You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@teaclave.apache.org by di...@apache.org on 2020/06/19 07:02:32 UTC
[incubator-teaclave-sgx-sdk] branch dcap-retrieve created (now
05948e5)
This is an automated email from the ASF dual-hosted git repository.
dingyu pushed a change to branch dcap-retrieve
in repository https://gitbox.apache.org/repos/asf/incubator-teaclave-sgx-sdk.git.
at 05948e5 first dcap tool commit
This branch includes the following new commits:
new 05948e5 first dcap tool commit
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@teaclave.apache.org
For additional commands, e-mail: commits-help@teaclave.apache.org
[incubator-teaclave-sgx-sdk] 01/01: first dcap tool commit
Posted by di...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
dingyu pushed a commit to branch dcap-retrieve
in repository https://gitbox.apache.org/repos/asf/incubator-teaclave-sgx-sdk.git
commit 05948e558aceecd240ffa78ccede8050d393a4ea
Author: Yu Ding <di...@gmail.com>
AuthorDate: Fri Jun 19 00:02:07 2020 -0700
first dcap tool commit
add dcap pck retrieval sample
---
samplecode/dcap-pckretrieval/Makefile | 159 +++++++++++++
samplecode/dcap-pckretrieval/app/Cargo.toml | 16 ++
samplecode/dcap-pckretrieval/app/build.rs | 41 ++++
samplecode/dcap-pckretrieval/app/src/main.rs | 250 +++++++++++++++++++++
samplecode/dcap-pckretrieval/bin/.gitkeep | 0
samplecode/dcap-pckretrieval/enclave/Cargo.toml | 42 ++++
.../dcap-pckretrieval/enclave/Enclave.config.xml | 10 +
samplecode/dcap-pckretrieval/enclave/Enclave.edl | 30 +++
samplecode/dcap-pckretrieval/enclave/Enclave.lds | 9 +
.../dcap-pckretrieval/enclave/Enclave_private.pem | 39 ++++
samplecode/dcap-pckretrieval/enclave/Makefile | 38 ++++
samplecode/dcap-pckretrieval/enclave/Xargo.toml | 95 ++++++++
samplecode/dcap-pckretrieval/enclave/src/lib.rs | 48 ++++
.../enclave/x86_64-unknown-linux-sgx.json | 31 +++
samplecode/dcap-pckretrieval/lib/readme.txt | 1 +
15 files changed, 809 insertions(+)
diff --git a/samplecode/dcap-pckretrieval/Makefile b/samplecode/dcap-pckretrieval/Makefile
new file mode 100644
index 0000000..bb3f6dd
--- /dev/null
+++ b/samplecode/dcap-pckretrieval/Makefile
@@ -0,0 +1,159 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+######## SGX SDK Settings ########
+
+SGX_SDK ?= /opt/intel/sgxsdk
+SGX_MODE ?= HW
+SGX_ARCH ?= x64
+
+TOP_DIR := ../..
+include $(TOP_DIR)/buildenv.mk
+
+ifeq ($(shell getconf LONG_BIT), 32)
+ SGX_ARCH := x86
+else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32)
+ SGX_ARCH := x86
+endif
+
+ifeq ($(SGX_ARCH), x86)
+ SGX_COMMON_CFLAGS := -m32
+ SGX_LIBRARY_PATH := $(SGX_SDK)/lib
+ SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign
+ SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r
+else
+ SGX_COMMON_CFLAGS := -m64
+ SGX_LIBRARY_PATH := $(SGX_SDK)/lib64
+ SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign
+ SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r
+endif
+
+ifeq ($(SGX_DEBUG), 1)
+ifeq ($(SGX_PRERELEASE), 1)
+$(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!)
+endif
+endif
+
+ifeq ($(SGX_DEBUG), 1)
+ SGX_COMMON_CFLAGS += -O0 -g
+else
+ SGX_COMMON_CFLAGS += -O2
+endif
+
+SGX_COMMON_CFLAGS += -fstack-protector
+
+######## CUSTOM Settings ########
+
+CUSTOM_LIBRARY_PATH := ./lib
+CUSTOM_BIN_PATH := ./bin
+CUSTOM_EDL_PATH := ../../edl
+CUSTOM_COMMON_PATH := ../../common
+
+######## EDL Settings ########
+
+Enclave_EDL_Files := enclave/Enclave_t.c enclave/Enclave_t.h app/Enclave_u.c app/Enclave_u.h
+
+######## APP Settings ########
+
+App_Rust_Flags := --release
+App_SRC_Files := $(shell find app/ -type f -name '*.rs') $(shell find app/ -type f -name 'Cargo.toml')
+App_Include_Paths := -I ./app -I./include -I$(SGX_SDK)/include -I$(CUSTOM_EDL_PATH)
+App_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths)
+
+App_Rust_Path := ./app/target/release
+App_Enclave_u_Object :=app/libEnclave_u.a
+App_Name := bin/PCKIDRetrievalTool
+
+######## Enclave Settings ########
+
+ifneq ($(SGX_MODE), HW)
+ Trts_Library_Name := sgx_trts_sim
+ Service_Library_Name := sgx_tservice_sim
+else
+ Trts_Library_Name := sgx_trts
+ Service_Library_Name := sgx_tservice
+endif
+Crypto_Library_Name := sgx_tcrypto
+KeyExchange_Library_Name := sgx_tkey_exchange
+ProtectedFs_Library_Name := sgx_tprotected_fs
+
+RustEnclave_C_Files := $(wildcard ./enclave/*.c)
+RustEnclave_C_Objects := $(RustEnclave_C_Files:.c=.o)
+RustEnclave_Include_Paths := -I$(CUSTOM_COMMON_PATH)/inc -I$(CUSTOM_EDL_PATH) -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/stlport -I$(SGX_SDK)/include/epid -I ./enclave -I./include
+
+RustEnclave_Link_Libs := -L$(CUSTOM_LIBRARY_PATH) -lenclave
+RustEnclave_Compile_Flags := $(SGX_COMMON_CFLAGS) $(ENCLAVE_CFLAGS) $(RustEnclave_Include_Paths)
+RustEnclave_Link_Flags := -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \
+ -Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
+ -Wl,--start-group -lsgx_tstdc -l$(Service_Library_Name) -l$(Crypto_Library_Name) $(RustEnclave_Link_Libs) -Wl,--end-group \
+ -Wl,--version-script=enclave/Enclave.lds \
+ $(ENCLAVE_LDFLAGS)
+
+RustEnclave_Name := enclave/enclave.so
+Signed_RustEnclave_Name := bin/enclave.signed.so
+
+.PHONY: all
+all: $(App_Name) $(Signed_RustEnclave_Name)
+
+######## EDL Objects ########
+
+$(Enclave_EDL_Files): $(SGX_EDGER8R) enclave/Enclave.edl
+ $(SGX_EDGER8R) --trusted enclave/Enclave.edl --search-path $(SGX_SDK)/include --search-path ../../edl --trusted-dir enclave
+ $(SGX_EDGER8R) --untrusted enclave/Enclave.edl --search-path $(SGX_SDK)/include --search-path ../../edl --untrusted-dir app
+ @echo "GEN => $(Enclave_EDL_Files)"
+
+######## App Objects ########
+
+app/Enclave_u.o: $(Enclave_EDL_Files)
+ @$(CC) $(App_C_Flags) -c app/Enclave_u.c -o $@
+ @echo "CC <= $<"
+
+$(App_Enclave_u_Object): app/Enclave_u.o
+ $(AR) rcsD $@ $^
+ cp $(App_Enclave_u_Object) ./lib
+
+$(App_Name): $(App_Enclave_u_Object) $(App_SRC_Files)
+ @cd app && SGX_SDK=$(SGX_SDK) cargo build $(App_Rust_Flags)
+ @echo "Cargo => $@"
+ mkdir -p bin
+ cp $(App_Rust_Path)/PCKIDRetrievalTool ./bin
+
+######## Enclave Objects ########
+
+enclave/Enclave_t.o: $(Enclave_EDL_Files)
+ @$(CC) $(RustEnclave_Compile_Flags) -c enclave/Enclave_t.c -o $@
+ @echo "CC <= $<"
+
+$(RustEnclave_Name): enclave enclave/Enclave_t.o
+ @$(CXX) enclave/Enclave_t.o -o $@ $(RustEnclave_Link_Flags)
+ @echo "LINK => $@"
+
+$(Signed_RustEnclave_Name): $(RustEnclave_Name)
+ mkdir -p bin
+ @$(SGX_ENCLAVE_SIGNER) sign -key enclave/Enclave_private.pem -enclave $(RustEnclave_Name) -out $@ -config enclave/Enclave.config.xml
+ @echo "SIGN => $@"
+
+.PHONY: enclave
+enclave:
+ $(MAKE) -C ./enclave/
+
+
+.PHONY: clean
+clean:
+ @rm -f $(App_Name) $(RustEnclave_Name) $(Signed_RustEnclave_Name) enclave/*_t.* app/*_u.* lib/*.a
+ @cd enclave && cargo clean && rm -f Cargo.lock
+ @cd app && cargo clean && rm -f Cargo.lock
diff --git a/samplecode/dcap-pckretrieval/app/Cargo.toml b/samplecode/dcap-pckretrieval/app/Cargo.toml
new file mode 100644
index 0000000..933b96f
--- /dev/null
+++ b/samplecode/dcap-pckretrieval/app/Cargo.toml
@@ -0,0 +1,16 @@
+[package]
+name = "PCKIDRetrievalTool"
+version = "1.0.0"
+authors = ["The Teaclave Authors"]
+build = "build.rs"
+
+[dependencies]
+sgx_types = { git = "https://github.com/apache/teaclave-sgx-sdk.git" }
+sgx_urts = { git = "https://github.com/apache/teaclave-sgx-sdk.git" }
+itertools = "*"
+libloading = "*"
+
+[patch.'https://github.com/apache/teaclave-sgx-sdk.git']
+sgx_types = { path = "../../../sgx_types" }
+sgx_urts = { path = "../../../sgx_urts" }
+
diff --git a/samplecode/dcap-pckretrieval/app/build.rs b/samplecode/dcap-pckretrieval/app/build.rs
new file mode 100644
index 0000000..ad6509b
--- /dev/null
+++ b/samplecode/dcap-pckretrieval/app/build.rs
@@ -0,0 +1,41 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License..
+
+use std::env;
+
+fn main() {
+ let sdk_dir = env::var("SGX_SDK").unwrap_or_else(|_| "/opt/intel/sgxsdk".to_string());
+ let is_sim = env::var("SGX_MODE").unwrap_or_else(|_| "HW".to_string());
+
+ println!("cargo:rustc-link-search=native=../lib");
+ println!("cargo:rustc-link-lib=static=Enclave_u");
+
+ println!("cargo:rustc-link-search=native={}/lib64", sdk_dir);
+
+ // if the linker failed to find libsgx_dcap_ql.so, please make sure that
+ // (1) libsgx-dcap-ql is installed
+ // (2) libsgx_dcap_ql.so exists. typicall at /usr/lib/x86_64-linux-gnu
+ // if libsgx_dcap_ql.so.1 is there, but no libsgx-dcap_ql,
+ // just create a symlink by
+ // ln -s libsgx_dcap_ql.so.1 libsgx_dcap_ql.so
+ println!("cargo:rustc-link-lib=dylib=sgx_dcap_ql");
+ match is_sim.as_ref() {
+ "SW" => println!("cargo:rustc-link-lib=dylib=sgx_urts_sim"),
+ "HW" => println!("cargo:rustc-link-lib=dylib=sgx_urts"),
+ _ => println!("cargo:rustc-link-lib=dylib=sgx_urts"), // Treat undefined as HW
+ }
+}
diff --git a/samplecode/dcap-pckretrieval/app/src/main.rs b/samplecode/dcap-pckretrieval/app/src/main.rs
new file mode 100644
index 0000000..8bff4e5
--- /dev/null
+++ b/samplecode/dcap-pckretrieval/app/src/main.rs
@@ -0,0 +1,250 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License..
+
+#![allow(non_snake_case)]
+
+extern crate itertools;
+extern crate libloading;
+extern crate sgx_types;
+extern crate sgx_urts;
+use itertools::*;
+use sgx_types::*;
+use sgx_urts::SgxEnclave;
+
+static ENCLAVE_FILE: &'static str = "enclave.signed.so";
+
+extern "C" {
+ fn enclave_create_report(
+ eid: sgx_enclave_id_t,
+ retval: *mut i32,
+ p_qe3_target: &sgx_target_info_t,
+ p_report: *mut sgx_report_t,
+ ) -> sgx_status_t;
+}
+
+fn init_enclave() -> SgxResult<SgxEnclave> {
+ let mut launch_token: sgx_launch_token_t = [0; 1024];
+ let mut launch_token_updated: i32 = 0;
+ // call sgx_create_enclave to initialize an enclave instance
+ // Debug Support: set 2nd parameter to 1
+ let debug = 0;
+ let mut misc_attr = sgx_misc_attribute_t {
+ secs_attr: sgx_attributes_t { flags: 0, xfrm: 0 },
+ misc_select: 0,
+ };
+ SgxEnclave::create(
+ ENCLAVE_FILE,
+ debug,
+ &mut launch_token,
+ &mut launch_token_updated,
+ &mut misc_attr,
+ )
+}
+
+fn main() {
+ // quote holds the generated quote
+ let quote: Vec<u8> = generate_quote().unwrap();
+
+ // this quote has type `sgx_quote3_t` and is structured as:
+ // sgx_quote3_t {
+ // header: sgx_quote_header_t,
+ // report_body: sgx_report_body_t,
+ // signature_data_len: uint32_t, // 1116
+ // signature_data { // 1116 bytes payload
+ // sig_data: sgx_ql_ecdsa_sig_data_t { // 576 = 64x3 +384 header
+ // sig: [uint8_t; 64],
+ // attest_pub_key: [uint8_t; 64],
+ // qe3_report: sgx_report_body_t, // 384
+ // qe3_report_sig: [uint8_t; 64],
+ // auth_certification_data { // 2 + 32 = 34
+ // sgx_ql_auth_data_t: u16 // observed 32, size of following auth_data
+ // auth_data: [u8; sgx_ql_auth_data_t]
+ // }
+ // sgx_ql_certification_data_t {/ 2 + 4 + 500
+ // cert_key_type: uint16_t,
+ // size: uint32_t, // observed 500, size of following certificateion_data
+ // certification_data { // 500 bytes
+ // }
+ // }
+ // }
+ // }
+ // }
+ let p_quote3: *const sgx_quote3_t = quote.as_ptr() as *const sgx_quote3_t;
+
+ // copy heading bytes to a sgx_quote3_t type to simplify access
+ let quote3: sgx_quote3_t = unsafe { *p_quote3 };
+
+ let quote_signature_data_vec: Vec<u8> = quote[std::mem::size_of::<sgx_quote3_t>()..].into();
+
+ //println!("quote3 header says signature data len = {}", quote3.signature_data_len);
+ //println!("quote_signature_data len = {}", quote_signature_data_vec.len());
+
+ assert_eq!(
+ quote3.signature_data_len as usize,
+ quote_signature_data_vec.len()
+ );
+
+ // signature_data has a header of sgx_ql_ecdsa_sig_data_t structure
+ //let p_sig_data: * const sgx_ql_ecdsa_sig_data_t = quote_signature_data_vec.as_ptr() as _;
+ // mem copy
+ //let sig_data = unsafe { * p_sig_data };
+
+ // sgx_ql_ecdsa_sig_data_t is followed by sgx_ql_auth_data_t
+ // create a new vec for auth_data
+ let auth_certification_data_offset = std::mem::size_of::<sgx_ql_ecdsa_sig_data_t>();
+ let p_auth_data: *const sgx_ql_auth_data_t =
+ (quote_signature_data_vec[auth_certification_data_offset..]).as_ptr() as _;
+ let auth_data_header: sgx_ql_auth_data_t = unsafe { *p_auth_data };
+ //println!("auth_data len = {}", auth_data_header.size);
+
+ let auth_data_offset =
+ auth_certification_data_offset + std::mem::size_of::<sgx_ql_auth_data_t>();
+
+ // It should be [0,1,2,3...]
+ // defined at https://github.com/intel/SGXDataCenterAttestationPrimitives/blob/4605fae1c606de4ff1191719433f77f050f1c33c/QuoteGeneration/quote_wrapper/quote/qe_logic.cpp#L1452
+ //let auth_data_vec: Vec<u8> = quote_signature_data_vec[auth_data_offset..auth_data_offset + auth_data_header.size as usize].into();
+ //println!("Auth data:\n{:?}", auth_data_vec);
+
+ let temp_cert_data_offset = auth_data_offset + auth_data_header.size as usize;
+ let p_temp_cert_data: *const sgx_ql_certification_data_t =
+ quote_signature_data_vec[temp_cert_data_offset..].as_ptr() as _;
+ let temp_cert_data: sgx_ql_certification_data_t = unsafe { *p_temp_cert_data };
+
+ //println!("certification data offset = {}", temp_cert_data_offset);
+ //println!("certification data size = {}", temp_cert_data.size);
+
+ let cert_info_offset =
+ temp_cert_data_offset + std::mem::size_of::<sgx_ql_certification_data_t>();
+
+ //println!("cert info offset = {}", cert_info_offset);
+ // this should be the last structure
+ assert_eq!(
+ quote_signature_data_vec.len(),
+ cert_info_offset + temp_cert_data.size as usize
+ );
+
+ let tail_content = quote_signature_data_vec[cert_info_offset..].to_vec();
+ let enc_ppid_len = 384;
+ let enc_ppid: &[u8] = &tail_content[0..enc_ppid_len];
+ let pce_id: &[u8] = &tail_content[enc_ppid_len..enc_ppid_len + 2];
+ let cpu_svn: &[u8] = &tail_content[enc_ppid_len + 2..enc_ppid_len + 2 + 16];
+ let pce_isvsvn: &[u8] = &tail_content[enc_ppid_len + 2 + 16..enc_ppid_len + 2 + 18];
+ println!("EncPPID:\n{:02x}", enc_ppid.iter().format(""));
+ println!("PCE_ID:\n{:02x}", pce_id.iter().format(""));
+ println!("TCBr - CPUSVN:\n{:02x}", cpu_svn.iter().format(""));
+ println!("TCBr - PCE_ISVSVN:\n{:02x}", pce_isvsvn.iter().format(""));
+ println!("QE_ID:\n{:02x}", quote3.header.user_data.iter().format(""));
+}
+
+// Re-invent App/utility.cpp
+// int generate_quote(uint8_t **quote_buffer, uint32_t& quote_size)
+fn generate_quote() -> Option<Vec<u8>> {
+ let mut ti: sgx_target_info_t = sgx_target_info_t::default();
+
+ let _l = libloading::Library::new("./libdcap_quoteprov.so.1").unwrap();
+ println!("Step1: Call sgx_qe_get_target_info:");
+ //println!("sgx_qe_get_target_info = {:p}", sgx_qe_get_target_info as * const _);
+
+ let qe3_ret = unsafe { sgx_qe_get_target_info(&mut ti as *mut _) };
+
+ if qe3_ret != sgx_quote3_error_t::SGX_QL_SUCCESS {
+ println!("Error in sgx_qe_get_target_info. {:?}\n", qe3_ret);
+ return None;
+ }
+
+ //println!("target_info.mr_enclave = {:?}", ti.mr_enclave.m);
+ //println!("target_info.config_id = {:02x}", ti.config_id.iter().format(" "));
+
+ let quote_size = std::mem::size_of::<sgx_target_info_t>();
+ let mut v: Vec<u8> = vec![0; quote_size];
+ unsafe {
+ std::ptr::copy_nonoverlapping(
+ &ti as *const sgx_target_info_t as *const u8,
+ v.as_mut_ptr() as *mut u8,
+ quote_size,
+ );
+ }
+
+ //println!("quote = {:?}", v);
+
+ println!("succeed!\nStep2: Call create_app_report:");
+ let app_report: sgx_report_t = if let Some(r) = create_app_enclave_report(&ti) {
+ println!("succeed! \nStep3: Call sgx_qe_get_quote_size:");
+ r
+ } else {
+ println!("\nCall to create_app_report() failed\n");
+ return None;
+ };
+
+ //println!("app_report.body.cpu_svn = {:02x}", app_report.body.cpu_svn.svn.iter().format(""));
+ //println!("app_report.body.misc_select = {:08x}", app_report.body.misc_select);
+ //println!("app_report.key_id = {:02x}", app_report.key_id.id.iter().format(""));
+ //println!("app_report.mac = {:02x}", app_report.mac.iter().format(""));
+
+ let mut quote_size: u32 = 0;
+ let qe3_ret = unsafe { sgx_qe_get_quote_size(&mut quote_size as _) };
+
+ if qe3_ret != sgx_quote3_error_t::SGX_QL_SUCCESS {
+ println!("Error in sgx_qe_get_quote_size . {:?}\n", qe3_ret);
+ return None;
+ }
+
+ println!("succeed!");
+
+ let mut quote_vec: Vec<u8> = vec![0; quote_size as usize];
+
+ println!("\nStep4: Call sgx_qe_get_quote:");
+
+ let qe3_ret =
+ unsafe { sgx_qe_get_quote(&app_report as _, quote_size, quote_vec.as_mut_ptr() as _) };
+
+ if qe3_ret != sgx_quote3_error_t::SGX_QL_SUCCESS {
+ println!("Error in sgx_qe_get_quote. {:?}\n", qe3_ret);
+ return None;
+ }
+
+ Some(quote_vec)
+}
+
+fn create_app_enclave_report(qe_ti: &sgx_target_info_t) -> Option<sgx_report_t> {
+ let enclave = if let Ok(r) = init_enclave() {
+ r
+ } else {
+ return None;
+ };
+
+ let mut retval = 0;
+ let mut ret_report: sgx_report_t = sgx_report_t::default();
+
+ let result = unsafe {
+ enclave_create_report(
+ enclave.geteid(),
+ &mut retval,
+ qe_ti,
+ &mut ret_report as *mut sgx_report_t,
+ )
+ };
+ match result {
+ sgx_status_t::SGX_SUCCESS => {}
+ _ => {
+ println!("[-] ECALL Enclave Failed {}!", result.as_str());
+ return None;
+ }
+ }
+ enclave.destroy();
+ Some(ret_report)
+}
diff --git a/samplecode/dcap-pckretrieval/bin/.gitkeep b/samplecode/dcap-pckretrieval/bin/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/samplecode/dcap-pckretrieval/enclave/Cargo.toml b/samplecode/dcap-pckretrieval/enclave/Cargo.toml
new file mode 100644
index 0000000..45065af
--- /dev/null
+++ b/samplecode/dcap-pckretrieval/enclave/Cargo.toml
@@ -0,0 +1,42 @@
+[package]
+name = "PCKIDRetrievalTool"
+version = "1.0.0"
+authors = ["The Teaclave Authors"]
+
+[lib]
+name = "pckidretrievaltool"
+crate-type = ["staticlib"]
+
+[features]
+default = []
+
+[target.'cfg(not(target_env = "sgx"))'.dependencies]
+sgx_types = { git = "https://github.com/apache/teaclave-sgx-sdk.git" }
+sgx_tstd = { git = "https://github.com/apache/teaclave-sgx-sdk.git" }
+sgx_trts = { git = "https://github.com/apache/teaclave-sgx-sdk.git" }
+sgx_tse = { git = "https://github.com/apache/teaclave-sgx-sdk.git" }
+[patch.'https://github.com/apache/teaclave-sgx-sdk.git']
+sgx_alloc = { path = "../../../sgx_alloc" }
+sgx_build_helper = { path = "../../../sgx_build_helper" }
+sgx_cov = { path = "../../../sgx_cov" }
+sgx_crypto_helper = { path = "../../../sgx_crypto_helper" }
+sgx_libc = { path = "../../../sgx_libc" }
+sgx_rand = { path = "../../../sgx_rand" }
+sgx_rand_derive = { path = "../../../sgx_rand_derive" }
+sgx_serialize = { path = "../../../sgx_serialize" }
+sgx_serialize_derive = { path = "../../../sgx_serialize_derive" }
+sgx_serialize_derive_internals = { path = "../../../sgx_serialize_derive_internals" }
+sgx_tcrypto = { path = "../../../sgx_tcrypto" }
+sgx_tcrypto_helper = { path = "../../../sgx_tcrypto_helper" }
+sgx_tdh = { path = "../../../sgx_tdh" }
+sgx_tkey_exchange = { path = "../../../sgx_tkey_exchange" }
+sgx_tprotected_fs = { path = "../../../sgx_tprotected_fs" }
+sgx_trts = { path = "../../../sgx_trts" }
+sgx_tse = { path = "../../../sgx_tse" }
+sgx_tseal = { path = "../../../sgx_tseal" }
+sgx_tstd = { path = "../../../sgx_tstd" }
+sgx_tunittest = { path = "../../../sgx_tunittest" }
+sgx_types = { path = "../../../sgx_types" }
+sgx_ucrypto = { path = "../../../sgx_ucrypto" }
+sgx_unwind = { path = "../../../sgx_unwind" }
+sgx_urts = { path = "../../../sgx_urts" }
diff --git a/samplecode/dcap-pckretrieval/enclave/Enclave.config.xml b/samplecode/dcap-pckretrieval/enclave/Enclave.config.xml
new file mode 100644
index 0000000..5b97ad8
--- /dev/null
+++ b/samplecode/dcap-pckretrieval/enclave/Enclave.config.xml
@@ -0,0 +1,10 @@
+<EnclaveConfiguration>
+ <ProdID>0x1</ProdID>
+ <ISVSVN>1</ISVSVN>
+ <TCSNum>1</TCSNum>
+ <TCSPolicy>1</TCSPolicy>
+ <HW>0</HW>
+ <StackMaxSize>0x2000</StackMaxSize>
+ <HeapMaxSize>0x4000</HeapMaxSize>
+ <DisableDebug>1</DisableDebug>
+</EnclaveConfiguration>
diff --git a/samplecode/dcap-pckretrieval/enclave/Enclave.edl b/samplecode/dcap-pckretrieval/enclave/Enclave.edl
new file mode 100644
index 0000000..097453f
--- /dev/null
+++ b/samplecode/dcap-pckretrieval/enclave/Enclave.edl
@@ -0,0 +1,30 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+enclave {
+ from "sgx_tstd.edl" import *;
+ from "sgx_stdio.edl" import *;
+ from "sgx_file.edl" import *;
+ include "sgx_report.h"
+
+ trusted {
+ /* define ECALLs here. */
+ public uint32_t enclave_create_report([in]const sgx_target_info_t* p_qe3_target,
+ [out]sgx_report_t* p_report);
+
+ };
+};
diff --git a/samplecode/dcap-pckretrieval/enclave/Enclave.lds b/samplecode/dcap-pckretrieval/enclave/Enclave.lds
new file mode 100644
index 0000000..e3d9d0e
--- /dev/null
+++ b/samplecode/dcap-pckretrieval/enclave/Enclave.lds
@@ -0,0 +1,9 @@
+enclave.so
+{
+ global:
+ g_global_data_sim;
+ g_global_data;
+ enclave_entry;
+ local:
+ *;
+};
diff --git a/samplecode/dcap-pckretrieval/enclave/Enclave_private.pem b/samplecode/dcap-pckretrieval/enclave/Enclave_private.pem
new file mode 100644
index 0000000..314705b
--- /dev/null
+++ b/samplecode/dcap-pckretrieval/enclave/Enclave_private.pem
@@ -0,0 +1,39 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIG4QIBAAKCAYEAkfZLXB3p7SYhqBmRbiBlTaCQ1dWWsVCGkgrcN/IAKxsh2XRJ
+CtEEGoY3gOeZynZOAGx+eT3TskLF2/WDeQp3PKYsLlflcPwJY1ICaUBYzVtFKM/w
+19uNXA5njiXdkZmOpXvsl97P0T24+ll+uL55BayuLHitshY5CD9ITkzcckn5q1cv
+QsEXud/Q1l/jxE/+gghqFkSjCoxC4272XPfM177bPk0MIsIBWp/IQJWOykdk0Xlb
+KMkjWhk9pTThbdqHxwcXeY6FhiBAO1QcofWzHDuSrhKA5A7zBosbVUAs7D1iyZKK
+E9n+R8F4yOrGZ4lN8pJ/+WyJRcuxdoAmaYbIM99tYHos3pY/+9F9/llTSQj0K5G1
+m/9rMzS+uT58bX2yIQXLSRaikITNz78GNDH1E33rC1hK3iYjr5Cec9gjtaZPHq3H
+qnv01IRt6n7pcmSWR04FFLahOMCCt1/Zk4U9IOvy+teJU/qibsIxxoLdgZzi4vY4
+WafHaR8b0qp8XhC7AgEDAoIBgGFO3OgT8UjEFnARC57AQ4kVtePjucuLBGFcks/2
+qsdna+ZNhgc2ArxZelXvu9xO3qry/vt+jSGB2T1OV6YG+ihuyB7lQ6CoBkI2rEYq
+5d482MXf9eU9COgJml7D6Qu7tG5SnbqUiot+e1GQ/yXUUK5zHshQc8wO0LAqMDQz
+PaGGpnI6H4HWD9E/4I7ql9g1VFawRrmDF1xdgez0pD36iI/UkimIssHWq5G/2tW5
+CdwvmIumPMXbbOa7fm4jQPPnBCpP9BQ3LKKNjIW5TKU4RNIChFzLOEUhhl6PRvwk
+8SQcRJsEx/ixsziWKm3x8iVK4UQZjom2HEIGVeF/ZUQ7fMbuLJnhZWwoSFonM/G/
+EOTfccnp+ZvVgtDq2iMZCFrSp3bZGUxC3+T/iFQpEC93FnhhnGyCD7ulo01o8xpH
+qrNIuLeXjWUGOoFXLyq0WyaHnTwnHDQPK4EsVyqiX4YC6ppMPfdutYolBzFOm5a9
+TbyIVvfI64cgUhj6frOgYyVM2wKBwQDi0VQglAobzmPY8iJ/5di446xcmt764bZ8
+slBwYqJfG8hRWWZrXuyT42BaN58hvGFIvLro2msMRjpMYjWBZIOXhgPQ5ss7hK5G
+Ik9Xf9JGfXKbn1rdLl4g7swVGWHioZVtniN4S6ICPBaRJ60ytRhxABgDARVw/XyO
+bnSAFc7nvIrNrdFAo3Q3M1XArWvho28RKZF8oT9sGJ4vK8X/3NMvda30D9uswt/8
+btL41u2BSr13ZvcVMyyBh4RDdFUZnycCgcEApL3VOqe4dn2JmcwHKjtzKFQfxkbN
+gXry/AHgaqYg1vczj7H3s3CE3vzYycg8Ddyaw69vQgDz1nv2V97ZAckJcfQmqMFJ
+gNUlLnRgvDrnqzxW4RNkVRDI2OWrb3+OAqAhgSIB3mawtslqwFnAuko67etoZZQd
+07AyLQS9TFbUwPyvPZyiUk8o205RacL01vW7W+nJSf6giuVhyECESqQKCgPoE6Gd
+WAA3qF11a4/7ZYWi9+Hf+cQfwh/ZgcWSjH5NAoHBAJc2OBW4Br00QpChbFVD5dCX
+yD28lKdBJFMhivWXFuoShYuQ7vI/SGKXlZF6ahZ9ljB90fCRnLLZfDLsI6uYV7pZ
+V+CZ3NJYdC7BijpVNtmo9xJqPJN0PsCfMri7lpcWY55pbPrdFqwoDwtvyMx4uvYA
+EAIAuPX+Uwme+FVj30UoXIkei4Bs+CTM49XI8pZs9LYbtlMWKkgQaXTH2VU94h+j
+yU1f58iB6qhJ4fs586uHKPpEpLjMyFZaWCz4OLu/bwKBwG3T43xv0E7+W7vdWhwn
+ohriv9mEiQD8of1WlZxuwI9Pd7UhT8z1ren95dva0rPoZy0fn4FV9+RSpDqUkKvb
+W6FNbxsrhlXjbh74QH18mnIoOetiQuNgheXuckpVCVcVa6tsAT7vIHnbnIA71dGG
+0fPyRZkNaTfKzB4DKN2POICodNO9wYw0xeeJi5vXTeSj0j1GhjFUawdDloWAWDHC
+sVwCmrfBE5AAJRro+PJf/O5ZF0/r6qaCv9a/5laDtwhUMwKBwDp16J55+fy6S7BZ
+/LdMSim1XGxHdk+eT/ViBjXk+Ltr8IGDp72sI+nA3NK0u1vRNUYkdH3qj6zocusu
+t1+NH0mah1BNvqU/lWkGZe5kJ6FDFYnL8OB+ChNXNKZaT09GOcG2DxSFN9g5u3EK
+doIX5Qku7Ra3LElgTcINoNb2JJ9go8Tl9AwdUICX9FAuA1k6GxrdIcbhtOA+tI2G
+2jSl4qqd3uTTDdkzw0eW08pJxtAPxwTi2BENfOSbsA1c4TVExA==
+-----END RSA PRIVATE KEY-----
diff --git a/samplecode/dcap-pckretrieval/enclave/Makefile b/samplecode/dcap-pckretrieval/enclave/Makefile
new file mode 100644
index 0000000..786b6af
--- /dev/null
+++ b/samplecode/dcap-pckretrieval/enclave/Makefile
@@ -0,0 +1,38 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+Rust_Enclave_Name := libenclave.a
+Rust_Enclave_Files := $(wildcard src/*.rs)
+Rust_Target_Path := $(CURDIR)/../../../xargo
+
+ifeq ($(MITIGATION-CVE-2020-0551), LOAD)
+export MITIGATION_CVE_2020_0551=LOAD
+else ifeq ($(MITIGATION-CVE-2020-0551), CF)
+export MITIGATION_CVE_2020_0551=CF
+endif
+
+.PHONY: all
+
+all: $(Rust_Enclave_Name)
+
+$(Rust_Enclave_Name): $(Rust_Enclave_Files)
+ifeq ($(XARGO_SGX), 1)
+ RUST_TARGET_PATH=$(Rust_Target_Path) xargo build --target x86_64-unknown-linux-sgx --release
+ cp ./target/x86_64-unknown-linux-sgx/release/libpckidretrievaltool.a ../lib/libenclave.a
+else
+ cargo build --release
+ cp ./target/release/libpckidretrievaltool.a ../lib/libenclave.a
+endif
diff --git a/samplecode/dcap-pckretrieval/enclave/Xargo.toml b/samplecode/dcap-pckretrieval/enclave/Xargo.toml
new file mode 100644
index 0000000..ffb4272
--- /dev/null
+++ b/samplecode/dcap-pckretrieval/enclave/Xargo.toml
@@ -0,0 +1,95 @@
+[dependencies]
+alloc = {}
+
+[dependencies.sgx_types]
+path = "../../../sgx_types"
+stage = 1
+
+[dependencies.sgx_alloc]
+path = "../../../sgx_alloc"
+stage = 1
+
+[dependencies.sgx_unwind]
+path = "../../../sgx_unwind"
+stage = 1
+
+[dependencies.sgx_demangle]
+path = "../../../sgx_demangle"
+stage = 1
+
+[dependencies.panic_abort]
+path = "../../../sgx_panic_abort"
+stage = 1
+
+[dependencies.sgx_libc]
+path = "../../../sgx_libc"
+stage = 2
+
+[dependencies.sgx_tkey_exchange]
+path = "../../../sgx_tkey_exchange"
+stage = 2
+
+[dependencies.sgx_tse]
+path = "../../../sgx_tse"
+stage = 2
+
+[dependencies.sgx_tcrypto]
+path = "../../../sgx_tcrypto"
+stage = 2
+
+[dependencies.sgx_trts]
+path = "../../../sgx_trts"
+stage = 3
+
+[dependencies.sgx_backtrace_sys]
+path = "../../../sgx_backtrace_sys"
+stage = 3
+
+[dependencies.panic_unwind]
+path = "../../../sgx_panic_unwind"
+stage = 3
+
+[dependencies.sgx_tdh]
+path = "../../../sgx_tdh"
+stage = 4
+
+[dependencies.sgx_tseal]
+path = "../../../sgx_tseal"
+stage = 4
+
+[dependencies.sgx_tprotected_fs]
+path = "../../../sgx_tprotected_fs"
+stage = 4
+
+[dependencies.std]
+path = "../../../xargo/sgx_tstd"
+stage = 5
+features = ["backtrace"]
+
+[dependencies.sgx_no_tstd]
+path = "../../../sgx_no_tstd"
+stage = 5
+
+[dependencies.sgx_rand]
+path = "../../../sgx_rand"
+stage = 6
+
+[dependencies.sgx_serialize]
+path = "../../../sgx_serialize"
+stage = 6
+
+[dependencies.sgx_tunittest]
+path = "../../../sgx_tunittest"
+stage = 6
+
+[dependencies.sgx_backtrace]
+path = "../../../sgx_backtrace"
+stage = 7
+
+[dependencies.sgx_cov]
+path = "../../../sgx_cov"
+stage = 7
+
+[dependencies.sgx_signal]
+path = "../../../sgx_signal"
+stage = 7
diff --git a/samplecode/dcap-pckretrieval/enclave/src/lib.rs b/samplecode/dcap-pckretrieval/enclave/src/lib.rs
new file mode 100644
index 0000000..3e99903
--- /dev/null
+++ b/samplecode/dcap-pckretrieval/enclave/src/lib.rs
@@ -0,0 +1,48 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License..
+
+#![crate_name = "pckidretrievaltool"]
+#![crate_type = "staticlib"]
+
+#![cfg_attr(not(target_env = "sgx"), no_std)]
+#![cfg_attr(target_env = "sgx", feature(rustc_private))]
+
+extern crate sgx_types;
+extern crate sgx_tse;
+#[cfg(not(target_env = "sgx"))]
+#[macro_use]
+extern crate sgx_tstd as std;
+
+use sgx_types::*;
+use sgx_tse::rsgx_create_report;
+
+#[no_mangle]
+pub extern "C" fn enclave_create_report(
+ p_qe3_target : &sgx_target_info_t,
+ p_report: &mut sgx_report_t) -> u32 {
+ let empty_data: sgx_report_data_t = sgx_report_data_t::default();
+ match rsgx_create_report(p_qe3_target, &empty_data) {
+ Ok(report) => {
+ *p_report = report;
+ 0
+ },
+ Err(x) => {
+ println!("rsgx_create_report failed! {:?}", x);
+ x as u32
+ }
+ }
+}
diff --git a/samplecode/dcap-pckretrieval/enclave/x86_64-unknown-linux-sgx.json b/samplecode/dcap-pckretrieval/enclave/x86_64-unknown-linux-sgx.json
new file mode 100644
index 0000000..10d37a7
--- /dev/null
+++ b/samplecode/dcap-pckretrieval/enclave/x86_64-unknown-linux-sgx.json
@@ -0,0 +1,31 @@
+{
+ "arch": "x86_64",
+ "cpu": "x86-64",
+ "data-layout": "e-m:e-i64:64-f80:128-n8:16:32:64-S128",
+ "dynamic-linking": true,
+ "env": "sgx",
+ "exe-allocation-crate": "alloc_system",
+ "executables": true,
+ "has-elf-tls": true,
+ "has-rpath": true,
+ "linker-flavor": "gcc",
+ "linker-is-gnu": true,
+ "llvm-target": "x86_64-unknown-linux-gnu",
+ "max-atomic-width": 64,
+ "os": "linux",
+ "position-independent-executables": true,
+ "pre-link-args": {
+ "gcc": [
+ "-Wl,--as-needed",
+ "-Wl,-z,noexecstack",
+ "-m64"
+ ]
+ },
+ "relro-level": "full",
+ "stack-probes": true,
+ "target-c-int-width": "32",
+ "target-endian": "little",
+ "target-family": "unix",
+ "target-pointer-width": "64",
+ "vendor": "mesalock"
+}
diff --git a/samplecode/dcap-pckretrieval/lib/readme.txt b/samplecode/dcap-pckretrieval/lib/readme.txt
new file mode 100644
index 0000000..7951405
--- /dev/null
+++ b/samplecode/dcap-pckretrieval/lib/readme.txt
@@ -0,0 +1 @@
+lib
\ No newline at end of file
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@teaclave.apache.org
For additional commands, e-mail: commits-help@teaclave.apache.org