You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@teaclave.apache.org by ms...@apache.org on 2019/12/17 07:48:09 UTC
[incubator-teaclave] branch master updated: [binder] Polish binder
(#171)
This is an automated email from the ASF dual-hosted git repository.
mssun pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-teaclave.git
The following commit(s) were added to refs/heads/master by this push:
new 6f78e92 [binder] Polish binder (#171)
6f78e92 is described below
commit 6f78e92d4a6a7e43c8275194a91fd0834dc1e114
Author: Mingshen Sun <bo...@mssun.me>
AuthorDate: Mon Dec 16 23:25:52 2019 -0800
[binder] Polish binder (#171)
- redefine ocalls
- remove useless launch token code
---
cmake/MesaTEEGenVars.cmake | 2 +-
cmake/tomls/Cargo.sgx_untrusted_app.toml | 2 +-
docs/repo_structure.md | 2 +-
mesatee_binder/Enclave.edl | 59 --------
mesatee_binder/src/binder.rs | 185 -------------------------
mesatee_binder/src/ocall.rs | 112 ---------------
mesatee_core/src/rpc/sgx/ra.rs | 134 ++++++++----------
mesatee_services/acs/sgx_app/Cargo.toml | 2 +-
mesatee_services/acs/sgx_app/src/main.rs | 4 +-
mesatee_services/fns/sgx_app/Cargo.toml | 2 +-
mesatee_services/fns/sgx_app/src/main.rs | 4 +-
mesatee_services/kms/sgx_app/Cargo.toml | 2 +-
mesatee_services/kms/sgx_app/src/main.rs | 4 +-
mesatee_services/tdfs/sgx_app/Cargo.toml | 2 +-
mesatee_services/tdfs/sgx_app/src/main.rs | 4 +-
mesatee_services/tms/sgx_app/Cargo.toml | 2 +-
mesatee_services/tms/sgx_app/src/main.rs | 4 +-
{mesatee_binder => teaclave_binder}/Cargo.toml | 4 +-
teaclave_binder/Enclave.edl | 60 ++++++++
{mesatee_binder => teaclave_binder}/build.rs | 0
teaclave_binder/src/binder.rs | 114 +++++++++++++++
{mesatee_binder => teaclave_binder}/src/lib.rs | 0
teaclave_binder/src/ocall.rs | 97 +++++++++++++
teaclave_config/src/lib.rs | 14 +-
tests/functional_test/sgx_app/Cargo.toml | 2 +-
tests/functional_test/sgx_app/src/main.rs | 4 +-
26 files changed, 361 insertions(+), 460 deletions(-)
diff --git a/cmake/MesaTEEGenVars.cmake b/cmake/MesaTEEGenVars.cmake
index 3fe3d19..b4702ae 100644
--- a/cmake/MesaTEEGenVars.cmake
+++ b/cmake/MesaTEEGenVars.cmake
@@ -23,7 +23,7 @@ set(MT_SCRIPT_DIR ${PROJECT_SOURCE_DIR}/cmake/scripts)
set(MT_UNIX_TOML_DIR ${PROJECT_BINARY_DIR}/cmake_tomls/unix_app)
set(MT_SGXLIB_TOML_DIR ${PROJECT_BINARY_DIR}/cmake_tomls/sgx_trusted_lib)
set(MT_SGXAPP_TOML_DIR ${PROJECT_BINARY_DIR}/cmake_tomls/sgx_untrusted_app)
-set(MT_EDL_FILE ${PROJECT_SOURCE_DIR}/mesatee_binder/Enclave.edl)
+set(MT_EDL_FILE ${PROJECT_SOURCE_DIR}/teaclave_binder/Enclave.edl)
set(SGX_EDGER8R ${SGX_SDK}/bin/x64/sgx_edger8r)
set(SGX_ENCLAVE_SIGNER ${SGX_SDK}/bin/x64/sgx_sign)
diff --git a/cmake/tomls/Cargo.sgx_untrusted_app.toml b/cmake/tomls/Cargo.sgx_untrusted_app.toml
index 5a54c5e..6623f42 100644
--- a/cmake/tomls/Cargo.sgx_untrusted_app.toml
+++ b/cmake/tomls/Cargo.sgx_untrusted_app.toml
@@ -17,7 +17,7 @@ exclude = [
[patch.crates-io]
# mesatee_core
mesatee_core = { path = "./mesatee_core" }
-mesatee_binder = { path = "./mesatee_binder" }
+teaclave_binder = { path = "./teaclave_binder" }
# We cannot remove these crates, because proto crates depend on them
sgx_cov = { git = "https://github.com/baidu/rust-sgx-sdk", rev = "v1.0.9" }
diff --git a/docs/repo_structure.md b/docs/repo_structure.md
index 75da215..e0b5b46 100644
--- a/docs/repo_structure.md
+++ b/docs/repo_structure.md
@@ -12,7 +12,7 @@
- documentations
+ [examples](../examples)
- examples
- + [mesatee_binder](../mesatee_binder)
+ + [teaclave_binder](../teaclave_binder)
- abstract communication interfaces between TEE untrusted/trusted worlds
+ [mesatee_config](../mesatee_config)
- compile-time and runtime configuration utilities
diff --git a/mesatee_binder/Enclave.edl b/mesatee_binder/Enclave.edl
deleted file mode 100644
index 835b33d..0000000
--- a/mesatee_binder/Enclave.edl
+++ /dev/null
@@ -1,59 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-enclave {
- from "sgx_tstd.edl" import *;
- from "sgx_stdio.edl" import *;
- from "sgx_tstdc.edl" import *;
- from "sgx_backtrace.edl" import *;
- from "sgx_time.edl" import *;
- from "sgx_fs.edl" import *;
- from "sgx_fd.edl" import *;
- from "sgx_net.edl" import *;
- from "sgx_env.edl" import *;
- from "sgx_tprotected_fs.edl" import *;
-
- trusted {
- /* define ECALLs here. */
- public uint32_t ecall_ipc_entry_point(
- uint32_t cmd,
- [in, size=in_len] const uint8_t* in_buf,
- size_t in_len,
- [out, size=out_maxlen] uint8_t* out_buf,
- size_t out_maxlen,
- [out] size_t *real_out_len);
- };
-
- include "sgx_quote.h"
- untrusted {
- sgx_status_t ocall_sgx_init_quote([out] sgx_target_info_t *ret_ti,
- [out] sgx_epid_group_id_t *ret_gid);
- sgx_status_t ocall_get_ias_socket([out] int *ret_fd);
- sgx_status_t ocall_get_quote([in, size = sigrl_len] uint8_t * p_sigrl,
- uint32_t sigrl_len,
- [in] sgx_report_t *report,
- sgx_quote_sign_type_t quote_type,
- [in] sgx_spid_t *p_spid,
- [in] sgx_quote_nonce_t *p_nonce,
- [out] sgx_report_t *p_qe_report,
- [out, size = maxlen] sgx_quote_t *p_quote,
- uint32_t maxlen,
- [out] uint32_t* p_quote_len);
- sgx_status_t ocall_get_update_info([in] sgx_platform_info_t * platformBlob,
- int32_t enclaveTrusted,
- [out] sgx_update_info_bit_t * update_info);
- };
-};
diff --git a/mesatee_binder/src/binder.rs b/mesatee_binder/src/binder.rs
deleted file mode 100644
index bf9782f..0000000
--- a/mesatee_binder/src/binder.rs
+++ /dev/null
@@ -1,185 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-
-use sgx_types::*;
-use sgx_urts::SgxEnclave;
-use std::env;
-use std::fs;
-use std::io::{Read, Write};
-use std::mem;
-use std::path::PathBuf;
-
-use serde::de::DeserializeOwned;
-use serde::Serialize;
-
-use mesatee_core::ipc::channel::ECallChannel;
-use mesatee_core::ipc::protos::ecall::{FinalizeEnclaveInput, FinalizeEnclaveOutput};
-use mesatee_core::ipc::protos::ecall::{InitEnclaveInput, InitEnclaveOutput};
-use mesatee_core::ipc::protos::ECallCommand;
-use mesatee_core::ipc::IpcSender;
-use mesatee_core::{Error, ErrorKind, Result};
-
-static ENCLAVE_FILE_SUFFIX: &str = "enclave.signed.so";
-static ENCLAVE_TOKEN_SUFFIX: &str = "enclave.token";
-
-const TOKEN_LEN: usize = mem::size_of::<sgx_launch_token_t>();
-
-pub use crate::ocall::ocall_get_ias_socket;
-pub use crate::ocall::ocall_get_quote;
-pub use crate::ocall::ocall_get_update_info;
-pub use crate::ocall::ocall_sgx_init_quote;
-
-use std::sync::Arc;
-#[derive(Clone)]
-pub struct TeeBinder {
- name: String,
- debug_launch: i32,
- enclave_id: sgx_enclave_id_t,
- enclave: Arc<SgxEnclave>,
-}
-
-impl TeeBinder {
- pub fn new(name: &str, debug_launch: i32) -> Result<TeeBinder> {
- let name = name.to_string();
- let enclave = init_enclave(&name, debug_launch)?;
- let enclave_id = enclave.geteid();
-
- let tee = TeeBinder {
- name,
- debug_launch,
- enclave: Arc::new(enclave),
- enclave_id,
- };
-
- debug!("EnclaveID: {}", enclave_id);
-
- let args_info = InitEnclaveInput::default();
- let _ret_info = tee.invoke::<InitEnclaveInput, InitEnclaveOutput>(
- ECallCommand::InitEnclave.into(),
- args_info,
- )?;
-
- Ok(tee)
- }
-
- pub fn invoke<U, V>(&self, cmd: u32, args_info: U) -> Result<V>
- where
- U: Serialize,
- V: DeserializeOwned,
- {
- let mut channel = ECallChannel::new(self.enclave_id);
- channel.invoke::<U, V>(cmd, args_info)
- }
-
- pub fn finalize(&self) -> Result<()> {
- let args_info = FinalizeEnclaveInput::default();
- self.invoke::<FinalizeEnclaveInput, FinalizeEnclaveOutput>(
- ECallCommand::FinalizeEnclave.into(),
- args_info,
- )?;
- //sgx_urts::rsgx_destroy_enclave(enclave_id: sgx_enclave_id_t);
- Ok(())
- }
-}
-
-impl Drop for TeeBinder {
- fn drop(&mut self) {
- debug!("Dropping TeeBinder, start finalize().");
- let _ = self.finalize();
- }
-}
-
-fn enclave_file_name(enclave_name: &str) -> String {
- format!("{}.{}", enclave_name, ENCLAVE_FILE_SUFFIX)
-}
-
-fn enclave_token_name(enclave_name: &str) -> String {
- format!("{}.{}", enclave_name, ENCLAVE_TOKEN_SUFFIX)
-}
-
-fn get_token_file(enclave_name: &str) -> Option<PathBuf> {
- env::var("HOME")
- .ok()
- .map(|s| PathBuf::from(s).join(enclave_token_name(enclave_name)))
-}
-
-fn try_get_launch_token(
- token_file: Option<PathBuf>,
- launch_token: &mut [u8; TOKEN_LEN],
-) -> Result<()> {
- let token_file = token_file.ok_or_else(|| Error::from(ErrorKind::UntrustedAppError))?;
- let mut f = fs::File::open(&token_file).map_err(|e| Error::new(ErrorKind::IoError, e))?;
- match f.read(launch_token) {
- Ok(TOKEN_LEN) => {
- trace!("Read token file successfully.");
- Ok(())
- }
- _ => {
- trace!("Read token file failed.");
- Err(Error::from(ErrorKind::UntrustedAppError))
- }
- }
-}
-
-fn try_save_token_to_file(
- token_file: Option<PathBuf>,
- launch_token: &[u8; TOKEN_LEN],
-) -> Result<()> {
- let token_file = token_file.ok_or_else(|| Error::from(ErrorKind::UntrustedAppError))?;
- let mut f = fs::File::create(&token_file)?;
- f.write_all(launch_token)?;
- trace!("Save token to {} successfully.", token_file.display());
- Ok(())
-}
-
-fn create_misc_attribute() -> sgx_misc_attribute_t {
- sgx_misc_attribute_t {
- secs_attr: sgx_attributes_t { flags: 0, xfrm: 0 },
- misc_select: 0,
- }
-}
-
-fn init_enclave(enclave_name: &str, debug_launch: i32) -> Result<SgxEnclave> {
- let mut launch_token: sgx_launch_token_t = [0; TOKEN_LEN];
- let mut launch_token_updated: i32 = 0;
-
- // Step 1: try to retrieve the launch token saved by last transaction
- // if there is no token, might create a new one.
- let token_file = get_token_file(enclave_name);
-
- let _ = try_get_launch_token(token_file.clone(), &mut launch_token);
-
- // Step 2: call sgx_create_enclave to initialize an enclave instance
- // change configurations(file/debug/attri) in enclave_config.rs
- let mut misc_attr = create_misc_attribute();
- let enclave_file = enclave_file_name(enclave_name);
- debug!("[+] Enclave File: {}", enclave_file);
- let enclave = SgxEnclave::create(
- enclave_file,
- debug_launch,
- &mut launch_token,
- &mut launch_token_updated,
- &mut misc_attr,
- )?;
-
- // Step 3: save the launch token if it is updated
- if launch_token_updated != 0 {
- let _ = try_save_token_to_file(token_file.clone(), &launch_token);
- }
-
- Ok(enclave)
-}
diff --git a/mesatee_binder/src/ocall.rs b/mesatee_binder/src/ocall.rs
deleted file mode 100644
index b7e88eb..0000000
--- a/mesatee_binder/src/ocall.rs
+++ /dev/null
@@ -1,112 +0,0 @@
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements. See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership. The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License. You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied. See the License for the
-// specific language governing permissions and limitations
-// under the License.
-
-use sgx_types::*;
-use std::net::{SocketAddr, TcpStream};
-use std::os::unix::io::IntoRawFd;
-use std::str;
-
-#[no_mangle]
-pub extern "C" fn ocall_sgx_init_quote(
- ret_ti: *mut sgx_target_info_t,
- ret_gid: *mut sgx_epid_group_id_t,
-) -> sgx_status_t {
- unsafe { sgx_init_quote(ret_ti, ret_gid) }
-}
-
-fn lookup_ipv4(host: &str, port: u16) -> SocketAddr {
- use std::net::ToSocketAddrs;
-
- let addrs = (host, port).to_socket_addrs().unwrap();
- for addr in addrs {
- if let SocketAddr::V4(_) = addr {
- return addr;
- }
- }
-
- unreachable!("Cannot lookup address");
-}
-
-#[no_mangle]
-pub extern "C" fn ocall_get_ias_socket(ret_fd: *mut c_int) -> sgx_status_t {
- let port = 443;
- let hostname = "api.trustedservices.intel.com";
- let addr: SocketAddr = lookup_ipv4(hostname, port);
- let socket = TcpStream::connect(&addr).expect("[-] Connect tls server failed!");
- unsafe {
- *ret_fd = socket.into_raw_fd();
- }
-
- sgx_status_t::SGX_SUCCESS
-}
-
-#[no_mangle]
-#[link(name = "sgx_uae_service")]
-pub extern "C" fn ocall_get_quote(
- p_sigrl: *const u8,
- sigrl_len: u32,
- p_report: *const sgx_report_t,
- quote_type: sgx_quote_sign_type_t,
- p_spid: *const sgx_spid_t,
- p_nonce: *const sgx_quote_nonce_t,
- p_qe_report: *mut sgx_report_t,
- p_quote: *mut u8,
- _maxlen: u32,
- p_quote_len: *mut u32,
-) -> sgx_status_t {
- let mut real_quote_len: u32 = 0;
-
- let ret = unsafe { sgx_calc_quote_size(p_sigrl, sigrl_len, &mut real_quote_len as *mut u32) };
-
- if ret != sgx_status_t::SGX_SUCCESS {
- return ret;
- }
-
- unsafe {
- *p_quote_len = real_quote_len;
- }
-
- let ret = unsafe {
- sgx_get_quote(
- p_report,
- quote_type,
- p_spid,
- p_nonce,
- p_sigrl,
- sigrl_len,
- p_qe_report,
- p_quote as *mut sgx_quote_t,
- real_quote_len,
- )
- };
-
- if ret != sgx_status_t::SGX_SUCCESS {
- return ret;
- }
-
- ret
-}
-
-#[no_mangle]
-#[link(name = "sgx_uae_service")]
-pub extern "C" fn ocall_get_update_info(
- platform_blob: *const sgx_platform_info_t,
- enclave_trusted: i32,
- update_info: *mut sgx_update_info_bit_t,
-) -> sgx_status_t {
- unsafe { sgx_report_attestation_status(platform_blob, enclave_trusted, update_info) }
-}
diff --git a/mesatee_core/src/rpc/sgx/ra.rs b/mesatee_core/src/rpc/sgx/ra.rs
index 2169070..3973a5c 100644
--- a/mesatee_core/src/rpc/sgx/ra.rs
+++ b/mesatee_core/src/rpc/sgx/ra.rs
@@ -30,7 +30,8 @@ use webpki;
use webpki_roots;
use yasna;
-use sgx_rand::*;
+use sgx_rand::os::SgxRng;
+use sgx_rand::Rng;
use sgx_tcrypto::*;
use sgx_tse::*;
use sgx_types::*;
@@ -39,15 +40,13 @@ use std::io::{Read, Write};
use std::net::TcpStream;
use std::ptr;
use std::sync::{Arc, SgxRwLock};
-use std::time::*;
+use std::time::{SystemTime, UNIX_EPOCH};
use std::untrusted::time::SystemTimeEx;
use lazy_static::lazy_static;
use super::fail::MayfailTrace;
-use crate::Error;
-use crate::ErrorKind;
-use crate::Result;
+use crate::{Error, ErrorKind, Result};
use teaclave_config::runtime_config::RUNTIME_CONFIG;
use teaclave_utils;
@@ -56,25 +55,31 @@ pub const CERT_VALID_DAYS: i64 = 90i64;
extern "C" {
fn ocall_sgx_init_quote(
- ret_val: *mut sgx_status_t,
- ret_ti: *mut sgx_target_info_t,
- ret_gid: *mut sgx_epid_group_id_t,
+ p_retval: *mut sgx_status_t,
+ p_target_info: *mut sgx_target_info_t,
+ p_gid: *mut sgx_epid_group_id_t,
) -> sgx_status_t;
- fn ocall_get_ias_socket(ret_val: *mut sgx_status_t, ret_fd: *mut i32) -> sgx_status_t;
+ fn ocall_sgx_get_ias_socket(p_retval: *mut i32) -> sgx_status_t;
- fn ocall_get_quote(
- ret_val: *mut sgx_status_t,
- p_sigrl: *const u8,
- sigrl_len: u32,
+ fn ocall_sgx_calc_quote_size(
+ p_retval: *mut sgx_status_t,
+ p_sig_rl: *const u8,
+ sig_rl_size: u32,
+ p_quote_size: *mut u32,
+ ) -> sgx_status_t;
+
+ fn ocall_sgx_get_quote(
+ p_retval: *mut sgx_status_t,
p_report: *const sgx_report_t,
quote_type: sgx_quote_sign_type_t,
p_spid: *const sgx_spid_t,
p_nonce: *const sgx_quote_nonce_t,
+ p_sig_rl: *const u8,
+ sig_rl_size: u32,
p_qe_report: *mut sgx_report_t,
p_quote: *mut u8,
- maxlen: u32,
- p_quote_len: *mut u32,
+ quote_size: u32,
) -> sgx_status_t;
}
@@ -170,7 +175,7 @@ fn parse_response_attn_report(resp: &[u8]) -> Result<AttnReport> {
match header.name {
"Content-Length" => {
let len_num = mayfail! {
- len_str =<< String::from_utf8(header.value.to_vec());
+ len_str =<< std::str::from_utf8(header.value);
n =<< len_str.parse::<u32>();
ret n
};
@@ -228,7 +233,7 @@ fn parse_response_sigrl(resp: &[u8]) -> Result<Vec<u8>> {
let len_num = mayfail! {
header =<< respp.headers.iter().find(|&&header| header.name == "Content-Length");
- len_str =<< String::from_utf8(header.value.to_vec());
+ len_str =<< std::str::from_utf8(header.value);
len_num =<< len_str.parse::<u32>();
ret len_num
};
@@ -263,11 +268,9 @@ fn talk_to_intel_ias(fd: c_int, req: String) -> Result<Vec<u8>> {
}
fn get_sigrl_from_intel(fd: c_int, gid: u32) -> Result<Vec<u8>> {
- let ias_key = load_ias_key(&RUNTIME_CONFIG.env.ias_key)?;
-
let req = format!(
"GET {}{:08x} HTTP/1.1\r\nHOST: {}\r\nOcp-Apim-Subscription-Key: {}\r\nConnection: Close\r\n\r\n",
- SIGRL_SUFFIX, gid, DEV_HOSTNAME, ias_key.trim_end()
+ SIGRL_SUFFIX, gid, DEV_HOSTNAME, &RUNTIME_CONFIG.env.ias_key
);
mayfail! {
@@ -278,16 +281,14 @@ fn get_sigrl_from_intel(fd: c_int, gid: u32) -> Result<Vec<u8>> {
}
// TODO: support pse
-fn get_report_from_intel(fd: c_int, quote: Vec<u8>) -> Result<AttnReport> {
- let ias_key = load_ias_key(&RUNTIME_CONFIG.env.ias_key)?;
-
- let encoded_quote = base64::encode("e[..]);
+fn get_report_from_intel(fd: c_int, quote: &[u8]) -> Result<AttnReport> {
+ let encoded_quote = base64::encode(quote);
let encoded_json = format!("{{\"isvEnclaveQuote\":\"{}\"}}\r\n", encoded_quote);
let req = format!("POST {} HTTP/1.1\r\nHOST: {}\r\nOcp-Apim-Subscription-Key: {}\r\nConnection: Close\r\nContent-Length:{}\r\nContent-Type: application/json\r\n\r\n{}",
REPORT_SUFFIX,
DEV_HOSTNAME,
- ias_key.trim_end(),
+ &RUNTIME_CONFIG.env.ias_key,
encoded_json.len(),
encoded_json);
@@ -323,8 +324,8 @@ fn create_attestation_report(pub_k: &sgx_ec256_public_t) -> Result<AttnReport> {
)
};
- if res != sgx_status_t::SGX_SUCCESS || rt != res {
- return Err(Error::unknown());
+ if res != sgx_status_t::SGX_SUCCESS || rt != sgx_status_t::SGX_SUCCESS {
+ return Err(Error::from(ErrorKind::OCallError));
}
let eg_num = u32::from_le_bytes(eg);
@@ -335,14 +336,12 @@ fn create_attestation_report(pub_k: &sgx_ec256_public_t) -> Result<AttnReport> {
let mut sigrl_vec: Vec<u8> = Vec::new();
let mut sigrl_acquired: bool = false;
for _ in 0..3 {
- let res = unsafe {
- ocall_get_ias_socket(&mut rt as *mut sgx_status_t, &mut ias_sock as *mut i32)
- };
+ let res = unsafe { ocall_sgx_get_ias_socket(&mut ias_sock as *mut i32) };
debug!("got ias_sock = {}", ias_sock);
- if res != sgx_status_t::SGX_SUCCESS || rt != res {
- return Err(Error::unknown());
+ if res != sgx_status_t::SGX_SUCCESS || ias_sock < 0 {
+ return Err(Error::from(ErrorKind::OCallError));
}
// Now sigrl_vec is the revocation list, a vec<u8>
@@ -380,15 +379,12 @@ fn create_attestation_report(pub_k: &sgx_ec256_public_t) -> Result<AttnReport> {
let mut quote_nonce = sgx_quote_nonce_t { rand: [0; 16] };
let mut os_rng = mayfail! {
- rng =<< os::SgxRng::new();
+ rng =<< SgxRng::new();
ret rng
}?;
os_rng.fill_bytes(&mut quote_nonce.rand);
let mut qe_report = sgx_report_t::default();
- const RET_QUOTE_BUF_LEN: u32 = 2048;
- let mut return_quote_buf: [u8; RET_QUOTE_BUF_LEN as usize] = [0; RET_QUOTE_BUF_LEN as usize];
- let mut quote_len: u32 = 0;
// (3) Generate the quote
// Args:
@@ -408,37 +404,39 @@ fn create_attestation_report(pub_k: &sgx_ec256_public_t) -> Result<AttnReport> {
};
let p_report = &rep as *const sgx_report_t;
let quote_type = sgx_quote_sign_type_t::SGX_LINKABLE_SIGNATURE;
-
- let spid_vec = load_spid(&RUNTIME_CONFIG.env.ias_spid)?;
-
- let spid_str = std::str::from_utf8(&spid_vec)?;
- let spid: sgx_spid_t = teaclave_utils::decode_spid(spid_str)?;
-
+ let spid: sgx_spid_t = teaclave_utils::decode_spid(&RUNTIME_CONFIG.env.ias_spid)?;
let p_spid = &spid as *const sgx_spid_t;
let p_nonce = "e_nonce as *const sgx_quote_nonce_t;
let p_qe_report = &mut qe_report as *mut sgx_report_t;
- let p_quote = return_quote_buf.as_mut_ptr();
- let maxlen = RET_QUOTE_BUF_LEN;
- let p_quote_len = &mut quote_len as *mut u32;
+ let mut quote_len: u32 = 0;
+
+ let res =
+ unsafe { ocall_sgx_calc_quote_size(&mut rt as _, p_sigrl, sigrl_len, &mut quote_len as _) };
+
+ if res != sgx_status_t::SGX_SUCCESS || rt != sgx_status_t::SGX_SUCCESS {
+ return Err(Error::from(ErrorKind::OCallError));
+ }
+
+ let mut quote = vec![0; quote_len as usize];
+ let p_quote = quote.as_mut_ptr();
let res = unsafe {
- ocall_get_quote(
- &mut rt as *mut sgx_status_t,
- p_sigrl,
- sigrl_len,
+ ocall_sgx_get_quote(
+ &mut rt as _,
p_report,
quote_type,
p_spid,
p_nonce,
+ p_sigrl,
+ sigrl_len,
p_qe_report,
p_quote,
- maxlen,
- p_quote_len,
+ quote_len,
)
};
- if res != sgx_status_t::SGX_SUCCESS || rt != res {
- return Err(Error::unknown());
+ if res != sgx_status_t::SGX_SUCCESS || rt != sgx_status_t::SGX_SUCCESS {
+ return Err(Error::from(ErrorKind::OCallError));
}
// Perform a check on qe_report to verify if the qe_report is valid
@@ -461,38 +459,20 @@ fn create_attestation_report(pub_k: &sgx_ec256_public_t) -> Result<AttnReport> {
// p_qe_report and report.data to confirm the QUOTE has not be modified and
// is not a replay. It is optional.
let mut rhs_vec: Vec<u8> = quote_nonce.rand.to_vec();
- rhs_vec.extend(&return_quote_buf[..quote_len as usize]);
- let rhs_hash = rsgx_sha256_slice(&rhs_vec[..]).to_mt_result(file!(), line!())?;
+ rhs_vec.extend("e);
+ let rhs_hash = rsgx_sha256_slice(&rhs_vec).to_mt_result(file!(), line!())?;
let lhs_hash = &qe_report.body.report_data.d[..32];
if rhs_hash != lhs_hash {
return Err(Error::unknown());
}
- let quote_vec: Vec<u8> = return_quote_buf[..quote_len as usize].to_vec();
- let res =
- unsafe { ocall_get_ias_socket(&mut rt as *mut sgx_status_t, &mut ias_sock as *mut i32) };
-
- if res != sgx_status_t::SGX_SUCCESS || rt != res {
- return Err(Error::unknown());
- }
-
- get_report_from_intel(ias_sock, quote_vec)
-}
+ let res = unsafe { ocall_sgx_get_ias_socket(&mut ias_sock as _) };
-fn load_ias_key(envvar: &str) -> Result<String> {
- if envvar.len() == 32 {
- Ok(envvar.into())
- } else {
- Err(Error::from(ErrorKind::RAInternalError))
+ if res != sgx_status_t::SGX_SUCCESS || ias_sock < 0 {
+ return Err(Error::from(ErrorKind::OCallError));
}
-}
-fn load_spid(envvar: &str) -> Result<Vec<u8>> {
- if envvar.len() == 32 {
- Ok(envvar.as_bytes().into())
- } else {
- Err(Error::from(ErrorKind::RAInternalError))
- }
+ get_report_from_intel(ias_sock, "e)
}
fn is_tls_config_updated(gen_time: &SystemTime) -> bool {
diff --git a/mesatee_services/acs/sgx_app/Cargo.toml b/mesatee_services/acs/sgx_app/Cargo.toml
index f9b9174..a119177 100644
--- a/mesatee_services/acs/sgx_app/Cargo.toml
+++ b/mesatee_services/acs/sgx_app/Cargo.toml
@@ -15,7 +15,7 @@ sgx_types = { version = "1.0.9" }
sgx_urts = { version = "1.0.9" }
mesatee_core = { version = "0.1.0" }
-mesatee_binder = { version = "0.1.0" }
+teaclave_binder = { version = "0.1.0" }
ctrlc = { version = "3.1.2" }
log = { version = "0.4.6" }
diff --git a/mesatee_services/acs/sgx_app/src/main.rs b/mesatee_services/acs/sgx_app/src/main.rs
index 7a4729b..3117094 100644
--- a/mesatee_services/acs/sgx_app/src/main.rs
+++ b/mesatee_services/acs/sgx_app/src/main.rs
@@ -25,8 +25,8 @@ use std::net::TcpListener;
use std::os::unix::io::IntoRawFd;
use threadpool::ThreadPool;
-use mesatee_binder::TeeBinder;
use std::sync::Arc;
+use teaclave_binder::TeeBinder;
fn main() -> Result<()> {
env_logger::init();
@@ -48,7 +48,7 @@ fn main() -> Result<()> {
let ref_tee = tee.clone();
ctrlc::set_handler(move || {
info!("\nCTRL+C pressed. Destroying server enclave");
- let _ = ref_tee.finalize();
+ ref_tee.finalize();
std::process::exit(0);
})
.expect("Error setting Ctrl-C handler");
diff --git a/mesatee_services/fns/sgx_app/Cargo.toml b/mesatee_services/fns/sgx_app/Cargo.toml
index 9364c79..3041f81 100644
--- a/mesatee_services/fns/sgx_app/Cargo.toml
+++ b/mesatee_services/fns/sgx_app/Cargo.toml
@@ -14,7 +14,7 @@ default = []
sgx_types = { version = "1.0.9" }
sgx_urts = { version = "1.0.9" }
mesatee_core = { version = "0.1.0" }
-mesatee_binder = { version = "0.1.0" }
+teaclave_binder = { version = "0.1.0" }
threadpool = { version = "1.0" }
ctrlc = { version = "3.1.2" }
diff --git a/mesatee_services/fns/sgx_app/src/main.rs b/mesatee_services/fns/sgx_app/src/main.rs
index 55493ee..3ca05e1 100644
--- a/mesatee_services/fns/sgx_app/src/main.rs
+++ b/mesatee_services/fns/sgx_app/src/main.rs
@@ -25,8 +25,8 @@ use std::net::TcpListener;
use std::os::unix::io::IntoRawFd;
use threadpool::ThreadPool;
-use mesatee_binder::TeeBinder;
use std::sync::Arc;
+use teaclave_binder::TeeBinder;
fn main() -> Result<()> {
env_logger::init();
@@ -48,7 +48,7 @@ fn main() -> Result<()> {
let ref_tee = tee.clone();
ctrlc::set_handler(move || {
info!("\nCTRL+C pressed. Destroying server enclave");
- let _ = ref_tee.finalize();
+ ref_tee.finalize();
std::process::exit(0);
})
.expect("Error setting Ctrl-C handler");
diff --git a/mesatee_services/kms/sgx_app/Cargo.toml b/mesatee_services/kms/sgx_app/Cargo.toml
index 089bb19..2126b3a 100644
--- a/mesatee_services/kms/sgx_app/Cargo.toml
+++ b/mesatee_services/kms/sgx_app/Cargo.toml
@@ -15,7 +15,7 @@ sgx_types = { version = "1.0.9" }
sgx_urts = { version = "1.0.9" }
mesatee_core = { version = "0.1.0" }
-mesatee_binder = { version = "0.1.0" }
+teaclave_binder = { version = "0.1.0" }
ctrlc = { version = "3.1.2" }
log = { version = "0.4.6" }
diff --git a/mesatee_services/kms/sgx_app/src/main.rs b/mesatee_services/kms/sgx_app/src/main.rs
index 66ab055..78f5c84 100644
--- a/mesatee_services/kms/sgx_app/src/main.rs
+++ b/mesatee_services/kms/sgx_app/src/main.rs
@@ -25,8 +25,8 @@ use std::net::TcpListener;
use std::os::unix::io::IntoRawFd;
use threadpool::ThreadPool;
-use mesatee_binder::TeeBinder;
use std::sync::Arc;
+use teaclave_binder::TeeBinder;
fn main() -> Result<()> {
env_logger::init();
@@ -48,7 +48,7 @@ fn main() -> Result<()> {
let ref_tee = tee.clone();
ctrlc::set_handler(move || {
info!("\nCTRL+C pressed. Destroying server enclave");
- let _ = ref_tee.finalize();
+ ref_tee.finalize();
std::process::exit(0);
})
.expect("Error setting Ctrl-C handler");
diff --git a/mesatee_services/tdfs/sgx_app/Cargo.toml b/mesatee_services/tdfs/sgx_app/Cargo.toml
index fb57ef0..e8da488 100644
--- a/mesatee_services/tdfs/sgx_app/Cargo.toml
+++ b/mesatee_services/tdfs/sgx_app/Cargo.toml
@@ -14,7 +14,7 @@ default = []
sgx_types = { version = "1.0.9" }
sgx_urts = { version = "1.0.9" }
mesatee_core = { version = "0.1.0" }
-mesatee_binder = { version = "0.1.0" }
+teaclave_binder = { version = "0.1.0" }
ctrlc = { version = "3.1.2" }
log = { version = "0.4.6" }
env_logger = { version = "0.7.1" }
diff --git a/mesatee_services/tdfs/sgx_app/src/main.rs b/mesatee_services/tdfs/sgx_app/src/main.rs
index 4a1bcde..f7ac9a6 100644
--- a/mesatee_services/tdfs/sgx_app/src/main.rs
+++ b/mesatee_services/tdfs/sgx_app/src/main.rs
@@ -25,8 +25,8 @@ use std::net::TcpListener;
use std::os::unix::io::IntoRawFd;
use threadpool::ThreadPool;
-use mesatee_binder::TeeBinder;
use std::sync::Arc;
+use teaclave_binder::TeeBinder;
use std::thread;
@@ -50,7 +50,7 @@ fn main() -> Result<()> {
let ref_tee = tee.clone();
ctrlc::set_handler(move || {
info!("\nCTRL+C pressed. Destroying server enclave");
- let _ = ref_tee.finalize();
+ ref_tee.finalize();
std::process::exit(0);
})
.expect("Error setting Ctrl-C handler");
diff --git a/mesatee_services/tms/sgx_app/Cargo.toml b/mesatee_services/tms/sgx_app/Cargo.toml
index e12ad4e..8f14887 100644
--- a/mesatee_services/tms/sgx_app/Cargo.toml
+++ b/mesatee_services/tms/sgx_app/Cargo.toml
@@ -14,7 +14,7 @@ default = []
sgx_types = { version = "1.0.9" }
sgx_urts = { version = "1.0.9" }
mesatee_core = { version = "0.1.0" }
-mesatee_binder = { version = "0.1.0" }
+teaclave_binder = { version = "0.1.0" }
ctrlc = { version = "3.1.2" }
log = { version = "0.4.6" }
env_logger = { version = "0.7.1" }
diff --git a/mesatee_services/tms/sgx_app/src/main.rs b/mesatee_services/tms/sgx_app/src/main.rs
index a77b20f..9387fdf 100644
--- a/mesatee_services/tms/sgx_app/src/main.rs
+++ b/mesatee_services/tms/sgx_app/src/main.rs
@@ -24,8 +24,8 @@ use std::net::TcpListener;
use std::os::unix::io::IntoRawFd;
use threadpool::ThreadPool;
-use mesatee_binder::TeeBinder;
use std::sync::Arc;
+use teaclave_binder::TeeBinder;
use std::thread;
@@ -51,7 +51,7 @@ fn main() -> Result<()> {
let ref_tee = tee.clone();
ctrlc::set_handler(move || {
info!("\nCTRL+C pressed. Destroying server enclave");
- let _ = ref_tee.finalize();
+ ref_tee.finalize();
std::process::exit(0);
})
.expect("Error setting Ctrl-C handler");
diff --git a/mesatee_binder/Cargo.toml b/teaclave_binder/Cargo.toml
similarity index 90%
rename from mesatee_binder/Cargo.toml
rename to teaclave_binder/Cargo.toml
index 1d87215..5b31a4f 100644
--- a/mesatee_binder/Cargo.toml
+++ b/teaclave_binder/Cargo.toml
@@ -1,5 +1,5 @@
[package]
-name = "mesatee_binder"
+name = "teaclave_binder"
version = "0.1.0"
authors = ["MesaTEE Authors <de...@mesatee.org>"]
description = "Abstract communication interfaces between TEE untrusted/trusted worlds."
@@ -7,7 +7,7 @@ license = "Apache-2.0"
edition = "2018"
[lib]
-name = "mesatee_binder"
+name = "teaclave_binder"
path = "src/lib.rs"
[features]
diff --git a/teaclave_binder/Enclave.edl b/teaclave_binder/Enclave.edl
new file mode 100644
index 0000000..8dd37bf
--- /dev/null
+++ b/teaclave_binder/Enclave.edl
@@ -0,0 +1,60 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+enclave {
+ from "sgx_tstd.edl" import *;
+ from "sgx_stdio.edl" import *;
+ from "sgx_tstdc.edl" import *;
+ from "sgx_backtrace.edl" import *;
+ from "sgx_time.edl" import *;
+ from "sgx_fs.edl" import *;
+ from "sgx_fd.edl" import *;
+ from "sgx_net.edl" import *;
+ from "sgx_env.edl" import *;
+ from "sgx_tprotected_fs.edl" import *;
+
+ trusted {
+ public uint32_t ecall_ipc_entry_point(uint32_t cmd,
+ [in, size=in_len] const uint8_t* in_buf,
+ size_t in_len,
+ [out, size=out_maxlen] uint8_t* out_buf,
+ size_t out_maxlen,
+ [out] size_t *real_out_len);
+ };
+
+ include "sgx_quote.h"
+ untrusted {
+ sgx_status_t ocall_sgx_init_quote([out] sgx_target_info_t *p_target_info,
+ [out] sgx_epid_group_id_t *p_gid);
+
+ int ocall_sgx_get_ias_socket();
+
+ sgx_status_t ocall_sgx_calc_quote_size([in, size=sig_rl_size] uint8_t * p_sig_rl,
+ uint32_t sig_rl_size,
+ [out] uint32_t *p_quote_size);
+
+ sgx_status_t ocall_sgx_get_quote([in] sgx_report_t *p_report,
+ sgx_quote_sign_type_t quote_type,
+ [in] sgx_spid_t *p_spid,
+ [in] sgx_quote_nonce_t *p_nonce,
+ [in, size=sig_rl_size] uint8_t *p_sig_rl,
+ uint32_t sig_rl_size,
+ [out] sgx_report_t *p_qe_report,
+ [out, size=quote_size] sgx_quote_t *p_quote,
+ uint32_t quote_size);
+ };
+};
diff --git a/mesatee_binder/build.rs b/teaclave_binder/build.rs
similarity index 100%
rename from mesatee_binder/build.rs
rename to teaclave_binder/build.rs
diff --git a/teaclave_binder/src/binder.rs b/teaclave_binder/src/binder.rs
new file mode 100644
index 0000000..7eb1019
--- /dev/null
+++ b/teaclave_binder/src/binder.rs
@@ -0,0 +1,114 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+use sgx_types::*;
+use sgx_urts::SgxEnclave;
+
+use serde::de::DeserializeOwned;
+use serde::Serialize;
+
+use mesatee_core::ipc::channel::ECallChannel;
+use mesatee_core::ipc::protos::ecall::{FinalizeEnclaveInput, FinalizeEnclaveOutput};
+use mesatee_core::ipc::protos::ecall::{InitEnclaveInput, InitEnclaveOutput};
+use mesatee_core::ipc::protos::ECallCommand;
+use mesatee_core::ipc::IpcSender;
+use mesatee_core::Result;
+
+static ENCLAVE_FILE_SUFFIX: &str = "enclave.signed.so";
+
+use std::sync::Arc;
+#[derive(Clone)]
+pub struct TeeBinder {
+ name: String,
+ debug_launch: i32,
+ enclave_id: sgx_enclave_id_t,
+ enclave: Arc<SgxEnclave>,
+}
+
+impl TeeBinder {
+ pub fn new(name: &str, debug_launch: i32) -> Result<TeeBinder> {
+ let name = name.to_string();
+ let enclave = init_enclave(&name, debug_launch)?;
+ let enclave_id = enclave.geteid();
+
+ let tee = TeeBinder {
+ name,
+ debug_launch,
+ enclave: Arc::new(enclave),
+ enclave_id,
+ };
+
+ debug!("EnclaveID: {}", enclave_id);
+
+ let args_info = InitEnclaveInput::default();
+ let _ret_info = tee.invoke::<InitEnclaveInput, InitEnclaveOutput>(
+ ECallCommand::InitEnclave.into(),
+ args_info,
+ )?;
+
+ Ok(tee)
+ }
+
+ pub fn invoke<U, V>(&self, cmd: u32, args_info: U) -> Result<V>
+ where
+ U: Serialize,
+ V: DeserializeOwned,
+ {
+ let mut channel = ECallChannel::new(self.enclave_id);
+ channel.invoke::<U, V>(cmd, args_info)
+ }
+
+ pub fn finalize(&self) {
+ let args_info = FinalizeEnclaveInput::default();
+ match self.invoke::<FinalizeEnclaveInput, FinalizeEnclaveOutput>(
+ ECallCommand::FinalizeEnclave.into(),
+ args_info,
+ ) {
+ Ok(_) => {}
+ Err(e) => info!("{:?}", e),
+ }
+ }
+}
+
+impl Drop for TeeBinder {
+ fn drop(&mut self) {
+ debug!("Dropping TeeBinder, start finalize().");
+ self.finalize();
+ }
+}
+
+fn init_enclave(enclave_name: &str, debug_launch: i32) -> Result<SgxEnclave> {
+ let mut launch_token: sgx_launch_token_t = [0; 1024]; // launch_token is deprecated
+ let mut launch_token_updated: i32 = 0; // launch_token is deprecated
+
+ let mut misc_attr = sgx_misc_attribute_t {
+ secs_attr: sgx_attributes_t { flags: 0, xfrm: 0 },
+ misc_select: 0,
+ };
+
+ let enclave_file = format!("{}.{}", enclave_name, ENCLAVE_FILE_SUFFIX);
+
+ let enclave = SgxEnclave::create(
+ enclave_file,
+ debug_launch,
+ &mut launch_token, // launch_token is deprecated
+ &mut launch_token_updated, // launch_token is deprecated
+ &mut misc_attr,
+ )?;
+
+ Ok(enclave)
+}
diff --git a/mesatee_binder/src/lib.rs b/teaclave_binder/src/lib.rs
similarity index 100%
rename from mesatee_binder/src/lib.rs
rename to teaclave_binder/src/lib.rs
diff --git a/teaclave_binder/src/ocall.rs b/teaclave_binder/src/ocall.rs
new file mode 100644
index 0000000..c3592dc
--- /dev/null
+++ b/teaclave_binder/src/ocall.rs
@@ -0,0 +1,97 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+use sgx_types::*;
+use std::net::TcpStream;
+use std::os::unix::io::IntoRawFd;
+
+#[link(name = "sgx_uae_service")]
+extern "C" {
+ fn sgx_init_quote(
+ p_target_info: *mut sgx_target_info_t,
+ p_gid: *mut sgx_epid_group_id_t,
+ ) -> sgx_status_t;
+ fn sgx_calc_quote_size(
+ p_sig_rl: *const u8,
+ sig_rl_size: u32,
+ p_quote_size: *mut u32,
+ ) -> sgx_status_t;
+ fn sgx_get_quote(
+ p_report: *const sgx_report_t,
+ quote_type: sgx_quote_sign_type_t,
+ p_spid: *const sgx_spid_t,
+ p_nonce: *const sgx_quote_nonce_t,
+ p_sig_rl: *const u8,
+ sig_rl_size: u32,
+ p_qe_report: *mut sgx_report_t,
+ p_quote: *mut sgx_quote_t,
+ quote_size: u32,
+ ) -> sgx_status_t;
+}
+
+#[no_mangle]
+pub extern "C" fn ocall_sgx_get_ias_socket() -> i32 {
+ let ias_addr = "api.trustedservices.intel.com:443";
+ match TcpStream::connect(ias_addr) {
+ Ok(socket) => socket.into_raw_fd(),
+ Err(_) => -1,
+ }
+}
+
+#[no_mangle]
+pub extern "C" fn ocall_sgx_init_quote(
+ p_target_info: *mut sgx_target_info_t,
+ p_gid: *mut sgx_epid_group_id_t,
+) -> sgx_status_t {
+ unsafe { sgx_init_quote(p_target_info, p_gid) }
+}
+
+#[no_mangle]
+pub extern "C" fn ocall_sgx_calc_quote_size(
+ p_sig_rl: *const u8,
+ sig_rl_size: u32,
+ p_quote_size: *mut u32,
+) -> sgx_status_t {
+ unsafe { sgx_calc_quote_size(p_sig_rl, sig_rl_size, p_quote_size) }
+}
+
+#[no_mangle]
+pub extern "C" fn ocall_sgx_get_quote(
+ p_report: *const sgx_report_t,
+ quote_type: sgx_quote_sign_type_t,
+ p_spid: *const sgx_spid_t,
+ p_nonce: *const sgx_quote_nonce_t,
+ p_sig_rl: *const u8,
+ sig_rl_size: u32,
+ p_qe_report: *mut sgx_report_t,
+ p_quote: *mut sgx_quote_t,
+ quote_size: u32,
+) -> sgx_status_t {
+ unsafe {
+ sgx_get_quote(
+ p_report,
+ quote_type,
+ p_spid,
+ p_nonce,
+ p_sig_rl,
+ sig_rl_size,
+ p_qe_report,
+ p_quote,
+ quote_size,
+ )
+ }
+}
diff --git a/teaclave_config/src/lib.rs b/teaclave_config/src/lib.rs
index cc0f8e7..0fd56ca 100644
--- a/teaclave_config/src/lib.rs
+++ b/teaclave_config/src/lib.rs
@@ -80,14 +80,20 @@ pub mod runtime_config {
lazy_static! {
pub static ref RUNTIME_CONFIG: RuntimeConfig = {
+ #[cfg(feature = "mesalock_sgx")]
+ use std::prelude::v1::*;
let contents = fs::read_to_string("runtime.config.toml")
.expect("Something went wrong reading the runtime config file.");
let mut config: RuntimeConfig = toml::from_str(&contents).unwrap();
if !cfg!(sgx_sim) {
- let ias_spid =
- env::var("IAS_SPID").expect("Cannot find IAS_SPID from environment variables.");
- let ias_key =
- env::var("IAS_KEY").expect("Cannot find IAS_KEY from environment variables.");
+ let ias_spid = env::var("IAS_SPID")
+ .expect("Cannot find IAS_SPID from environment variables.")
+ .trim()
+ .to_string();
+ let ias_key = env::var("IAS_KEY")
+ .expect("Cannot find IAS_KEY from environment variables.")
+ .trim()
+ .to_string();
config.env = EnvConfig { ias_spid, ias_key };
}
diff --git a/tests/functional_test/sgx_app/Cargo.toml b/tests/functional_test/sgx_app/Cargo.toml
index 5e6b6c9..45b8a5d 100644
--- a/tests/functional_test/sgx_app/Cargo.toml
+++ b/tests/functional_test/sgx_app/Cargo.toml
@@ -14,7 +14,7 @@ default = []
sgx_types = "1.0.9"
sgx_urts = "1.0.9"
mesatee_core = { version = "0.1.0" }
-mesatee_binder = { version = "0.1.0" }
+teaclave_binder = { version = "0.1.0" }
ctrlc = "3.1.2"
log = { version = "0.4.6" }
env_logger = "0.7.1"
diff --git a/tests/functional_test/sgx_app/src/main.rs b/tests/functional_test/sgx_app/src/main.rs
index 5155afb..793fd95 100644
--- a/tests/functional_test/sgx_app/src/main.rs
+++ b/tests/functional_test/sgx_app/src/main.rs
@@ -28,8 +28,8 @@ mod tests;
mod unittest;
use unittest::*;
-use mesatee_binder::TeeBinder;
use std::sync::Arc;
+use teaclave_binder::TeeBinder;
fn run_test_in_tee(tee: &TeeBinder) -> Result<()> {
trace!("Running as Functional Test Client ...");
@@ -75,7 +75,7 @@ fn test_in_tee() -> Result<()> {
let ref_tee = tee.clone();
ctrlc::set_handler(move || {
info!("\nCTRL+C pressed. Destroying server enclave");
- let _ = ref_tee.finalize();
+ ref_tee.finalize();
std::process::exit(0);
})
.expect("Error setting Ctrl-C handler");
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@teaclave.apache.org
For additional commands, e-mail: commits-help@teaclave.apache.org