status = se_ret;
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Verify source enclave's trust
|
|
||||||
ocall_print_string("[ECALL] Verifying Enclave1(Initiator)'s trust\n");
|
|
||||||
if(verify_peer_enclave_trust(&initiator_identity) != SUCCESS)
|
|
||||||
{
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
status = exchange_report_ocall(&retstatus, src_enclave_id, dest_enclave_id, &dh_msg2, &dh_msg3, session_id);
|
|
||||||
|
|
||||||
if (status == SGX_SUCCESS)
|
|
||||||
{
|
|
||||||
if ((ATTESTATION_STATUS)retstatus != SUCCESS)
|
|
||||||
return ((ATTESTATION_STATUS)retstatus);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return ATTESTATION_SE_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Handle the request from Source Enclave for a session
|
|
||||||
ATTESTATION_STATUS session_request(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_dh_msg1_t *dh_msg1,
|
|
||||||
uint32_t *session_id )
|
|
||||||
{
|
|
||||||
ocall_print_string("Testing session_request()\n");
|
|
||||||
dh_session_t session_info;
|
|
||||||
sgx_dh_session_t sgx_dh_session;
|
|
||||||
sgx_status_t status = SGX_SUCCESS;
|
|
||||||
|
|
||||||
if(!session_id || !dh_msg1)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
//Intialize the session as a session responder
|
|
||||||
status = sgx_dh_init_session(SGX_DH_SESSION_RESPONDER, &sgx_dh_session);
|
|
||||||
if(SGX_SUCCESS != status)
|
|
||||||
{
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//get a new SessionID
|
|
||||||
if ((status = (sgx_status_t)generate_session_id(session_id)) != SUCCESS)
|
|
||||||
return status; //no more sessions available
|
|
||||||
|
|
||||||
//Allocate memory for the session id tracker
|
|
||||||
g_session_id_tracker[*session_id] = (session_id_tracker_t *)malloc(sizeof(session_id_tracker_t));
|
|
||||||
if(!g_session_id_tracker[*session_id])
|
|
||||||
{
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(g_session_id_tracker[*session_id], 0, sizeof(session_id_tracker_t));
|
|
||||||
g_session_id_tracker[*session_id]->session_id = *session_id;
|
|
||||||
session_info.status = IN_PROGRESS;
|
|
||||||
|
|
||||||
//Generate Message1 that will be returned to Source Enclave
|
|
||||||
status = sgx_dh_responder_gen_msg1((sgx_dh_msg1_t*)dh_msg1, &sgx_dh_session);
|
|
||||||
if(SGX_SUCCESS != status)
|
|
||||||
{
|
|
||||||
SAFE_FREE(g_session_id_tracker[*session_id]);
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
memcpy(&session_info.in_progress.dh_session, &sgx_dh_session, sizeof(sgx_dh_session_t));
|
|
||||||
//Store the session information under the correspoding source enlave id key
|
|
||||||
g_dest_session_info_map.insert(std::pair<sgx_enclave_id_t, dh_session_t>(src_enclave_id, session_info));
|
|
||||||
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Verify Message 2, generate Message3 and exchange Message 3 with Source Enclave
|
|
||||||
ATTESTATION_STATUS exchange_report(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_dh_msg2_t *dh_msg2,
|
|
||||||
sgx_dh_msg3_t *dh_msg3,
|
|
||||||
uint32_t session_id)
|
|
||||||
{
|
|
||||||
|
|
||||||
sgx_key_128bit_t dh_aek; // Session key
|
|
||||||
dh_session_t *session_info;
|
|
||||||
ATTESTATION_STATUS status = SUCCESS;
|
|
||||||
sgx_dh_session_t sgx_dh_session;
|
|
||||||
sgx_dh_session_enclave_identity_t initiator_identity;
|
|
||||||
|
|
||||||
if(!dh_msg2 || !dh_msg3)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
|
|
||||||
do
|
|
||||||
{
|
|
||||||
//Retreive the session information for the corresponding source enclave id
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_dest_session_info_map.find(src_enclave_id);
|
|
||||||
if(it != g_dest_session_info_map.end())
|
|
||||||
{
|
|
||||||
session_info = &it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
status = INVALID_SESSION;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(session_info->status != IN_PROGRESS)
|
|
||||||
{
|
|
||||||
status = INVALID_SESSION;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
memcpy(&sgx_dh_session, &session_info->in_progress.dh_session, sizeof(sgx_dh_session_t));
|
|
||||||
|
|
||||||
dh_msg3->msg3_body.additional_prop_length = 0;
|
|
||||||
//Process message 2 from source enclave and obtain message 3
|
|
||||||
sgx_status_t se_ret = sgx_dh_responder_proc_msg2(dh_msg2,
|
|
||||||
dh_msg3,
|
|
||||||
&sgx_dh_session,
|
|
||||||
&dh_aek,
|
|
||||||
&initiator_identity);
|
|
||||||
if(SGX_SUCCESS != se_ret)
|
|
||||||
{
|
|
||||||
status = se_ret;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Verify source enclave's trust
|
|
||||||
if(verify_peer_enclave_trust(&initiator_identity) != SUCCESS)
|
|
||||||
{
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
//save the session ID, status and initialize the session nonce
|
|
||||||
session_info->session_id = session_id;
|
|
||||||
session_info->status = ACTIVE;
|
|
||||||
session_info->active.counter = 0;
|
|
||||||
memcpy(session_info->active.AEK, &dh_aek, sizeof(sgx_key_128bit_t));
|
|
||||||
memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
|
|
||||||
g_session_count++;
|
|
||||||
}while(0);
|
|
||||||
|
|
||||||
if(status != SUCCESS)
|
|
||||||
{
|
|
||||||
end_session(src_enclave_id);
|
|
||||||
}
|
|
||||||
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Request for the response size, send the request message to the destination enclave and receive the response message back
|
|
||||||
ATTESTATION_STATUS send_request_receive_response(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id,
|
|
||||||
dh_session_t *session_info,
|
|
||||||
char *inp_buff,
|
|
||||||
size_t inp_buff_len,
|
|
||||||
size_t max_out_buff_size,
|
|
||||||
char **out_buff,
|
|
||||||
size_t* out_buff_len)
|
|
||||||
{
|
|
||||||
const uint8_t* plaintext;
|
|
||||||
uint32_t plaintext_length;
|
|
||||||
sgx_status_t status;
|
|
||||||
uint32_t retstatus;
|
|
||||||
secure_message_t* req_message;
|
|
||||||
secure_message_t* resp_message;
|
|
||||||
uint8_t *decrypted_data;
|
|
||||||
uint32_t decrypted_data_length;
|
|
||||||
uint32_t plain_text_offset;
|
|
||||||
uint8_t l_tag[TAG_SIZE];
|
|
||||||
size_t max_resp_message_length;
|
|
||||||
plaintext = (const uint8_t*)(" ");
|
|
||||||
plaintext_length = 0;
|
|
||||||
|
|
||||||
if(!session_info || !inp_buff)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
//Check if the nonce for the session has not exceeded 2^32-2 if so end session and start a new session
|
|
||||||
if(session_info->active.counter == ((uint32_t) - 2))
|
|
||||||
{
|
|
||||||
close_session(src_enclave_id, dest_enclave_id);
|
|
||||||
create_session(src_enclave_id, dest_enclave_id, session_info);
|
|
||||||
}
|
|
||||||
|
|
||||||
//Allocate memory for the AES-GCM request message
|
|
||||||
req_message = (secure_message_t*)malloc(sizeof(secure_message_t)+ inp_buff_len);
|
|
||||||
if(!req_message)
|
|
||||||
{
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(req_message,0,sizeof(secure_message_t)+ inp_buff_len);
|
|
||||||
const uint32_t data2encrypt_length = (uint32_t)inp_buff_len;
|
|
||||||
//Set the payload size to data to encrypt length
|
|
||||||
req_message->message_aes_gcm_data.payload_size = data2encrypt_length;
|
|
||||||
|
|
||||||
//Use the session nonce as the payload IV
|
|
||||||
memcpy(req_message->message_aes_gcm_data.reserved,&session_info->active.counter,sizeof(session_info->active.counter));
|
|
||||||
|
|
||||||
//Set the session ID of the message to the current session id
|
|
||||||
req_message->session_id = session_info->session_id;
|
|
||||||
|
|
||||||
//Prepare the request message with the encrypted payload
|
|
||||||
status = sgx_rijndael128GCM_encrypt(&session_info->active.AEK, (uint8_t*)inp_buff, data2encrypt_length,
|
|
||||||
reinterpret_cast<uint8_t *>(&(req_message->message_aes_gcm_data.payload)),
|
|
||||||
reinterpret_cast<uint8_t *>(&(req_message->message_aes_gcm_data.reserved)),
|
|
||||||
sizeof(req_message->message_aes_gcm_data.reserved), plaintext, plaintext_length,
|
|
||||||
&(req_message->message_aes_gcm_data.payload_tag));
|
|
||||||
|
|
||||||
if(SGX_SUCCESS != status)
|
|
||||||
{
|
|
||||||
SAFE_FREE(req_message);
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Allocate memory for the response payload to be copied
|
|
||||||
*out_buff = (char*)malloc(max_out_buff_size);
|
|
||||||
if(!*out_buff)
|
|
||||||
{
|
|
||||||
SAFE_FREE(req_message);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(*out_buff, 0, max_out_buff_size);
|
|
||||||
|
|
||||||
//Allocate memory for the response message
|
|
||||||
resp_message = (secure_message_t*)malloc(sizeof(secure_message_t)+ max_out_buff_size);
|
|
||||||
if(!resp_message)
|
|
||||||
{
|
|
||||||
SAFE_FREE(req_message);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(resp_message, 0, sizeof(secure_message_t)+ max_out_buff_size);
|
|
||||||
|
|
||||||
//Ocall to send the request to the Destination Enclave and get the response message back
|
|
||||||
status = send_request_ocall(&retstatus, src_enclave_id, dest_enclave_id, req_message,
|
|
||||||
(sizeof(secure_message_t)+ inp_buff_len), max_out_buff_size,
|
|
||||||
resp_message, (sizeof(secure_message_t)+ max_out_buff_size));
|
|
||||||
if (status == SGX_SUCCESS)
|
|
||||||
{
|
|
||||||
if ((ATTESTATION_STATUS)retstatus != SUCCESS)
|
|
||||||
{
|
|
||||||
SAFE_FREE(req_message);
|
|
||||||
SAFE_FREE(resp_message);
|
|
||||||
return ((ATTESTATION_STATUS)retstatus);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
SAFE_FREE(req_message);
|
|
||||||
SAFE_FREE(resp_message);
|
|
||||||
return ATTESTATION_SE_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
max_resp_message_length = sizeof(secure_message_t)+ max_out_buff_size;
|
|
||||||
|
|
||||||
if(sizeof(resp_message) > max_resp_message_length)
|
|
||||||
{
|
|
||||||
SAFE_FREE(req_message);
|
|
||||||
SAFE_FREE(resp_message);
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Code to process the response message from the Destination Enclave
|
|
||||||
|
|
||||||
decrypted_data_length = resp_message->message_aes_gcm_data.payload_size;
|
|
||||||
plain_text_offset = decrypted_data_length;
|
|
||||||
decrypted_data = (uint8_t*)malloc(decrypted_data_length);
|
|
||||||
if(!decrypted_data)
|
|
||||||
{
|
|
||||||
SAFE_FREE(req_message);
|
|
||||||
SAFE_FREE(resp_message);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
memset(&l_tag, 0, 16);
|
|
||||||
|
|
||||||
memset(decrypted_data, 0, decrypted_data_length);
|
|
||||||
|
|
||||||
//Decrypt the response message payload
|
|
||||||
status = sgx_rijndael128GCM_decrypt(&session_info->active.AEK, resp_message->message_aes_gcm_data.payload,
|
|
||||||
decrypted_data_length, decrypted_data,
|
|
||||||
reinterpret_cast<uint8_t *>(&(resp_message->message_aes_gcm_data.reserved)),
|
|
||||||
sizeof(resp_message->message_aes_gcm_data.reserved), &(resp_message->message_aes_gcm_data.payload[plain_text_offset]), plaintext_length,
|
|
||||||
&resp_message->message_aes_gcm_data.payload_tag);
|
|
||||||
|
|
||||||
if(SGX_SUCCESS != status)
|
|
||||||
{
|
|
||||||
SAFE_FREE(req_message);
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
SAFE_FREE(resp_message);
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Verify if the nonce obtained in the response is equal to the session nonce + 1 (Prevents replay attacks)
|
|
||||||
if(*(resp_message->message_aes_gcm_data.reserved) != (session_info->active.counter + 1 ))
|
|
||||||
{
|
|
||||||
SAFE_FREE(req_message);
|
|
||||||
SAFE_FREE(resp_message);
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Update the value of the session nonce in the source enclave
|
|
||||||
session_info->active.counter = session_info->active.counter + 1;
|
|
||||||
|
|
||||||
memcpy(out_buff_len, &decrypted_data_length, sizeof(decrypted_data_length));
|
|
||||||
memcpy(*out_buff, decrypted_data, decrypted_data_length);
|
|
||||||
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
SAFE_FREE(req_message);
|
|
||||||
SAFE_FREE(resp_message);
|
|
||||||
return SUCCESS;
|
|
||||||
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
//Process the request from the Source enclave and send the response message back to the Source enclave
|
|
||||||
ATTESTATION_STATUS generate_response(sgx_enclave_id_t src_enclave_id,
|
|
||||||
secure_message_t* req_message,
|
|
||||||
size_t req_message_size,
|
|
||||||
size_t max_payload_size,
|
|
||||||
secure_message_t* resp_message,
|
|
||||||
size_t resp_message_size)
|
|
||||||
{
|
|
||||||
const uint8_t* plaintext;
|
|
||||||
uint32_t plaintext_length;
|
|
||||||
uint8_t *decrypted_data;
|
|
||||||
uint32_t decrypted_data_length;
|
|
||||||
uint32_t plain_text_offset;
|
|
||||||
ms_in_msg_exchange_t * ms;
|
|
||||||
size_t resp_data_length;
|
|
||||||
size_t resp_message_calc_size;
|
|
||||||
char* resp_data;
|
|
||||||
uint8_t l_tag[TAG_SIZE];
|
|
||||||
size_t header_size, expected_payload_size;
|
|
||||||
dh_session_t *session_info;
|
|
||||||
secure_message_t* temp_resp_message;
|
|
||||||
uint32_t ret;
|
|
||||||
sgx_status_t status;
|
|
||||||
|
|
||||||
plaintext = (const uint8_t*)(" ");
|
|
||||||
plaintext_length = 0;
|
|
||||||
|
|
||||||
if(!req_message || !resp_message)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Get the session information from the map corresponding to the source enclave id
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_dest_session_info_map.find(src_enclave_id);
|
|
||||||
if(it != g_dest_session_info_map.end())
|
|
||||||
{
|
|
||||||
session_info = &it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(session_info->status != ACTIVE)
|
|
||||||
{
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Set the decrypted data length to the payload size obtained from the message
|
|
||||||
decrypted_data_length = req_message->message_aes_gcm_data.payload_size;
|
|
||||||
|
|
||||||
header_size = sizeof(secure_message_t);
|
|
||||||
expected_payload_size = req_message_size - header_size;
|
|
||||||
|
|
||||||
//Verify the size of the payload
|
|
||||||
if(expected_payload_size != decrypted_data_length)
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
|
|
||||||
memset(&l_tag, 0, 16);
|
|
||||||
plain_text_offset = decrypted_data_length;
|
|
||||||
decrypted_data = (uint8_t*)malloc(decrypted_data_length);
|
|
||||||
if(!decrypted_data)
|
|
||||||
{
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(decrypted_data, 0, decrypted_data_length);
|
|
||||||
|
|
||||||
//Decrypt the request message payload from source enclave
|
|
||||||
status = sgx_rijndael128GCM_decrypt(&session_info->active.AEK, req_message->message_aes_gcm_data.payload,
|
|
||||||
decrypted_data_length, decrypted_data,
|
|
||||||
reinterpret_cast<uint8_t *>(&(req_message->message_aes_gcm_data.reserved)),
|
|
||||||
sizeof(req_message->message_aes_gcm_data.reserved), &(req_message->message_aes_gcm_data.payload[plain_text_offset]), plaintext_length,
|
|
||||||
&req_message->message_aes_gcm_data.payload_tag);
|
|
||||||
|
|
||||||
if(SGX_SUCCESS != status)
|
|
||||||
{
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Casting the decrypted data to the marshaling structure type to obtain type of request (generic message exchange/enclave to enclave call)
|
|
||||||
ms = (ms_in_msg_exchange_t *)decrypted_data;
|
|
||||||
|
|
||||||
|
|
||||||
// Verify if the nonce obtained in the request is equal to the session nonce
|
|
||||||
if((uint32_t)*(req_message->message_aes_gcm_data.reserved) != session_info->active.counter || *(req_message->message_aes_gcm_data.reserved) > ((2^32)-2))
|
|
||||||
{
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(ms->msg_type == MESSAGE_EXCHANGE)
|
|
||||||
{
|
|
||||||
//Call the generic secret response generator for message exchange
|
|
||||||
ret = message_exchange_response_generator((char*)decrypted_data, &resp_data, &resp_data_length);
|
|
||||||
if(ret !=0)
|
|
||||||
{
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
SAFE_FREE(resp_data);
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else if(ms->msg_type == ENCLAVE_TO_ENCLAVE_CALL)
|
|
||||||
{
|
|
||||||
//Call the destination enclave's dispatcher to call the appropriate function in the destination enclave
|
|
||||||
ret = enclave_to_enclave_call_dispatcher((char*)decrypted_data, decrypted_data_length, &resp_data, &resp_data_length);
|
|
||||||
if(ret !=0)
|
|
||||||
{
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
SAFE_FREE(resp_data);
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
return INVALID_REQUEST_TYPE_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
if(resp_data_length > max_payload_size)
|
|
||||||
{
|
|
||||||
SAFE_FREE(resp_data);
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
return OUT_BUFFER_LENGTH_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
resp_message_calc_size = sizeof(secure_message_t)+ resp_data_length;
|
|
||||||
|
|
||||||
if(resp_message_calc_size > resp_message_size)
|
|
||||||
{
|
|
||||||
SAFE_FREE(resp_data);
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
return OUT_BUFFER_LENGTH_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Code to build the response back to the Source Enclave
|
|
||||||
temp_resp_message = (secure_message_t*)malloc(resp_message_calc_size);
|
|
||||||
if(!temp_resp_message)
|
|
||||||
{
|
|
||||||
SAFE_FREE(resp_data);
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
return MALLOC_ERROR;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(temp_resp_message,0,sizeof(secure_message_t)+ resp_data_length);
|
|
||||||
const uint32_t data2encrypt_length = (uint32_t)resp_data_length;
|
|
||||||
temp_resp_message->session_id = session_info->session_id;
|
|
||||||
temp_resp_message->message_aes_gcm_data.payload_size = data2encrypt_length;
|
|
||||||
|
|
||||||
//Increment the Session Nonce (Replay Protection)
|
|
||||||
session_info->active.counter = session_info->active.counter + 1;
|
|
||||||
|
|
||||||
//Set the response nonce as the session nonce
|
|
||||||
memcpy(&temp_resp_message->message_aes_gcm_data.reserved,&session_info->active.counter,sizeof(session_info->active.counter));
|
|
||||||
|
|
||||||
//Prepare the response message with the encrypted payload
|
|
||||||
status = sgx_rijndael128GCM_encrypt(&session_info->active.AEK, (uint8_t*)resp_data, data2encrypt_length,
|
|
||||||
reinterpret_cast<uint8_t *>(&(temp_resp_message->message_aes_gcm_data.payload)),
|
|
||||||
reinterpret_cast<uint8_t *>(&(temp_resp_message->message_aes_gcm_data.reserved)),
|
|
||||||
sizeof(temp_resp_message->message_aes_gcm_data.reserved), plaintext, plaintext_length,
|
|
||||||
&(temp_resp_message->message_aes_gcm_data.payload_tag));
|
|
||||||
|
|
||||||
if(SGX_SUCCESS != status)
|
|
||||||
{
|
|
||||||
SAFE_FREE(resp_data);
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
SAFE_FREE(temp_resp_message);
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
memset(resp_message, 0, sizeof(secure_message_t)+ resp_data_length);
|
|
||||||
memcpy(resp_message, temp_resp_message, sizeof(secure_message_t)+ resp_data_length);
|
|
||||||
|
|
||||||
SAFE_FREE(decrypted_data);
|
|
||||||
SAFE_FREE(resp_data);
|
|
||||||
SAFE_FREE(temp_resp_message);
|
|
||||||
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Close a current session
|
|
||||||
ATTESTATION_STATUS close_session(sgx_enclave_id_t src_enclave_id,
|
|
||||||
sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
sgx_status_t status;
|
|
||||||
|
|
||||||
uint32_t retstatus;
|
|
||||||
|
|
||||||
//Ocall to ask the destination enclave to end the session
|
|
||||||
status = end_session_ocall(&retstatus, src_enclave_id, dest_enclave_id);
|
|
||||||
if (status == SGX_SUCCESS)
|
|
||||||
{
|
|
||||||
if ((ATTESTATION_STATUS)retstatus != SUCCESS)
|
|
||||||
return ((ATTESTATION_STATUS)retstatus);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return ATTESTATION_SE_ERROR;
|
|
||||||
}
|
|
||||||
return SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
//Respond to the request from the Source Enclave to close the session
|
|
||||||
ATTESTATION_STATUS end_session(sgx_enclave_id_t src_enclave_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS status = SUCCESS;
|
|
||||||
int i;
|
|
||||||
dh_session_t session_info;
|
|
||||||
uint32_t session_id;
|
|
||||||
|
|
||||||
//Get the session information from the map corresponding to the source enclave id
|
|
||||||
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_dest_session_info_map.find(src_enclave_id);
|
|
||||||
if(it != g_dest_session_info_map.end())
|
|
||||||
{
|
|
||||||
session_info = it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
session_id = session_info.session_id;
|
|
||||||
//Erase the session information for the current session
|
|
||||||
g_dest_session_info_map.erase(src_enclave_id);
|
|
||||||
|
|
||||||
//Update the session id tracker
|
|
||||||
if (g_session_count > 0)
|
|
||||||
{
|
|
||||||
//check if session exists
|
|
||||||
for (i=1; i <= MAX_SESSION_COUNT; i++)
|
|
||||||
{
|
|
||||||
if(g_session_id_tracker[i-1] != NULL && g_session_id_tracker[i-1]->session_id == session_id)
|
|
||||||
{
|
|
||||||
memset(g_session_id_tracker[i-1], 0, sizeof(session_id_tracker_t));
|
|
||||||
SAFE_FREE(g_session_id_tracker[i-1]);
|
|
||||||
g_session_count--;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return status;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
//Returns a new sessionID for the source destination session
|
|
||||||
ATTESTATION_STATUS generate_session_id(uint32_t *session_id)
|
|
||||||
{
|
|
||||||
ATTESTATION_STATUS status = SUCCESS;
|
|
||||||
|
|
||||||
if(!session_id)
|
|
||||||
{
|
|
||||||
return INVALID_PARAMETER_ERROR;
|
|
||||||
}
|
|
||||||
//if the session structure is untintialized, set that as the next session ID
|
|
||||||
for (int i = 0; i < MAX_SESSION_COUNT; i++)
|
|
||||||
{
|
|
||||||
if (g_session_id_tracker[i] == NULL)
|
|
||||||
{
|
|
||||||
*session_id = i;
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
status = NO_AVAILABLE_SESSION_ERROR;
|
|
||||||
|
|
||||||
return status;
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,54 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
#include "datatypes.h"
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "sgx_trts.h"
|
|
||||||
#include <map>
|
|
||||||
#include "dh_session_protocol.h"
|
|
||||||
|
|
||||||
#ifndef LOCALATTESTATION_H_
|
|
||||||
#define LOCALATTESTATION_H_
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
extern "C" {
|
|
||||||
#endif
|
|
||||||
|
|
||||||
uint32_t SGXAPI create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, dh_session_t *p_session_info);
|
|
||||||
uint32_t SGXAPI send_request_receive_response(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, dh_session_t *p_session_info, char *inp_buff, size_t inp_buff_len, size_t max_out_buff_size, char **out_buff, size_t* out_buff_len);
|
|
||||||
uint32_t SGXAPI close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#endif
|
|
|
@ -1,50 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
enclave {
|
|
||||||
include "sgx_eid.h"
|
|
||||||
include "datatypes.h"
|
|
||||||
include "../Include/dh_session_protocol.h"
|
|
||||||
trusted{
|
|
||||||
public uint32_t session_request(sgx_enclave_id_t src_enclave_id, [out] sgx_dh_msg1_t *dh_msg1, [out] uint32_t *session_id);
|
|
||||||
public uint32_t exchange_report(sgx_enclave_id_t src_enclave_id, [in] sgx_dh_msg2_t *dh_msg2, [out] sgx_dh_msg3_t *dh_msg3, uint32_t session_id);
|
|
||||||
public uint32_t generate_response(sgx_enclave_id_t src_enclave_id, [in, size = req_message_size] secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, [out, size=resp_message_size] secure_message_t* resp_message, size_t resp_message_size );
|
|
||||||
public uint32_t end_session(sgx_enclave_id_t src_enclave_id);
|
|
||||||
};
|
|
||||||
|
|
||||||
untrusted{
|
|
||||||
uint32_t session_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [in, out] sgx_dh_msg1_t *dh_msg1,[in, out] uint32_t *session_id);
|
|
||||||
uint32_t exchange_report_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [in, out] sgx_dh_msg2_t *dh_msg2, [in, out] sgx_dh_msg3_t *dh_msg3, uint32_t session_id);
|
|
||||||
uint32_t send_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [in, size = req_message_size] secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, [out, size=resp_message_size] secure_message_t* resp_message, size_t resp_message_size);
|
|
||||||
uint32_t end_session_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
void ocall_print_string([in, string] const char *str);
|
|
||||||
};
|
|
||||||
};
|
|
|
@ -1,105 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include "sgx_report.h"
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "sgx_ecp_types.h"
|
|
||||||
#include "sgx_dh.h"
|
|
||||||
#include "sgx_tseal.h"
|
|
||||||
|
|
||||||
#ifndef DATATYPES_H_
|
|
||||||
#define DATATYPES_H_
|
|
||||||
|
|
||||||
#define DH_KEY_SIZE 20
|
|
||||||
#define NONCE_SIZE 16
|
|
||||||
#define MAC_SIZE 16
|
|
||||||
#define MAC_KEY_SIZE 16
|
|
||||||
#define PADDING_SIZE 16
|
|
||||||
|
|
||||||
#define TAG_SIZE 16
|
|
||||||
#define IV_SIZE 12
|
|
||||||
|
|
||||||
#define DERIVE_MAC_KEY 0x0
|
|
||||||
#define DERIVE_SESSION_KEY 0x1
|
|
||||||
#define DERIVE_VK1_KEY 0x3
|
|
||||||
#define DERIVE_VK2_KEY 0x4
|
|
||||||
|
|
||||||
#define CLOSED 0x0
|
|
||||||
#define IN_PROGRESS 0x1
|
|
||||||
#define ACTIVE 0x2
|
|
||||||
|
|
||||||
#define MESSAGE_EXCHANGE 0x0
|
|
||||||
#define ENCLAVE_TO_ENCLAVE_CALL 0x1
|
|
||||||
|
|
||||||
#define INVALID_ARGUMENT -2 ///< Invalid function argument
|
|
||||||
#define LOGIC_ERROR -3 ///< Functional logic error
|
|
||||||
#define FILE_NOT_FOUND -4 ///< File not found
|
|
||||||
|
|
||||||
#define SAFE_FREE(ptr) {if (NULL != (ptr)) {free(ptr); (ptr)=NULL;}}
|
|
||||||
|
|
||||||
#define VMC_ATTRIBUTE_MASK 0xFFFFFFFFFFFFFFCB
|
|
||||||
|
|
||||||
typedef uint8_t dh_nonce[NONCE_SIZE];
|
|
||||||
typedef uint8_t cmac_128[MAC_SIZE];
|
|
||||||
|
|
||||||
#pragma pack(push, 1)
|
|
||||||
|
|
||||||
//Format of the AES-GCM message being exchanged between the source and the destination enclaves
|
|
||||||
typedef struct _secure_message_t
|
|
||||||
{
|
|
||||||
uint32_t session_id; //Session ID identifyting the session to which the message belongs
|
|
||||||
sgx_aes_gcm_data_t message_aes_gcm_data;
|
|
||||||
}secure_message_t;
|
|
||||||
|
|
||||||
//Format of the input function parameter structure
|
|
||||||
typedef struct _ms_in_msg_exchange_t {
|
|
||||||
uint32_t msg_type; //Type of Call E2E or general message exchange
|
|
||||||
uint32_t target_fn_id; //Function Id to be called in Destination. Is valid only when msg_type=ENCLAVE_TO_ENCLAVE_CALL
|
|
||||||
uint32_t inparam_buff_len; //Length of the serialized input parameters
|
|
||||||
char inparam_buff[]; //Serialized input parameters
|
|
||||||
} ms_in_msg_exchange_t;
|
|
||||||
|
|
||||||
//Format of the return value and output function parameter structure
|
|
||||||
typedef struct _ms_out_msg_exchange_t {
|
|
||||||
uint32_t retval_len; //Length of the return value
|
|
||||||
uint32_t ret_outparam_buff_len; //Length of the serialized return value and output parameters
|
|
||||||
char ret_outparam_buff[]; //Serialized return value and output parameters
|
|
||||||
} ms_out_msg_exchange_t;
|
|
||||||
|
|
||||||
//Session Tracker to generate session ids
|
|
||||||
typedef struct _session_id_tracker_t
|
|
||||||
{
|
|
||||||
uint32_t session_id;
|
|
||||||
}session_id_tracker_t;
|
|
||||||
|
|
||||||
#pragma pack(pop)
|
|
||||||
|
|
||||||
#endif
|
|
|
@ -1,53 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
#ifndef ERROR_CODES_H_
|
|
||||||
#define ERROR_CODES_H_
|
|
||||||
|
|
||||||
typedef uint32_t ATTESTATION_STATUS;
|
|
||||||
|
|
||||||
#define SUCCESS 0x00
|
|
||||||
#define INVALID_PARAMETER 0xE1
|
|
||||||
#define VALID_SESSION 0xE2
|
|
||||||
#define INVALID_SESSION 0xE3
|
|
||||||
#define ATTESTATION_ERROR 0xE4
|
|
||||||
#define ATTESTATION_SE_ERROR 0xE5
|
|
||||||
#define IPP_ERROR 0xE6
|
|
||||||
#define NO_AVAILABLE_SESSION_ERROR 0xE7
|
|
||||||
#define MALLOC_ERROR 0xE8
|
|
||||||
#define ERROR_TAG_MISMATCH 0xE9
|
|
||||||
#define OUT_BUFFER_LENGTH_ERROR 0xEA
|
|
||||||
#define INVALID_REQUEST_TYPE_ERROR 0xEB
|
|
||||||
#define INVALID_PARAMETER_ERROR 0xEC
|
|
||||||
#define ENCLAVE_TRUST_ERROR 0xED
|
|
||||||
#define ENCRYPT_DECRYPT_ERROR 0xEE
|
|
||||||
#define DUPLICATE_SESSION 0xEF
|
|
||||||
#endif
|
|
|
@ -1,346 +0,0 @@
|
||||||
#
|
|
||||||
# Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
#
|
|
||||||
# Redistribution and use in source and binary forms, with or without
|
|
||||||
# modification, are permitted provided that the following conditions
|
|
||||||
# are met:
|
|
||||||
#
|
|
||||||
# * Redistributions of source code must retain the above copyright
|
|
||||||
# notice, this list of conditions and the following disclaimer.
|
|
||||||
# * Redistributions in binary form must reproduce the above copyright
|
|
||||||
# notice, this list of conditions and the following disclaimer in
|
|
||||||
# the documentation and/or other materials provided with the
|
|
||||||
# distribution.
|
|
||||||
# * Neither the name of Intel Corporation nor the names of its
|
|
||||||
# contributors may be used to endorse or promote products derived
|
|
||||||
# from this software without specific prior written permission.
|
|
||||||
#
|
|
||||||
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
#
|
|
||||||
#
|
|
||||||
|
|
||||||
######## SGX SDK Settings ########
|
|
||||||
|
|
||||||
SGX_SDK ?= /opt/intel/sgxsdk
|
|
||||||
SGX_MODE ?= HW
|
|
||||||
SGX_ARCH ?= x64
|
|
||||||
SGX_DEBUG ?= 1
|
|
||||||
|
|
||||||
ifeq ($(shell getconf LONG_BIT), 32)
|
|
||||||
SGX_ARCH := x86
|
|
||||||
else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32)
|
|
||||||
SGX_ARCH := x86
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifeq ($(SGX_ARCH), x86)
|
|
||||||
SGX_COMMON_CFLAGS := -m32
|
|
||||||
SGX_LIBRARY_PATH := $(SGX_SDK)/lib
|
|
||||||
SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign
|
|
||||||
SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r
|
|
||||||
else
|
|
||||||
SGX_COMMON_CFLAGS := -m64
|
|
||||||
SGX_LIBRARY_PATH := $(SGX_SDK)/lib64
|
|
||||||
SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign
|
|
||||||
SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifeq ($(SGX_DEBUG), 1)
|
|
||||||
ifeq ($(SGX_PRERELEASE), 1)
|
|
||||||
$(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!)
|
|
||||||
endif
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifeq ($(SGX_DEBUG), 1)
|
|
||||||
SGX_COMMON_CFLAGS += -O0 -g
|
|
||||||
else
|
|
||||||
SGX_COMMON_CFLAGS += -O2
|
|
||||||
endif
|
|
||||||
|
|
||||||
######## Library Settings ########
|
|
||||||
|
|
||||||
Trust_Lib_Name := libLocalAttestation_Trusted.a
|
|
||||||
TrustLib_Cpp_Files := $(wildcard LocalAttestationCode/*.cpp)
|
|
||||||
TrustLib_Cpp_Objects := $(TrustLib_Cpp_Files:.cpp=.o)
|
|
||||||
TrustLib_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx -I$(SGX_SDK)/include/epid -I./Include
|
|
||||||
TrustLib_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector $(TrustLib_Include_Paths)
|
|
||||||
TrustLib_Compile_Cxx_Flags := -std=c++11 -nostdinc++
|
|
||||||
|
|
||||||
UnTrustLib_Name := libLocalAttestation_unTrusted.a
|
|
||||||
UnTrustLib_Cpp_Files := $(wildcard Untrusted_LocalAttestation/*.cpp)
|
|
||||||
UnTrustLib_Cpp_Objects := $(UnTrustLib_Cpp_Files:.cpp=.o)
|
|
||||||
UnTrustLib_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/ippcp -I./Include -I./LocalAttestationCode
|
|
||||||
UnTrustLib_Compile_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes -std=c++11 $(UnTrustLib_Include_Paths)
|
|
||||||
|
|
||||||
######## App Settings ########
|
|
||||||
|
|
||||||
ifneq ($(SGX_MODE), HW)
|
|
||||||
Urts_Library_Name := sgx_urts_sim
|
|
||||||
else
|
|
||||||
Urts_Library_Name := sgx_urts
|
|
||||||
endif
|
|
||||||
|
|
||||||
App_Cpp_Files := $(wildcard App/*.cpp)
|
|
||||||
App_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/ippcp -I./Include -I./LocalAttestationCode
|
|
||||||
|
|
||||||
App_Compile_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths)
|
|
||||||
# Three configuration modes - Debug, prerelease, release
|
|
||||||
# Debug - Macro DEBUG enabled.
|
|
||||||
# Prerelease - Macro NDEBUG and EDEBUG enabled.
|
|
||||||
# Release - Macro NDEBUG enabled.
|
|
||||||
ifeq ($(SGX_DEBUG), 1)
|
|
||||||
App_Compile_Flags += -DDEBUG -UNDEBUG -UEDEBUG
|
|
||||||
else ifeq ($(SGX_PRERELEASE), 1)
|
|
||||||
App_Compile_Flags += -DNDEBUG -DEDEBUG -UDEBUG
|
|
||||||
else
|
|
||||||
App_Compile_Flags += -DNDEBUG -UEDEBUG -UDEBUG
|
|
||||||
endif
|
|
||||||
|
|
||||||
App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -L. -lpthread -lLocalAttestation_unTrusted
|
|
||||||
|
|
||||||
ifneq ($(SGX_MODE), HW)
|
|
||||||
App_Link_Flags += -lsgx_uae_service_sim
|
|
||||||
else
|
|
||||||
App_Link_Flags += -lsgx_uae_service
|
|
||||||
endif
|
|
||||||
|
|
||||||
App_Cpp_Objects := $(App_Cpp_Files:.cpp=.o)
|
|
||||||
App_Name := app
|
|
||||||
|
|
||||||
######## Enclave Settings ########
|
|
||||||
|
|
||||||
Enclave1_Version_Script := Enclave1/Enclave1.lds
|
|
||||||
Enclave2_Version_Script := Enclave2/Enclave2.lds
|
|
||||||
Enclave3_Version_Script := Enclave3/Enclave3.lds
|
|
||||||
|
|
||||||
ifneq ($(SGX_MODE), HW)
|
|
||||||
Trts_Library_Name := sgx_trts_sim
|
|
||||||
Service_Library_Name := sgx_tservice_sim
|
|
||||||
else
|
|
||||||
Trts_Library_Name := sgx_trts
|
|
||||||
Service_Library_Name := sgx_tservice
|
|
||||||
endif
|
|
||||||
Crypto_Library_Name := sgx_tcrypto
|
|
||||||
|
|
||||||
Enclave_Cpp_Files_1 := $(wildcard Enclave1/*.cpp)
|
|
||||||
Enclave_Cpp_Files_2 := $(wildcard Enclave2/*.cpp)
|
|
||||||
Enclave_Cpp_Files_3 := $(wildcard Enclave3/*.cpp)
|
|
||||||
Enclave_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx -I./LocalAttestationCode -I./Include
|
|
||||||
|
|
||||||
CC_BELOW_4_9 := $(shell expr "`$(CC) -dumpversion`" \< "4.9")
|
|
||||||
ifeq ($(CC_BELOW_4_9), 1)
|
|
||||||
Enclave_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -ffunction-sections -fdata-sections -fstack-protector
|
|
||||||
else
|
|
||||||
Enclave_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -ffunction-sections -fdata-sections -fstack-protector-strong
|
|
||||||
endif
|
|
||||||
|
|
||||||
Enclave_Compile_Flags += $(Enclave_Include_Paths)
|
|
||||||
|
|
||||||
# To generate a proper enclave, it is recommended to follow below guideline to link the trusted libraries:
|
|
||||||
# 1. Link sgx_trts with the `--whole-archive' and `--no-whole-archive' options,
|
|
||||||
# so that the whole content of trts is included in the enclave.
|
|
||||||
# 2. For other libraries, you just need to pull the required symbols.
|
|
||||||
# Use `--start-group' and `--end-group' to link these libraries.
|
|
||||||
# Do NOT move the libraries linked with `--start-group' and `--end-group' within `--whole-archive' and `--no-whole-archive' options.
|
|
||||||
# Otherwise, you may get some undesirable errors.
|
|
||||||
Common_Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \
|
|
||||||
-Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
|
|
||||||
-Wl,--start-group -lsgx_tstdc -lsgx_tcxx -l$(Crypto_Library_Name) -L. -lLocalAttestation_Trusted -l$(Service_Library_Name) -Wl,--end-group \
|
|
||||||
-Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
|
|
||||||
-Wl,-pie,-eenclave_entry -Wl,--export-dynamic \
|
|
||||||
-Wl,--defsym,__ImageBase=0 -Wl,--gc-sections
|
|
||||||
Enclave1_Link_Flags := $(Common_Enclave_Link_Flags) -Wl,--version-script=$(Enclave1_Version_Script)
|
|
||||||
Enclave2_Link_Flags := $(Common_Enclave_Link_Flags) -Wl,--version-script=$(Enclave2_Version_Script)
|
|
||||||
Enclave3_Link_Flags := $(Common_Enclave_Link_Flags) -Wl,--version-script=$(Enclave3_Version_Script)
|
|
||||||
|
|
||||||
Enclave_Cpp_Objects_1 := $(Enclave_Cpp_Files_1:.cpp=.o)
|
|
||||||
Enclave_Cpp_Objects_2 := $(Enclave_Cpp_Files_2:.cpp=.o)
|
|
||||||
Enclave_Cpp_Objects_3 := $(Enclave_Cpp_Files_3:.cpp=.o)
|
|
||||||
|
|
||||||
Enclave_Name_1 := libenclave1.so
|
|
||||||
Enclave_Name_2 := libenclave2.so
|
|
||||||
Enclave_Name_3 := libenclave3.so
|
|
||||||
|
|
||||||
ifeq ($(SGX_MODE), HW)
|
|
||||||
ifeq ($(SGX_DEBUG), 1)
|
|
||||||
Build_Mode = HW_DEBUG
|
|
||||||
else ifeq ($(SGX_PRERELEASE), 1)
|
|
||||||
Build_Mode = HW_PRERELEASE
|
|
||||||
else
|
|
||||||
Build_Mode = HW_RELEASE
|
|
||||||
endif
|
|
||||||
else
|
|
||||||
ifeq ($(SGX_DEBUG), 1)
|
|
||||||
Build_Mode = SIM_DEBUG
|
|
||||||
else ifeq ($(SGX_PRERELEASE), 1)
|
|
||||||
Build_Mode = SIM_PRERELEASE
|
|
||||||
else
|
|
||||||
Build_Mode = SIM_RELEASE
|
|
||||||
endif
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifeq ($(Build_Mode), HW_RELEASE)
|
|
||||||
all: .config_$(Build_Mode)_$(SGX_ARCH) $(Trust_Lib_Name) $(UnTrustLib_Name) Enclave1.so Enclave2.so Enclave3.so $(App_Name)
|
|
||||||
@echo "The project has been built in release hardware mode."
|
|
||||||
@echo "Please sign the enclaves (Enclave1.so, Enclave2.so, Enclave3.so) first with your signing keys before you run the $(App_Name) to launch and access the enclave."
|
|
||||||
@echo "To sign the enclaves use the following commands:"
|
|
||||||
@echo " $(SGX_ENCLAVE_SIGNER) sign -key <key1> -enclave Enclave1.so -out <$(Enclave_Name_1)> -config Enclave1/Enclave1.config.xml"
|
|
||||||
@echo " $(SGX_ENCLAVE_SIGNER) sign -key <key2> -enclave Enclave2.so -out <$(Enclave_Name_2)> -config Enclave2/Enclave2.config.xml"
|
|
||||||
@echo " $(SGX_ENCLAVE_SIGNER) sign -key <key3> -enclave Enclave3.so -out <$(Enclave_Name_3)> -config Enclave3/Enclave3.config.xml"
|
|
||||||
@echo "You can also sign the enclaves using an external signing tool."
|
|
||||||
@echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW."
|
|
||||||
else
|
|
||||||
all: .config_$(Build_Mode)_$(SGX_ARCH) $(Trust_Lib_Name) $(UnTrustLib_Name) $(Enclave_Name_1) $(Enclave_Name_2) $(Enclave_Name_3) $(App_Name)
|
|
||||||
ifeq ($(Build_Mode), HW_DEBUG)
|
|
||||||
@echo "The project has been built in debug hardware mode."
|
|
||||||
else ifeq ($(Build_Mode), SIM_DEBUG)
|
|
||||||
@echo "The project has been built in debug simulation mode."
|
|
||||||
else ifeq ($(Build_Mode), HW_PRERELEASE)
|
|
||||||
@echo "The project has been built in pre-release hardware mode."
|
|
||||||
else ifeq ($(Build_Mode), SIM_PRERELEASE)
|
|
||||||
@echo "The project has been built in pre-release simulation mode."
|
|
||||||
else
|
|
||||||
@echo "The project has been built in release simulation mode."
|
|
||||||
endif
|
|
||||||
endif
|
|
||||||
|
|
||||||
.config_$(Build_Mode)_$(SGX_ARCH):
|
|
||||||
@rm -rf .config_* $(App_Name) *.so *.a App/*.o Enclave1/*.o Enclave1/*_t.* Enclave1/*_u.* Enclave2/*.o Enclave2/*_t.* Enclave2/*_u.* Enclave3/*.o Enclave3/*_t.* Enclave3/*_u.* LocalAttestationCode/*.o Untrusted_LocalAttestation/*.o LocalAttestationCode/*_t.*
|
|
||||||
@touch .config_$(Build_Mode)_$(SGX_ARCH)
|
|
||||||
|
|
||||||
######## Library Objects ########
|
|
||||||
|
|
||||||
LocalAttestationCode/LocalAttestationCode_t.c LocalAttestationCode/LocalAttestationCode_t.h : $(SGX_EDGER8R) LocalAttestationCode/LocalAttestationCode.edl
|
|
||||||
@cd LocalAttestationCode && $(SGX_EDGER8R) --trusted ../LocalAttestationCode/LocalAttestationCode.edl --search-path $(SGX_SDK)/include
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
LocalAttestationCode/LocalAttestationCode_t.o: LocalAttestationCode/LocalAttestationCode_t.c
|
|
||||||
@$(CC) $(TrustLib_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
LocalAttestationCode/%.o: LocalAttestationCode/%.cpp LocalAttestationCode/LocalAttestationCode_t.h
|
|
||||||
@$(CXX) $(TrustLib_Compile_Flags) $(TrustLib_Compile_Cxx_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
$(Trust_Lib_Name): LocalAttestationCode/LocalAttestationCode_t.o $(TrustLib_Cpp_Objects)
|
|
||||||
@$(AR) rcs $@ $^
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
Untrusted_LocalAttestation/%.o: Untrusted_LocalAttestation/%.cpp
|
|
||||||
@$(CXX) $(UnTrustLib_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
$(UnTrustLib_Name): $(UnTrustLib_Cpp_Objects)
|
|
||||||
@$(AR) rcs $@ $^
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
######## App Objects ########
|
|
||||||
Enclave1/Enclave1_u.c Enclave1/Enclave1_u.h: $(SGX_EDGER8R) Enclave1/Enclave1.edl
|
|
||||||
@cd Enclave1 && $(SGX_EDGER8R) --use-prefix --untrusted ../Enclave1/Enclave1.edl --search-path $(SGX_SDK)/include
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
App/Enclave1_u.o: Enclave1/Enclave1_u.c
|
|
||||||
@$(CC) $(App_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
Enclave2/Enclave2_u.c Enclave2/Enclave2_u.h: $(SGX_EDGER8R) Enclave2/Enclave2.edl
|
|
||||||
@cd Enclave2 && $(SGX_EDGER8R) --use-prefix --untrusted ../Enclave2/Enclave2.edl --search-path $(SGX_SDK)/include
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
App/Enclave2_u.o: Enclave2/Enclave2_u.c
|
|
||||||
@$(CC) $(App_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
Enclave3/Enclave3_u.c Enclave3/Enclave3_u.h: $(SGX_EDGER8R) Enclave3/Enclave3.edl
|
|
||||||
@cd Enclave3 && $(SGX_EDGER8R) --use-prefix --untrusted ../Enclave3/Enclave3.edl --search-path $(SGX_SDK)/include
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
App/Enclave3_u.o: Enclave3/Enclave3_u.c
|
|
||||||
@$(CC) $(App_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
App/%.o: App/%.cpp Enclave1/Enclave1_u.h Enclave2/Enclave2_u.h Enclave3/Enclave3_u.h
|
|
||||||
@$(CXX) $(App_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CXX <= $<"
|
|
||||||
|
|
||||||
$(App_Name): App/Enclave1_u.o App/Enclave2_u.o App/Enclave3_u.o $(App_Cpp_Objects) $(UnTrustLib_Name)
|
|
||||||
@$(CXX) $^ -o $@ $(App_Link_Flags)
|
|
||||||
@echo "LINK => $@"
|
|
||||||
|
|
||||||
|
|
||||||
######## Enclave Objects ########
|
|
||||||
|
|
||||||
Enclave1/Enclave1_t.c Enclave1/Enclave1_t.h: $(SGX_EDGER8R) Enclave1/Enclave1.edl
|
|
||||||
@cd Enclave1 && $(SGX_EDGER8R) --use-prefix --trusted ../Enclave1/Enclave1.edl --search-path $(SGX_SDK)/include
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
Enclave1/Enclave1_t.o: Enclave1/Enclave1_t.c
|
|
||||||
@$(CC) $(Enclave_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
Enclave1/%.o: Enclave1/%.cpp Enclave1/Enclave1_t.h
|
|
||||||
@$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CXX <= $<"
|
|
||||||
|
|
||||||
Enclave1.so: Enclave1/Enclave1_t.o $(Enclave_Cpp_Objects_1) $(Trust_Lib_Name)
|
|
||||||
@$(CXX) Enclave1/Enclave1_t.o $(Enclave_Cpp_Objects_1) -o $@ $(Enclave1_Link_Flags)
|
|
||||||
@echo "LINK => $@"
|
|
||||||
|
|
||||||
$(Enclave_Name_1): Enclave1.so
|
|
||||||
@$(SGX_ENCLAVE_SIGNER) sign -key Enclave1/Enclave1_private.pem -enclave Enclave1.so -out $@ -config Enclave1/Enclave1.config.xml
|
|
||||||
@echo "SIGN => $@"
|
|
||||||
|
|
||||||
Enclave2/Enclave2_t.c: $(SGX_EDGER8R) Enclave2/Enclave2.edl
|
|
||||||
@cd Enclave2 && $(SGX_EDGER8R) --use-prefix --trusted ../Enclave2/Enclave2.edl --search-path $(SGX_SDK)/include
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
Enclave2/Enclave2_t.o: Enclave2/Enclave2_t.c
|
|
||||||
@$(CC) $(Enclave_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
Enclave2/%.o: Enclave2/%.cpp
|
|
||||||
@$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CXX <= $<"
|
|
||||||
|
|
||||||
Enclave2.so: Enclave2/Enclave2_t.o $(Enclave_Cpp_Objects_2) $(Trust_Lib_Name)
|
|
||||||
@$(CXX) Enclave2/Enclave2_t.o $(Enclave_Cpp_Objects_2) -o $@ $(Enclave2_Link_Flags)
|
|
||||||
@echo "LINK => $@"
|
|
||||||
|
|
||||||
$(Enclave_Name_2): Enclave2.so
|
|
||||||
@$(SGX_ENCLAVE_SIGNER) sign -key Enclave2/Enclave2_private.pem -enclave Enclave2.so -out $@ -config Enclave2/Enclave2.config.xml
|
|
||||||
@echo "SIGN => $@"
|
|
||||||
|
|
||||||
Enclave3/Enclave3_t.c: $(SGX_EDGER8R) Enclave3/Enclave3.edl
|
|
||||||
@cd Enclave3 && $(SGX_EDGER8R) --use-prefix --trusted ../Enclave3/Enclave3.edl --search-path $(SGX_SDK)/include
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
Enclave3/Enclave3_t.o: Enclave3/Enclave3_t.c
|
|
||||||
@$(CC) $(Enclave_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
Enclave3/%.o: Enclave3/%.cpp
|
|
||||||
@$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags) -c $< -o $@
|
|
||||||
@echo "CXX <= $<"
|
|
||||||
|
|
||||||
Enclave3.so: Enclave3/Enclave3_t.o $(Enclave_Cpp_Objects_3) $(Trust_Lib_Name)
|
|
||||||
@$(CXX) Enclave3/Enclave3_t.o $(Enclave_Cpp_Objects_3) -o $@ $(Enclave3_Link_Flags)
|
|
||||||
@echo "LINK => $@"
|
|
||||||
|
|
||||||
$(Enclave_Name_3): Enclave3.so
|
|
||||||
@$(SGX_ENCLAVE_SIGNER) sign -key Enclave3/Enclave3_private.pem -enclave Enclave3.so -out $@ -config Enclave3/Enclave3.config.xml
|
|
||||||
@echo "SIGN => $@"
|
|
||||||
|
|
||||||
######## Clean ########
|
|
||||||
.PHONY: clean
|
|
||||||
|
|
||||||
clean:
|
|
||||||
@rm -rf .config_* $(App_Name) *.so *.a App/*.o Enclave1/*.o Enclave1/*_t.* Enclave1/*_u.* Enclave2/*.o Enclave2/*_t.* Enclave2/*_u.* Enclave3/*.o Enclave3/*_t.* Enclave3/*_u.* LocalAttestationCode/*.o Untrusted_LocalAttestation/*.o LocalAttestationCode/*_t.*
|
|
|
@ -1,29 +0,0 @@
|
||||||
---------------------------
|
|
||||||
Purpose of LocalAttestation
|
|
||||||
---------------------------
|
|
||||||
The project demonstrates:
|
|
||||||
- How to establish a protected channel
|
|
||||||
- Secret message exchange using enclave to enclave function calls
|
|
||||||
|
|
||||||
------------------------------------
|
|
||||||
How to Build/Execute the Sample Code
|
|
||||||
------------------------------------
|
|
||||||
1. Install Intel(R) Software Guard Extensions (Intel(R) SGX) SDK for Linux* OS
|
|
||||||
2. Make sure your environment is set:
|
|
||||||
$ source ${sgx-sdk-install-path}/environment
|
|
||||||
3. Build the project with the prepared Makefile:
|
|
||||||
a. Hardware Mode, Debug build:
|
|
||||||
$ make
|
|
||||||
b. Hardware Mode, Pre-release build:
|
|
||||||
$ make SGX_PRERELEASE=1 SGX_DEBUG=0
|
|
||||||
c. Hardware Mode, Release build:
|
|
||||||
$ make SGX_DEBUG=0
|
|
||||||
d. Simulation Mode, Debug build:
|
|
||||||
$ make SGX_MODE=SIM
|
|
||||||
e. Simulation Mode, Pre-release build:
|
|
||||||
$ make SGX_MODE=SIM SGX_PRERELEASE=1 SGX_DEBUG=0
|
|
||||||
f. Simulation Mode, Release build:
|
|
||||||
$ make SGX_MODE=SIM SGX_DEBUG=0
|
|
||||||
4. Execute the binary directly:
|
|
||||||
$ ./app
|
|
||||||
5. Remember to "make clean" before switching build mode
|
|
|
@ -1,200 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "error_codes.h"
|
|
||||||
#include "datatypes.h"
|
|
||||||
#include "sgx_urts.h"
|
|
||||||
#include "UntrustedEnclaveMessageExchange.h"
|
|
||||||
#include "sgx_dh.h"
|
|
||||||
#include <map>
|
|
||||||
#include <sys/ipc.h>
|
|
||||||
#include <sys/shm.h>
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <unistd.h>
|
|
||||||
|
|
||||||
std::map<sgx_enclave_id_t, uint32_t>g_enclave_id_map;
|
|
||||||
extern sgx_enclave_id_t e1_enclave_id;
|
|
||||||
|
|
||||||
//Makes an sgx_ecall to the destination enclave to get session id and message1
|
|
||||||
ATTESTATION_STATUS session_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id)
|
|
||||||
{
|
|
||||||
uint32_t status = 0;
|
|
||||||
sgx_status_t ret = SGX_SUCCESS;
|
|
||||||
|
|
||||||
// printf("[OCALL IPC] Generating msg1 and session_id for Enclave1\n");
|
|
||||||
// for session_id
|
|
||||||
printf("[OCALL IPC] Passing SessionID to shared memory for Enclave1\n");
|
|
||||||
key_t key_session_id = ftok("../..", 3);
|
|
||||||
int shmid_session_id = shmget(key_session_id, sizeof(uint32_t), 0666|IPC_CREAT);
|
|
||||||
uint32_t* tmp_session_id = (uint32_t*)shmat(shmid_session_id, (void*)0, 0);
|
|
||||||
memcpy(tmp_session_id, session_id, sizeof(uint32_t));
|
|
||||||
|
|
||||||
// for msg1
|
|
||||||
printf("[OCALL IPC] Passing message1 to shared memory for Enclave1\n");
|
|
||||||
key_t key_msg1 = ftok("../..", 2);
|
|
||||||
int shmid_msg1 = shmget(key_msg1, sizeof(sgx_dh_msg1_t), 0666|IPC_CREAT);
|
|
||||||
sgx_dh_msg1_t* tmp_msg1 = (sgx_dh_msg1_t *)shmat(shmid_msg1, (void*)0, 0);
|
|
||||||
memcpy(tmp_msg1, dh_msg1, sizeof(sgx_dh_msg1_t));
|
|
||||||
|
|
||||||
shmdt(tmp_msg1);
|
|
||||||
shmdt(tmp_session_id);
|
|
||||||
|
|
||||||
// let enclave1 to receive msg1
|
|
||||||
printf("[OCALL IPC] Waiting for Enclave1 to process SessionID and message1...\n");
|
|
||||||
sleep(5);
|
|
||||||
|
|
||||||
if (ret == SGX_SUCCESS)
|
|
||||||
return (ATTESTATION_STATUS)status;
|
|
||||||
else
|
|
||||||
return INVALID_SESSION;
|
|
||||||
|
|
||||||
}
|
|
||||||
//Makes an sgx_ecall to the destination enclave sends message2 from the source enclave and gets message 3 from the destination enclave
|
|
||||||
ATTESTATION_STATUS exchange_report_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t session_id)
|
|
||||||
{
|
|
||||||
uint32_t status = 0;
|
|
||||||
sgx_status_t ret = SGX_SUCCESS;
|
|
||||||
|
|
||||||
if (dh_msg3 == NULL)
|
|
||||||
{
|
|
||||||
// get msg2 from Enclave1
|
|
||||||
printf("[OCALL IPC] Message2 should be ready\n");
|
|
||||||
printf("[OCALL IPC] Retrieving message2 from shared memory\n");
|
|
||||||
key_t key_msg2 = ftok("../..", 4);
|
|
||||||
int shmid_msg2 = shmget(key_msg2, sizeof(sgx_dh_msg2_t), 0666|IPC_CREAT);
|
|
||||||
sgx_dh_msg2_t* tmp_msg2 = (sgx_dh_msg2_t *)shmat(shmid_msg2, (void*)0, 0);
|
|
||||||
memcpy(dh_msg2, tmp_msg2, sizeof(sgx_dh_msg2_t));
|
|
||||||
shmdt(tmp_msg2);
|
|
||||||
}
|
|
||||||
|
|
||||||
// ret = Enclave1_exchange_report(src_enclave_id, &status, 0, dh_msg2, dh_msg3, session_id);
|
|
||||||
|
|
||||||
else
|
|
||||||
{
|
|
||||||
// pass msg3 to shm for Enclave
|
|
||||||
printf("[OCALL IPC] Passing message3 to shared memory for Enclave1\n");
|
|
||||||
key_t key_msg3 = ftok("../..", 5);
|
|
||||||
int shmid_msg3 = shmget(key_msg3, sizeof(sgx_dh_msg3_t), 0666|IPC_CREAT);
|
|
||||||
sgx_dh_msg3_t* tmp_msg3 = (sgx_dh_msg3_t *)shmat(shmid_msg3, (void*)0, 0);
|
|
||||||
memcpy(tmp_msg3, dh_msg3, sizeof(sgx_dh_msg3_t));
|
|
||||||
shmdt(tmp_msg3);
|
|
||||||
|
|
||||||
// wait for Enclave1 to process msg3
|
|
||||||
printf("[OCALL IPC] Waiting for Enclave1 to process message3...\n");
|
|
||||||
sleep(5);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (ret == SGX_SUCCESS)
|
|
||||||
return (ATTESTATION_STATUS)status;
|
|
||||||
else
|
|
||||||
return INVALID_SESSION;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
//Make an sgx_ecall to the destination enclave function that generates the actual response
|
|
||||||
ATTESTATION_STATUS send_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id,secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size)
|
|
||||||
{
|
|
||||||
uint32_t status = 0;
|
|
||||||
sgx_status_t ret = SGX_SUCCESS;
|
|
||||||
uint32_t temp_enclave_no;
|
|
||||||
|
|
||||||
std::map<sgx_enclave_id_t, uint32_t>::iterator it = g_enclave_id_map.find(dest_enclave_id);
|
|
||||||
if(it != g_enclave_id_map.end())
|
|
||||||
{
|
|
||||||
temp_enclave_no = it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
switch(temp_enclave_no)
|
|
||||||
{
|
|
||||||
case 1:
|
|
||||||
ret = Enclave1_generate_response(dest_enclave_id, &status, src_enclave_id, req_message, req_message_size, max_payload_size, resp_message, resp_message_size);
|
|
||||||
break;
|
|
||||||
case 2:
|
|
||||||
ret = Enclave2_generate_response(dest_enclave_id, &status, src_enclave_id, req_message, req_message_size, max_payload_size, resp_message, resp_message_size);
|
|
||||||
break;
|
|
||||||
case 3:
|
|
||||||
ret = Enclave3_generate_response(dest_enclave_id, &status, src_enclave_id, req_message, req_message_size, max_payload_size, resp_message, resp_message_size);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
if (ret == SGX_SUCCESS)
|
|
||||||
return (ATTESTATION_STATUS)status;
|
|
||||||
else
|
|
||||||
return INVALID_SESSION;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
//Make an sgx_ecall to the destination enclave to close the session
|
|
||||||
ATTESTATION_STATUS end_session_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id)
|
|
||||||
{
|
|
||||||
uint32_t status = 0;
|
|
||||||
sgx_status_t ret = SGX_SUCCESS;
|
|
||||||
uint32_t temp_enclave_no;
|
|
||||||
|
|
||||||
std::map<sgx_enclave_id_t, uint32_t>::iterator it = g_enclave_id_map.find(dest_enclave_id);
|
|
||||||
if(it != g_enclave_id_map.end())
|
|
||||||
{
|
|
||||||
temp_enclave_no = it->second;
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
return INVALID_SESSION;
|
|
||||||
}
|
|
||||||
|
|
||||||
switch(temp_enclave_no)
|
|
||||||
{
|
|
||||||
case 1:
|
|
||||||
ret = Enclave1_end_session(dest_enclave_id, &status, src_enclave_id);
|
|
||||||
break;
|
|
||||||
case 2:
|
|
||||||
ret = Enclave2_end_session(dest_enclave_id, &status, src_enclave_id);
|
|
||||||
break;
|
|
||||||
case 3:
|
|
||||||
ret = Enclave3_end_session(dest_enclave_id, &status, src_enclave_id);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
if (ret == SGX_SUCCESS)
|
|
||||||
return (ATTESTATION_STATUS)status;
|
|
||||||
else
|
|
||||||
return INVALID_SESSION;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
void ocall_print_string(const char *str)
|
|
||||||
{
|
|
||||||
printf("%s", str);
|
|
||||||
}
|
|
|
@ -1,74 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
|
|
||||||
*
|
|
||||||
* Redistribution and use in source and binary forms, with or without
|
|
||||||
* modification, are permitted provided that the following conditions
|
|
||||||
* are met:
|
|
||||||
*
|
|
||||||
* * Redistributions of source code must retain the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer.
|
|
||||||
* * Redistributions in binary form must reproduce the above copyright
|
|
||||||
* notice, this list of conditions and the following disclaimer in
|
|
||||||
* the documentation and/or other materials provided with the
|
|
||||||
* distribution.
|
|
||||||
* * Neither the name of Intel Corporation nor the names of its
|
|
||||||
* contributors may be used to endorse or promote products derived
|
|
||||||
* from this software without specific prior written permission.
|
|
||||||
*
|
|
||||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
||||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
||||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
||||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
||||||
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
||||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
||||||
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
|
|
||||||
|
|
||||||
#include "sgx_eid.h"
|
|
||||||
#include "error_codes.h"
|
|
||||||
#include "datatypes.h"
|
|
||||||
#include "sgx_urts.h"
|
|
||||||
#include "dh_session_protocol.h"
|
|
||||||
#include "sgx_dh.h"
|
|
||||||
#include <cstddef>
|
|
||||||
|
|
||||||
|
|
||||||
#ifndef ULOCALATTESTATION_H_
|
|
||||||
#define ULOCALATTESTATION_H_
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
extern "C" {
|
|
||||||
#endif
|
|
||||||
|
|
||||||
sgx_status_t Enclave1_session_request(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id);
|
|
||||||
sgx_status_t Enclave1_exchange_report(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id);
|
|
||||||
sgx_status_t Enclave1_generate_response(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size);
|
|
||||||
sgx_status_t Enclave1_end_session(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id);
|
|
||||||
|
|
||||||
sgx_status_t Enclave2_session_request(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id);
|
|
||||||
sgx_status_t Enclave2_exchange_report(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id);
|
|
||||||
sgx_status_t Enclave2_generate_response(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size);
|
|
||||||
sgx_status_t Enclave2_end_session(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id);
|
|
||||||
|
|
||||||
sgx_status_t Enclave3_session_request(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id);
|
|
||||||
sgx_status_t Enclave3_exchange_report(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id);
|
|
||||||
sgx_status_t Enclave3_generate_response(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size);
|
|
||||||
sgx_status_t Enclave3_end_session(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id);
|
|
||||||
|
|
||||||
uint32_t session_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id);
|
|
||||||
uint32_t exchange_report_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id);
|
|
||||||
uint32_t send_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size);
|
|
||||||
uint32_t end_session_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
|
|
||||||
void ocall_print_string(const char *str);
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#endif
|
|
|
@ -1,211 +0,0 @@
|
||||||
######## SGX SDK Settings ########
|
|
||||||
SGX_SDK ?= /opt/intel/sgxsdk
|
|
||||||
SGX_MODE ?= SIM
|
|
||||||
SGX_ARCH ?= x64
|
|
||||||
|
|
||||||
ifeq ($(shell getconf LONG_BIT), 32)
|
|
||||||
SGX_ARCH := x86
|
|
||||||
else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32)
|
|
||||||
SGX_ARCH := x86
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifeq ($(SGX_ARCH), x86)
|
|
||||||
SGX_COMMON_CFLAGS := -m32
|
|
||||||
SGX_LIBRARY_PATH := $(SGX_SDK)/lib
|
|
||||||
SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign
|
|
||||||
SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r
|
|
||||||
else
|
|
||||||
SGX_COMMON_CFLAGS := -m64
|
|
||||||
SGX_LIBRARY_PATH := $(SGX_SDK)/lib64
|
|
||||||
SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign
|
|
||||||
SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifeq ($(SGX_DEBUG), 1)
|
|
||||||
ifeq ($(SGX_PRERELEASE), 1)
|
|
||||||
$(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!)
|
|
||||||
endif
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifeq ($(SGX_DEBUG), 1)
|
|
||||||
SGX_COMMON_CFLAGS += -O0 -g
|
|
||||||
else
|
|
||||||
SGX_COMMON_CFLAGS += -O2
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifeq ($(SUPPLIED_KEY_DERIVATION), 1)
|
|
||||||
SGX_COMMON_CFLAGS += -DSUPPLIED_KEY_DERIVATION
|
|
||||||
endif
|
|
||||||
|
|
||||||
######## App Settings ########
|
|
||||||
|
|
||||||
ifneq ($(SGX_MODE), HW)
|
|
||||||
Urts_Library_Name := sgx_urts_sim
|
|
||||||
else
|
|
||||||
Urts_Library_Name := sgx_urts
|
|
||||||
endif
|
|
||||||
|
|
||||||
|
|
||||||
App_Cpp_Files := isv_app/isv_app.cpp ../Util/LogBase.cpp ../Networking/NetworkManager.cpp ../Networking/Session.cpp ../Networking/Server.cpp \
|
|
||||||
../Networking/Client.cpp ../Networking/NetworkManagerServer.cpp ../GoogleMessages/Messages.pb.cpp ../Networking/AbstractNetworkOps.cpp \
|
|
||||||
../Util/UtilityFunctions.cpp ../Enclave/Enclave.cpp ../MessageHandler/MessageHandler.cpp ../Util/Base64.cpp
|
|
||||||
|
|
||||||
App_Include_Paths := -I../Util -Iservice_provider -I$(SGX_SDK)/include -Iheaders -I../Networking -Iisv_app -I../GoogleMessages -I/usr/local/include -I../Enclave \
|
|
||||||
-I../MessageHandler
|
|
||||||
|
|
||||||
App_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths)
|
|
||||||
|
|
||||||
# Three configuration modes - Debug, prerelease, release
|
|
||||||
# Debug - Macro DEBUG enabled.
|
|
||||||
# Prerelease - Macro NDEBUG and EDEBUG enabled.
|
|
||||||
# Release - Macro NDEBUG enabled.
|
|
||||||
ifeq ($(SGX_DEBUG), 1)
|
|
||||||
App_C_Flags += -DDEBUG -UNDEBUG -UEDEBUG
|
|
||||||
else ifeq ($(SGX_PRERELEASE), 1)
|
|
||||||
App_C_Flags += -DNDEBUG -DEDEBUG -UDEBUG
|
|
||||||
else
|
|
||||||
App_C_Flags += -DNDEBUG -UEDEBUG -UDEBUG
|
|
||||||
endif
|
|
||||||
|
|
||||||
App_Cpp_Flags := $(App_C_Flags) -std=c++11 -DEnableServer
|
|
||||||
App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -L. -lsgx_ukey_exchange -lpthread -Wl,-rpath=$(CURDIR)/../sample_libcrypto -Wl,-rpath=$(CURDIR) -llog4cpp -lboost_system -lssl -lcrypto -lboost_thread -lprotobuf -L /usr/local/lib -ljsoncpp
|
|
||||||
|
|
||||||
ifneq ($(SGX_MODE), HW)
|
|
||||||
App_Link_Flags += -lsgx_uae_service_sim
|
|
||||||
else
|
|
||||||
App_Link_Flags += -lsgx_uae_service
|
|
||||||
endif
|
|
||||||
|
|
||||||
App_Cpp_Objects := $(App_Cpp_Files:.cpp=.o)
|
|
||||||
|
|
||||||
App_Name := app
|
|
||||||
|
|
||||||
|
|
||||||
######## Enclave Settings ########
|
|
||||||
ifneq ($(SGX_MODE), HW)
|
|
||||||
Trts_Library_Name := sgx_trts_sim
|
|
||||||
Service_Library_Name := sgx_tservice_sim
|
|
||||||
else
|
|
||||||
Trts_Library_Name := sgx_trts
|
|
||||||
Service_Library_Name := sgx_tservice
|
|
||||||
endif
|
|
||||||
Crypto_Library_Name := sgx_tcrypto
|
|
||||||
|
|
||||||
Enclave_Cpp_Files := isv_enclave/isv_enclave.cpp
|
|
||||||
Enclave_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/stlport -I$(SGX_SDK)/include/crypto_px/include -I../Enclave/
|
|
||||||
|
|
||||||
Enclave_C_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector $(Enclave_Include_Paths)
|
|
||||||
Enclave_Cpp_Flags := $(Enclave_C_Flags) -std=c++11 -nostdinc++
|
|
||||||
|
|
||||||
# To generate a proper enclave, it is recommended to follow below guideline to link the trusted libraries:
|
|
||||||
# 1. Link sgx_trts with the `--whole-archive' and `--no-whole-archive' options,
|
|
||||||
# so that the whole content of trts is included in the enclave.
|
|
||||||
# 2. For other libraries, you just need to pull the required symbols.
|
|
||||||
# Use `--start-group' and `--end-group' to link these libraries.
|
|
||||||
# Do NOT move the libraries linked with `--start-group' and `--end-group' within `--whole-archive' and `--no-whole-archive' options.
|
|
||||||
# Otherwise, you may get some undesirable errors.
|
|
||||||
Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \
|
|
||||||
-Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
|
|
||||||
-Wl,--start-group -lsgx_tstdc -lsgx_tstdcxx -lsgx_tkey_exchange -l$(Crypto_Library_Name) -l$(Service_Library_Name) -Wl,--end-group \
|
|
||||||
-Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
|
|
||||||
-Wl,-pie,-eenclave_entry -Wl,--export-dynamic \
|
|
||||||
-Wl,--defsym,__ImageBase=0 \
|
|
||||||
-Wl,--version-script=isv_enclave/isv_enclave.lds
|
|
||||||
|
|
||||||
Enclave_Cpp_Objects := $(Enclave_Cpp_Files:.cpp=.o)
|
|
||||||
|
|
||||||
Enclave_Name := isv_enclave.so
|
|
||||||
Signed_Enclave_Name := isv_enclave.signed.so
|
|
||||||
Enclave_Config_File := isv_enclave/isv_enclave.config.xml
|
|
||||||
|
|
||||||
ifeq ($(SGX_MODE), HW)
|
|
||||||
ifneq ($(SGX_DEBUG), 1)
|
|
||||||
ifneq ($(SGX_PRERELEASE), 1)
|
|
||||||
Build_Mode = HW_RELEASE
|
|
||||||
endif
|
|
||||||
endif
|
|
||||||
endif
|
|
||||||
|
|
||||||
|
|
||||||
.PHONY: all run
|
|
||||||
|
|
||||||
ifeq ($(Build_Mode), HW_RELEASE)
|
|
||||||
all: $(App_Name) $(Enclave_Name)
|
|
||||||
@echo "The project has been built in release hardware mode."
|
|
||||||
@echo "Please sign the $(Enclave_Name) first with your signing key before you run the $(App_Name) to launch and access the enclave."
|
|
||||||
@echo "To sign the enclave use the command:"
|
|
||||||
@echo " $(SGX_ENCLAVE_SIGNER) sign -key <your key> -enclave $(Enclave_Name) -out <$(Signed_Enclave_Name)> -config $(Enclave_Config_File)"
|
|
||||||
@echo "You can also sign the enclave using an external signing tool."
|
|
||||||
@echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW."
|
|
||||||
else
|
|
||||||
all: $(App_Name) $(Signed_Enclave_Name)
|
|
||||||
endif
|
|
||||||
|
|
||||||
run: all
|
|
||||||
ifneq ($(Build_Mode), HW_RELEASE)
|
|
||||||
@$(CURDIR)/$(App_Name)
|
|
||||||
@echo "RUN => $(App_Name) [$(SGX_MODE)|$(SGX_ARCH), OK]"
|
|
||||||
endif
|
|
||||||
|
|
||||||
|
|
||||||
######## App Objects ########
|
|
||||||
|
|
||||||
isv_app/isv_enclave_u.c: $(SGX_EDGER8R) isv_enclave/isv_enclave.edl
|
|
||||||
@cd isv_app && $(SGX_EDGER8R) --untrusted ../isv_enclave/isv_enclave.edl --search-path ../isv_enclave --search-path $(SGX_SDK)/include
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
isv_app/isv_enclave_u.o: isv_app/isv_enclave_u.c
|
|
||||||
@$(CC) $(App_C_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
isv_app/%.o: isv_app/%.cpp
|
|
||||||
@$(CXX) $(App_Cpp_Flags) -c $< -o $@
|
|
||||||
@echo "CXX <= $<"
|
|
||||||
|
|
||||||
../MessageHandler/%.o: ../MessageHandler/%.cpp
|
|
||||||
@$(CXX) $(App_Cpp_Flags) -c $< -o $@
|
|
||||||
@echo "CXX <= $<"
|
|
||||||
|
|
||||||
../Util/%.o: ../Util/%.cpp
|
|
||||||
@$(CXX) $(App_Cpp_Flags) -c $< -o $@
|
|
||||||
@echo "CXX <= $<"
|
|
||||||
|
|
||||||
../Networking/%.o: ../Networking/%.cpp
|
|
||||||
@$(CXX) $(App_Cpp_Flags) -c $< -o $@
|
|
||||||
@echo "CXX <= $<"
|
|
||||||
|
|
||||||
../Enclave/%.o: ../Enclave/%.cpp
|
|
||||||
@$(CXX) $(App_Cpp_Flags) -c $< -o $@
|
|
||||||
@echo "CXX <= $<"
|
|
||||||
|
|
||||||
$(App_Name): isv_app/isv_enclave_u.o $(App_Cpp_Objects)
|
|
||||||
@$(CXX) $^ -o $@ $(App_Link_Flags)
|
|
||||||
@echo "LINK => $@"
|
|
||||||
|
|
||||||
|
|
||||||
######## Enclave Objects ########
|
|
||||||
|
|
||||||
isv_enclave/isv_enclave_t.c: $(SGX_EDGER8R) isv_enclave/isv_enclave.edl
|
|
||||||
@cd isv_enclave && $(SGX_EDGER8R) --trusted ../isv_enclave/isv_enclave.edl --search-path ../isv_enclave --search-path $(SGX_SDK)/include
|
|
||||||
@echo "GEN => $@"
|
|
||||||
|
|
||||||
isv_enclave/isv_enclave_t.o: isv_enclave/isv_enclave_t.c
|
|
||||||
@$(CC) $(Enclave_C_Flags) -c $< -o $@
|
|
||||||
@echo "CC <= $<"
|
|
||||||
|
|
||||||
isv_enclave/%.o: isv_enclave/%.cpp
|
|
||||||
@$(CXX) $(Enclave_Cpp_Flags) -c $< -o $@
|
|
||||||
@echo "CXX <= $<"
|
|
||||||
|
|
||||||
$(Enclave_Name): isv_enclave/isv_enclave_t.o $(Enclave_Cpp_Objects)
|
|
||||||
@$(CXX) $^ -o $@ $(Enclave_Link_Flags)
|
|
||||||
@echo "LINK => $@"
|
|
||||||
|
|
||||||
$(Signed_Enclave_Name): $(Enclave_Name)
|
|
||||||
@$(SGX_ENCLAVE_SIGNER) sign -key isv_enclave/isv_enclave_private.pem -enclave $(Enclave_Name) -out $@ -config $(Enclave_Config_File)
|
|
||||||
@echo "SIGN => $@"
|
|
||||||
|
|
||||||
.PHONY: clean
|
|
||||||
|
|
||||||
clean:
|
|
||||||
@rm -f $(App_Name) $(Enclave_Name) $(Signed_Enclave_Name) $(App_Cpp_Objects) isv_app/isv_enclave_u.* $(Enclave_Cpp_Objects) isv_enclave/isv_enclave_t.* libservice_provider.* $(ServiceProvider_Cpp_Objects)
|
|
|
@ -1,40 +0,0 @@
|
||||||
#include <iostream>
|
|
||||||
#include <unistd.h>
|
|
||||||
|
|
||||||
#include "LogBase.h"
|
|
||||||
|
|
||||||
using namespace util;
|
|
||||||
|
|
||||||
#include "MessageHandler.h"
|
|
||||||
|
|
||||||
int Main(int argc, char* argv[]) {
|
|
||||||
LogBase::Inst();
|
|
||||||
|
|
||||||
int ret = 0;
|
|
||||||
|
|
||||||
MessageHandler msg;
|
|
||||||
msg.init();
|
|
||||||
msg.start();
|
|
||||||
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
int main( int argc, char **argv ) {
|
|
||||||
try {
|
|
||||||
return Main(argc, argv);
|
|
||||||
} catch (std::exception& e) {
|
|
||||||
Log("exception: %s", e.what());
|
|
||||||
} catch (...) {
|
|
||||||
Log("unexpected exception") ;
|
|
||||||
}
|
|
||||||
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,11 +0,0 @@
|
||||||
<EnclaveConfiguration>
|
|
||||||
<ProdID>0</ProdID>
|
|
||||||
<ISVSVN>0</ISVSVN>
|
|
||||||
<StackMaxSize>0x40000</StackMaxSize>
|
|
||||||
<HeapMaxSize>0x100000</HeapMaxSize>
|
|
||||||
<TCSNum>1</TCSNum>
|
|
||||||
<TCSPolicy>1</TCSPolicy>
|
|
||||||
<DisableDebug>0</DisableDebug>
|
|
||||||
<MiscSelect>0</MiscSelect>
|
|
||||||
<MiscMask>0xFFFFFFFF</MiscMask>
|
|
||||||
</EnclaveConfiguration>
|
|
|
@ -1,311 +0,0 @@
|
||||||
#include <stdarg.h>
|
|
||||||
#include <stdio.h>
|
|
||||||
|
|
||||||
#include <assert.h>
|
|
||||||
#include "isv_enclave_t.h"
|
|
||||||
#include "sgx_tkey_exchange.h"
|
|
||||||
#include "sgx_tcrypto.h"
|
|
||||||
#include "string.h"
|
|
||||||
|
|
||||||
// This is the public EC key of the SP. The corresponding private EC key is
|
|
||||||
// used by the SP to sign data used in the remote attestation SIGMA protocol
|
|
||||||
// to sign channel binding data in MSG2. A successful verification of the
|
|
||||||
// signature confirms the identity of the SP to the ISV app in remote
|
|
||||||
// attestation secure channel binding. The public EC key should be hardcoded in
|
|
||||||
// the enclave or delivered in a trustworthy manner. The use of a spoofed public
|
|
||||||
// EC key in the remote attestation with secure channel binding session may lead
|
|
||||||
// to a security compromise. Every different SP the enlcave communicates to
|
|
||||||
// must have a unique SP public key. Delivery of the SP public key is
|
|
||||||
// determined by the ISV. The TKE SIGMA protocl expects an Elliptical Curve key
|
|
||||||
// based on NIST P-256
|
|
||||||
static const sgx_ec256_public_t g_sp_pub_key = {
|
|
||||||
{
|
|
||||||
0x72, 0x12, 0x8a, 0x7a, 0x17, 0x52, 0x6e, 0xbf,
|
|
||||||
0x85, 0xd0, 0x3a, 0x62, 0x37, 0x30, 0xae, 0xad,
|
|
||||||
0x3e, 0x3d, 0xaa, 0xee, 0x9c, 0x60, 0x73, 0x1d,
|
|
||||||
0xb0, 0x5b, 0xe8, 0x62, 0x1c, 0x4b, 0xeb, 0x38
|
|
||||||
},
|
|
||||||
{
|
|
||||||
0xd4, 0x81, 0x40, 0xd9, 0x50, 0xe2, 0x57, 0x7b,
|
|
||||||
0x26, 0xee, 0xb7, 0x41, 0xe7, 0xc6, 0x14, 0xe2,
|
|
||||||
0x24, 0xb7, 0xbd, 0xc9, 0x03, 0xf2, 0x9a, 0x28,
|
|
||||||
0xa8, 0x3c, 0xc8, 0x10, 0x11, 0x14, 0x5e, 0x06
|
|
||||||
}
|
|
||||||
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
#ifdef SUPPLIED_KEY_DERIVATION
|
|
||||||
|
|
||||||
#pragma message ("Supplied key derivation function is used.")
|
|
||||||
|
|
||||||
typedef struct _hash_buffer_t {
|
|
||||||
uint8_t counter[4];
|
|
||||||
sgx_ec256_dh_shared_t shared_secret;
|
|
||||||
uint8_t algorithm_id[4];
|
|
||||||
} hash_buffer_t;
|
|
||||||
|
|
||||||
const char ID_U[] = "SGXRAENCLAVE";
|
|
||||||
const char ID_V[] = "SGXRASERVER";
|
|
||||||
|
|
||||||
// Derive two keys from shared key and key id.
|
|
||||||
bool derive_key(
|
|
||||||
const sgx_ec256_dh_shared_t *p_shared_key,
|
|
||||||
uint8_t key_id,
|
|
||||||
sgx_ec_key_128bit_t *first_derived_key,
|
|
||||||
sgx_ec_key_128bit_t *second_derived_key) {
|
|
||||||
sgx_status_t sgx_ret = SGX_SUCCESS;
|
|
||||||
hash_buffer_t hash_buffer;
|
|
||||||
sgx_sha_state_handle_t sha_context;
|
|
||||||
sgx_sha256_hash_t key_material;
|
|
||||||
|
|
||||||
memset(&hash_buffer, 0, sizeof(hash_buffer_t));
|
|
||||||
/* counter in big endian */
|
|
||||||
hash_buffer.counter[3] = key_id;
|
|
||||||
|
|
||||||
/*convert from little endian to big endian */
|
|
||||||
for (size_t i = 0; i < sizeof(sgx_ec256_dh_shared_t); i++) {
|
|
||||||
hash_buffer.shared_secret.s[i] = p_shared_key->s[sizeof(p_shared_key->s)-1 - i];
|
|
||||||
}
|
|
||||||
|
|
||||||
sgx_ret = sgx_sha256_init(&sha_context);
|
|
||||||
if (sgx_ret != SGX_SUCCESS) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
sgx_ret = sgx_sha256_update((uint8_t*)&hash_buffer, sizeof(hash_buffer_t), sha_context);
|
|
||||||
if (sgx_ret != SGX_SUCCESS) {
|
|
||||||
sgx_sha256_close(sha_context);
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
sgx_ret = sgx_sha256_update((uint8_t*)&ID_U, sizeof(ID_U), sha_context);
|
|
||||||
if (sgx_ret != SGX_SUCCESS) {
|
|
||||||
sgx_sha256_close(sha_context);
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
sgx_ret = sgx_sha256_update((uint8_t*)&ID_V, sizeof(ID_V), sha_context);
|
|
||||||
if (sgx_ret != SGX_SUCCESS) {
|
|
||||||
sgx_sha256_close(sha_context);
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
sgx_ret = sgx_sha256_get_hash(sha_context, &key_material);
|
|
||||||
if (sgx_ret != SGX_SUCCESS) {
|
|
||||||
sgx_sha256_close(sha_context);
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
sgx_ret = sgx_sha256_close(sha_context);
|
|
||||||
|
|
||||||
assert(sizeof(sgx_ec_key_128bit_t)* 2 == sizeof(sgx_sha256_hash_t));
|
|
||||||
memcpy(first_derived_key, &key_material, sizeof(sgx_ec_key_128bit_t));
|
|
||||||
memcpy(second_derived_key, (uint8_t*)&key_material + sizeof(sgx_ec_key_128bit_t), sizeof(sgx_ec_key_128bit_t));
|
|
||||||
|
|
||||||
// memset here can be optimized away by compiler, so please use memset_s on
|
|
||||||
// windows for production code and similar functions on other OSes.
|
|
||||||
memset(&key_material, 0, sizeof(sgx_sha256_hash_t));
|
|
||||||
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
//isv defined key derivation function id
|
|
||||||
#define ISV_KDF_ID 2
|
|
||||||
|
|
||||||
typedef enum _derive_key_type_t {
|
|
||||||
DERIVE_KEY_SMK_SK = 0,
|
|
||||||
DERIVE_KEY_MK_VK,
|
|
||||||
} derive_key_type_t;
|
|
||||||
|
|
||||||
sgx_status_t key_derivation(const sgx_ec256_dh_shared_t* shared_key,
|
|
||||||
uint16_t kdf_id,
|
|
||||||
sgx_ec_key_128bit_t* smk_key,
|
|
||||||
sgx_ec_key_128bit_t* sk_key,
|
|
||||||
sgx_ec_key_128bit_t* mk_key,
|
|
||||||
sgx_ec_key_128bit_t* vk_key) {
|
|
||||||
bool derive_ret = false;
|
|
||||||
|
|
||||||
if (NULL == shared_key) {
|
|
||||||
return SGX_ERROR_INVALID_PARAMETER;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (ISV_KDF_ID != kdf_id) {
|
|
||||||
//fprintf(stderr, "\nError, key derivation id mismatch in [%s].", __FUNCTION__);
|
|
||||||
return SGX_ERROR_KDF_MISMATCH;
|
|
||||||
}
|
|
||||||
|
|
||||||
derive_ret = derive_key(shared_key, DERIVE_KEY_SMK_SK,
|
|
||||||
smk_key, sk_key);
|
|
||||||
if (derive_ret != true) {
|
|
||||||
//fprintf(stderr, "\nError, derive key fail in [%s].", __FUNCTION__);
|
|
||||||
return SGX_ERROR_UNEXPECTED;
|
|
||||||
}
|
|
||||||
|
|
||||||
derive_ret = derive_key(shared_key, DERIVE_KEY_MK_VK,
|
|
||||||
mk_key, vk_key);
|
|
||||||
if (derive_ret != true) {
|
|
||||||
//fprintf(stderr, "\nError, derive key fail in [%s].", __FUNCTION__);
|
|
||||||
return SGX_ERROR_UNEXPECTED;
|
|
||||||
}
|
|
||||||
return SGX_SUCCESS;
|
|
||||||
}
|
|
||||||
#else
|
|
||||||
#pragma message ("Default key derivation function is used.")
|
|
||||||
#endif
|
|
||||||
|
|
||||||
// This ecall is a wrapper of sgx_ra_init to create the trusted
|
|
||||||
// KE exchange key context needed for the remote attestation
|
|
||||||
// SIGMA API's. Input pointers aren't checked since the trusted stubs
|
|
||||||
// copy them into EPC memory.
|
|
||||||
//
|
|
||||||
// @param b_pse Indicates whether the ISV app is using the
|
|
||||||
// platform services.
|
|
||||||
// @param p_context Pointer to the location where the returned
|
|
||||||
// key context is to be copied.
|
|
||||||
//
|
|
||||||
// @return Any error return from the create PSE session if b_pse
|
|
||||||
// is true.
|
|
||||||
// @return Any error returned from the trusted key exchange API
|
|
||||||
// for creating a key context.
|
|
||||||
|
|
||||||
sgx_status_t enclave_init_ra(
|
|
||||||
int b_pse,
|
|
||||||
sgx_ra_context_t *p_context) {
|
|
||||||
// isv enclave call to trusted key exchange library.
|
|
||||||
sgx_status_t ret;
|
|
||||||
if(b_pse) {
|
|
||||||
int busy_retry_times = 2;
|
|
||||||
do {
|
|
||||||
ret = sgx_create_pse_session();
|
|
||||||
} while (ret == SGX_ERROR_BUSY && busy_retry_times--);
|
|
||||||
if (ret != SGX_SUCCESS)
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
#ifdef SUPPLIED_KEY_DERIVATION
|
|
||||||
ret = sgx_ra_init_ex(&g_sp_pub_key, b_pse, key_derivation, p_context);
|
|
||||||
#else
|
|
||||||
ret = sgx_ra_init(&g_sp_pub_key, b_pse, p_context);
|
|
||||||
#endif
|
|
||||||
if(b_pse) {
|
|
||||||
sgx_close_pse_session();
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// Closes the tKE key context used during the SIGMA key
|
|
||||||
// exchange.
|
|
||||||
//
|
|
||||||
// @param context The trusted KE library key context.
|
|
||||||
//
|
|
||||||
// @return Return value from the key context close API
|
|
||||||
|
|
||||||
sgx_status_t SGXAPI enclave_ra_close(
|
|
||||||
sgx_ra_context_t context) {
|
|
||||||
sgx_status_t ret;
|
|
||||||
ret = sgx_ra_close(context);
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
// Verify the mac sent in att_result_msg from the SP using the
|
|
||||||
// MK key. Input pointers aren't checked since the trusted stubs
|
|
||||||
// copy them into EPC memory.
|
|
||||||
//
|
|
||||||
//
|
|
||||||
// @param context The trusted KE library key context.
|
|
||||||
// @param p_message Pointer to the message used to produce MAC
|
|
||||||
// @param message_size Size in bytes of the message.
|
|
||||||
// @param p_mac Pointer to the MAC to compare to.
|
|
||||||
// @param mac_size Size in bytes of the MAC
|
|
||||||
//
|
|
||||||
// @return SGX_ERROR_INVALID_PARAMETER - MAC size is incorrect.
|
|
||||||
// @return Any error produced by tKE API to get SK key.
|
|
||||||
// @return Any error produced by the AESCMAC function.
|
|
||||||
// @return SGX_ERROR_MAC_MISMATCH - MAC compare fails.
|
|
||||||
|
|
||||||
sgx_status_t verify_att_result_mac(sgx_ra_context_t context,
|
|
||||||
uint8_t* p_message,
|
|
||||||
size_t message_size,
|
|
||||||
uint8_t* p_mac,
|
|
||||||
size_t mac_size) {
|
|
||||||
sgx_status_t ret;
|
|
||||||
sgx_ec_key_128bit_t mk_key;
|
|
||||||
|
|
||||||
if(mac_size != sizeof(sgx_mac_t)) {
|
|
||||||
ret = SGX_ERROR_INVALID_PARAMETER;
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
if(message_size > UINT32_MAX) {
|
|
||||||
ret = SGX_ERROR_INVALID_PARAMETER;
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
do {
|
|
||||||
uint8_t mac[SGX_CMAC_MAC_SIZE] = {0};
|
|
||||||
|
|
||||||
ret = sgx_ra_get_keys(context, SGX_RA_KEY_MK, &mk_key);
|
|
||||||
if(SGX_SUCCESS != ret) {
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
ret = sgx_rijndael128_cmac_msg(&mk_key,
|
|
||||||
p_message,
|
|
||||||
(uint32_t)message_size,
|
|
||||||
&mac);
|
|
||||||
if(SGX_SUCCESS != ret) {
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
if(0 == consttime_memequal(p_mac, mac, sizeof(mac))) {
|
|
||||||
ret = SGX_ERROR_MAC_MISMATCH;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
} while(0);
|
|
||||||
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
sgx_status_t verify_secret_data (
|
|
||||||
sgx_ra_context_t context,
|
|
||||||
uint8_t *p_secret,
|
|
||||||
uint32_t secret_size,
|
|
||||||
uint8_t *p_gcm_mac,
|
|
||||||
uint32_t max_verification_length,
|
|
||||||
uint8_t *p_ret) {
|
|
||||||
sgx_status_t ret = SGX_SUCCESS;
|
|
||||||
sgx_ec_key_128bit_t sk_key;
|
|
||||||
|
|
||||||
do {
|
|
||||||
ret = sgx_ra_get_keys(context, SGX_RA_KEY_SK, &sk_key);
|
|
||||||
if (SGX_SUCCESS != ret) {
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
uint8_t *decrypted = (uint8_t*) malloc(sizeof(uint8_t) * secret_size);
|
|
||||||
uint8_t aes_gcm_iv[12] = {0};
|
|
||||||
|
|
||||||
ret = sgx_rijndael128GCM_decrypt(&sk_key,
|
|
||||||
p_secret,
|
|
||||||
secret_size,
|
|
||||||
decrypted,
|
|
||||||
&aes_gcm_iv[0],
|
|
||||||
12,
|
|
||||||
NULL,
|
|
||||||
0,
|
|
||||||
(const sgx_aes_gcm_128bit_tag_t *) (p_gcm_mac));
|
|
||||||
|
|
||||||
if (SGX_SUCCESS == ret) {
|
|
||||||
if (decrypted[0] == 0) {
|
|
||||||
if (decrypted[1] != 1) {
|
|
||||||
ret = SGX_ERROR_INVALID_SIGNATURE;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
ret = SGX_ERROR_UNEXPECTED;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
} while(0);
|
|
||||||
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,38 +0,0 @@
|
||||||
enclave {
|
|
||||||
from "sgx_tkey_exchange.edl" import *;
|
|
||||||
|
|
||||||
include "sgx_key_exchange.h"
|
|
||||||
include "sgx_trts.h"
|
|
||||||
|
|
||||||
trusted {
|
|
||||||
public sgx_status_t enclave_init_ra(int b_pse, [out] sgx_ra_context_t *p_context);
|
|
||||||
|
|
||||||
public sgx_status_t enclave_ra_close(sgx_ra_context_t context);
|
|
||||||
|
|
||||||
public sgx_status_t verify_att_result_mac(sgx_ra_context_t context,
|
|
||||||
[in,size=message_size] uint8_t* message,
|
|
||||||
size_t message_size,
|
|
||||||
[in,size=mac_size] uint8_t* mac,
|
|
||||||
size_t mac_size);
|
|
||||||
|
|
||||||
public sgx_status_t verify_secret_data(sgx_ra_context_t context,
|
|
||||||
[in,size=secret_size] uint8_t* p_secret,
|
|
||||||
uint32_t secret_size,
|
|
||||||
[in,count=16] uint8_t* gcm_mac,
|
|
||||||
uint32_t max_verification_length,
|
|
||||||
[out, count=16] uint8_t *p_ret);
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,8 +0,0 @@
|
||||||
enclave.so {
|
|
||||||
global:
|
|
||||||
g_global_data_sim;
|
|
||||||
g_global_data;
|
|
||||||
enclave_entry;
|
|
||||||
local:
|
|
||||||
*;
|
|
||||||
};
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue