You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@mesatee.apache.org by di...@apache.org on 2019/11/21 21:40:18 UTC
[incubator-mesatee-sgx] branch v1.1.0-beta updated: Update v1.1.0
release
This is an automated email from the ASF dual-hosted git repository.
dingyu pushed a commit to branch v1.1.0-beta
in repository https://gitbox.apache.org/repos/asf/incubator-mesatee-sgx.git
The following commit(s) were added to refs/heads/v1.1.0-beta by this push:
new cc32b10 Update v1.1.0 release
cc32b10 is described below
commit cc32b100feb9ad88725fd551b6371c6d0fb88629
Author: Yu Ding <di...@gmail.com>
AuthorDate: Thu Nov 21 13:40:03 2019 -0800
Update v1.1.0 release
---
Readme.md | 2 +
common/inc/dirent.h | 2 +-
common/inc/math.h | 2 +-
common/inc/mbusafecrt.h | 2 +-
common/inc/netdb.h | 2 +-
common/inc/pthread.h | 2 +-
common/inc/pwd.h | 2 +-
common/inc/sys/epoll.h | 2 +-
common/inc/sys/sockaddr.h | 2 +-
common/inc/sys/socket.h | 2 +-
common/inc/sys/uio.h | 2 +-
dockerfile/Dockerfile.fedora27.nightly | 61 +++++++
edl/inc/dirent.h | 2 +-
edl/inc/stat.h | 4 +-
edl/sgx_asyncio.edl | 2 +-
edl/sgx_backtrace.edl | 4 +-
edl/sgx_env.edl | 4 +-
edl/sgx_fd.edl | 4 +-
edl/sgx_file.edl | 4 +-
edl/sgx_fs.edl | 2 +-
edl/sgx_mem.edl | 4 +-
edl/sgx_net.edl | 2 +-
edl/sgx_net_switchless.edl | 2 +-
edl/sgx_pipe.edl | 4 +-
edl/sgx_socket.edl | 2 +-
edl/sgx_stdio.edl | 6 +-
edl/sgx_sys.edl | 4 +-
edl/sgx_thread.edl | 4 +-
edl/sgx_time.edl | 4 +-
edl/sgx_tstd.edl | 4 +-
.../localattestation/attestation/attestation.edl | 4 +-
samplecode/prost-protobuf/Makefile | 175 +++++++++++++++++++++
samplecode/prost-protobuf/app/Cargo.toml | 16 ++
samplecode/prost-protobuf/app/src/main.rs | 168 ++++++++++++++++++++
samplecode/prost-protobuf/bin/readme.txt | 1 +
samplecode/prost-protobuf/enclave/Cargo.toml | 23 +++
.../prost-protobuf/enclave/Enclave.config.xml | 12 ++
samplecode/prost-protobuf/enclave/Enclave.lds | 9 ++
.../prost-protobuf/enclave/Enclave_private.pem | 39 +++++
samplecode/prost-protobuf/enclave/Makefile | 44 ++++++
samplecode/prost-protobuf/enclave/Xargo.toml | 90 +++++++++++
samplecode/prost-protobuf/enclave/build.rs | 9 ++
.../prost-protobuf/enclave/src/lib.rs | 65 +++++---
.../enclave/x86_64-unknown-linux-sgx.json | 31 ++++
samplecode/prost-protobuf/lib/readme.txt | 1 +
samplecode/prost-protobuf/person.proto | 8 +
third_party/Readme.md | 38 ++++-
47 files changed, 809 insertions(+), 69 deletions(-)
diff --git a/Readme.md b/Readme.md
index 82371b4..358911a 100644
--- a/Readme.md
+++ b/Readme.md
@@ -15,6 +15,8 @@ To help understand this project and know how to use it, we are writing some [wik
Current wiki pages:
+* [The World of Forked crates](https://github.com/baidu/rust-sgx-sdk/wiki/The-World-of-Forked-crates) introduces the forked crate ecosystem, and provides some guidelines and usage, and show how we secure them.
+
* [Setup gdb 7.11 on Ubuntu 18.04 for VSCode sgx-gdb remote debugging](https://github.com/baidu/rust-sgx-sdk/wiki/Setup-gdb-7.11-on-Ubuntu-18.04-for-VSCode---sgx-gdb-remote-debugging) If you encounter errors like `gdb.error: syntax error in expression, near )0x7ffff4127370 = 0.`, probably you need to follow this instruction to setup gdb 7. Thanks to @akoskinas for this great instruction!
* [Performance Optimization Tips](https://github.com/baidu/rust-sgx-sdk/wiki/Performance-Optimization-Tips)
diff --git a/common/inc/dirent.h b/common/inc/dirent.h
index 9beff85..49d612a 100644
--- a/common/inc/dirent.h
+++ b/common/inc/dirent.h
@@ -56,4 +56,4 @@ struct dirent64
#else
# define _DIRENT_MATCHES_DIRENT64 0
#endif
-#endif
\ No newline at end of file
+#endif
diff --git a/common/inc/math.h b/common/inc/math.h
index 048508f..6ea425b 100644
--- a/common/inc/math.h
+++ b/common/inc/math.h
@@ -145,7 +145,7 @@ double _TLIBC_CDECL_ tgamma(double);
double _TLIBC_CDECL_ nearbyint(double);
double _TLIBC_CDECL_ rint(double);
-long int _TLIBC_CDECL_ lrint(double);
+long int _TLIBC_CDECL_ lrint(double);
long long int _TLIBC_CDECL_ llrint(double);
double _TLIBC_CDECL_ round(double);
long int _TLIBC_CDECL_ lround(double);
diff --git a/common/inc/mbusafecrt.h b/common/inc/mbusafecrt.h
index 1d8c9d8..3bdfe7a 100644
--- a/common/inc/mbusafecrt.h
+++ b/common/inc/mbusafecrt.h
@@ -1,6 +1,6 @@
//
// Copyright (c) Microsoft. All rights reserved.
-// Licensed under the MIT license. See LICENSE file in the project root for full license information.
+// Licensed under the MIT license. See LICENSE file in the project root for full license information.
//
/***
diff --git a/common/inc/netdb.h b/common/inc/netdb.h
index 4d2d14a..5b39fce 100644
--- a/common/inc/netdb.h
+++ b/common/inc/netdb.h
@@ -34,4 +34,4 @@ struct addrinfo
struct addrinfo *ai_next; /* Pointer to next in list. */
};
-#endif
\ No newline at end of file
+#endif
diff --git a/common/inc/pthread.h b/common/inc/pthread.h
index 4930ca3..e79668f 100644
--- a/common/inc/pthread.h
+++ b/common/inc/pthread.h
@@ -31,4 +31,4 @@ typedef union pthread_attr_t pthread_attr_t;
#endif
#endif
-#endif
\ No newline at end of file
+#endif
diff --git a/common/inc/pwd.h b/common/inc/pwd.h
index e1ee8ca..fc947d8 100644
--- a/common/inc/pwd.h
+++ b/common/inc/pwd.h
@@ -33,4 +33,4 @@ struct passwd
char *pw_shell; /* Shell program. */
};
-#endif
\ No newline at end of file
+#endif
diff --git a/common/inc/sys/epoll.h b/common/inc/sys/epoll.h
index 64e3ddb..c07830d 100644
--- a/common/inc/sys/epoll.h
+++ b/common/inc/sys/epoll.h
@@ -34,4 +34,4 @@ struct epoll_event
epoll_data_t data; /* User data variable */
} __EPOLL_PACKED;
-#endif
\ No newline at end of file
+#endif
diff --git a/common/inc/sys/sockaddr.h b/common/inc/sys/sockaddr.h
index 6be9dd2..94dc548 100644
--- a/common/inc/sys/sockaddr.h
+++ b/common/inc/sys/sockaddr.h
@@ -33,4 +33,4 @@ typedef unsigned short int sa_family_t;
/* Size of struct sockaddr_storage. */
#define _SS_SIZE 128
-#endif
\ No newline at end of file
+#endif
diff --git a/common/inc/sys/socket.h b/common/inc/sys/socket.h
index 889e361..fe19269 100644
--- a/common/inc/sys/socket.h
+++ b/common/inc/sys/socket.h
@@ -51,4 +51,4 @@ struct msghdr
int msg_flags; /* Flags on received message. */
};
-#endif
\ No newline at end of file
+#endif
diff --git a/common/inc/sys/uio.h b/common/inc/sys/uio.h
index 14440b6..00cd177 100644
--- a/common/inc/sys/uio.h
+++ b/common/inc/sys/uio.h
@@ -25,4 +25,4 @@ struct iovec
size_t iov_len; /* Length of data. */
};
-#endif
\ No newline at end of file
+#endif
diff --git a/dockerfile/Dockerfile.fedora27.nightly b/dockerfile/Dockerfile.fedora27.nightly
new file mode 100644
index 0000000..b5e1b8a
--- /dev/null
+++ b/dockerfile/Dockerfile.fedora27.nightly
@@ -0,0 +1,61 @@
+# BSD License
+#
+# Copyright (C) 2017-2019 Baidu, Inc. All Rights Reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+# * Neither the name of Baidu, Inc., nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+FROM fedora:27
+MAINTAINER Yu Ding
+
+ENV sdk_bin https://download.01.org/intel-sgx/latest/linux-latest/distro/fedora27-server/sgx_linux_x64_sdk_2.7.100.4.bin
+ENV psw_deb https://download.01.org/intel-sgx/latest/linux-latest/distro/fedora27-server/sgx_linux_x64_psw_2.7.100.4.bin
+ENV rust_toolchain nightly-2019-08-01
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN yum groupinstall -y 'C Development Tools and Libraries' && yum install -y yum openssl-devel libcurl-devel protobuf-devel cmake ocaml ocaml-ocamlbuild redhat-rpm-config openssl-devel wget python
+
+RUN mkdir /root/sgx && \
+ mkdir /etc/init && \
+ wget -O /root/sgx/psw.bin ${psw_deb} && \
+ wget -O /root/sgx/sdk.bin ${sdk_bin} && \
+ cd /root/sgx && \
+ chmod +x /root/sgx/psw.bin && \
+ /root/sgx/psw.bin || true && \
+ chmod +x /root/sgx/sdk.bin && \
+ echo -e 'no\n/opt' | /root/sgx/sdk.bin && \
+ echo 'source /opt/sgxsdk/environment' >> /root/.bashrc && \
+ rm -rf /root/sgx/*
+
+RUN wget 'https://static.rust-lang.org/rustup/dist/x86_64-unknown-linux-gnu/rustup-init' -O /root/rustup-init && \
+ chmod +x /root/rustup-init && \
+ echo '1' | /root/rustup-init --default-toolchain ${rust_toolchain} && \
+ echo 'source /root/.cargo/env' >> /root/.bashrc && \
+ /root/.cargo/bin/rustup component add rust-src rls rust-analysis clippy rustfmt && \
+ /root/.cargo/bin/cargo install xargo && \
+ rm -rf /root/.cargo/registry && rm -rf /root/.cargo/git
+WORKDIR /root
diff --git a/edl/inc/dirent.h b/edl/inc/dirent.h
index ba3c2c3..41df069 100644
--- a/edl/inc/dirent.h
+++ b/edl/inc/dirent.h
@@ -47,4 +47,4 @@ struct dirent64_t
char d_name[256];
};
-#endif
\ No newline at end of file
+#endif
diff --git a/edl/inc/stat.h b/edl/inc/stat.h
index ac43761..c79beb4 100644
--- a/edl/inc/stat.h
+++ b/edl/inc/stat.h
@@ -51,7 +51,7 @@ struct stat_t
int64_t __reserved[3];
};
-struct stat64_t
+struct stat64_t
{
uint64_t st_dev;
uint64_t st_ino;
@@ -73,4 +73,4 @@ struct stat64_t
int64_t __reserved[3];
};
-#endif
\ No newline at end of file
+#endif
diff --git a/edl/sgx_asyncio.edl b/edl/sgx_asyncio.edl
index f0a483e..186e262 100644
--- a/edl/sgx_asyncio.edl
+++ b/edl/sgx_asyncio.edl
@@ -44,4 +44,4 @@ enclave {
int u_epoll_ctl_ocall([out] int *error, int epfd, int op, int fd, [in] struct epoll_event *event);
int u_epoll_wait_ocall([out] int *error, int epfd, [out, count=maxevents] struct epoll_event * events, int maxevents, int timeout);
};
-};
\ No newline at end of file
+};
diff --git a/edl/sgx_backtrace.edl b/edl/sgx_backtrace.edl
index 7f333d6..8cee9e7 100644
--- a/edl/sgx_backtrace.edl
+++ b/edl/sgx_backtrace.edl
@@ -28,7 +28,7 @@
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
-
+
enclave {
from "sgx_fd.edl" import *;
@@ -42,4 +42,4 @@ enclave {
untrusted {
/* define OCALLs here. */
};
-};
\ No newline at end of file
+};
diff --git a/edl/sgx_env.edl b/edl/sgx_env.edl
index e537902..dcfad98 100644
--- a/edl/sgx_env.edl
+++ b/edl/sgx_env.edl
@@ -28,7 +28,7 @@
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
-
+
enclave {
include "pwd.h"
@@ -47,4 +47,4 @@ enclave {
int u_getpwuid_r_ocall(unsigned int uid, [out] struct passwd *pwd, [out, size=buflen] char *buf, size_t buflen, [out] struct passwd **passwd_result);
unsigned int u_getuid_ocall();
};
-};
\ No newline at end of file
+};
diff --git a/edl/sgx_fd.edl b/edl/sgx_fd.edl
index fefe0b1..8eff661 100644
--- a/edl/sgx_fd.edl
+++ b/edl/sgx_fd.edl
@@ -56,6 +56,6 @@ enclave {
int u_ioctl_arg0_ocall([out] int *error, int fd, int request);
int u_ioctl_arg1_ocall([out] int *error, int fd, int request, [in, out] int *arg);
- int u_close_ocall([out] int *error, int fd);
+ int u_close_ocall([out] int *error, int fd);
};
-};
\ No newline at end of file
+};
diff --git a/edl/sgx_file.edl b/edl/sgx_file.edl
index 96528c0..8f89bde 100644
--- a/edl/sgx_file.edl
+++ b/edl/sgx_file.edl
@@ -64,7 +64,7 @@ enclave {
int u_chmod_ocall([out] int *error, [in, string] const char *path, uint32_t mode);
size_t u_readlink_ocall([out] int *error, [in, string] const char *path, [out, size=bufsz] char *buf, size_t bufsz);
int u_symlink_ocall([out] int *error, [in, string] const char *path1, [in, string] const char *path2);
- char * u_realpath_ocall([out] int *error, [in, string] const char *pathname);
+ char * u_realpath_ocall([out] int *error, [in, string] const char *pathname);
int u_mkdir_ocall([out] int *error, [in, string] const char *pathname, uint32_t mode);
int u_rmdir_ocall([out] int *error, [in, string] const char *pathname);
void * u_opendir_ocall([out] int *error, [in, string] const char *pathname);
@@ -73,4 +73,4 @@ enclave {
int u_dirfd_ocall([out] int *error, [user_check] void *dirp);
int u_fstatat64_ocall([out] int *error, int dirfd, [in, string] const char *pathname, [out] struct stat64_t *buf, int flags);
};
-};
\ No newline at end of file
+};
diff --git a/edl/sgx_fs.edl b/edl/sgx_fs.edl
index 0e52961..1455d96 100644
--- a/edl/sgx_fs.edl
+++ b/edl/sgx_fs.edl
@@ -42,4 +42,4 @@ enclave {
untrusted {
/* define OCALLs here. */
};
-};
\ No newline at end of file
+};
diff --git a/edl/sgx_mem.edl b/edl/sgx_mem.edl
index a46f0fa..2e6c77c 100644
--- a/edl/sgx_mem.edl
+++ b/edl/sgx_mem.edl
@@ -28,7 +28,7 @@
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
-
+
enclave {
trusted {
@@ -45,4 +45,4 @@ enclave {
int u_msync_ocall([out] int *error, [user_check] void *addr, size_t length, int flags);
int u_mprotect_ocall([out] int *error, [user_check] void *addr, size_t length, int prot);
};
-};
\ No newline at end of file
+};
diff --git a/edl/sgx_net.edl b/edl/sgx_net.edl
index fd1a90f..d979bd1 100644
--- a/edl/sgx_net.edl
+++ b/edl/sgx_net.edl
@@ -48,4 +48,4 @@ enclave {
void u_freeaddrinfo_ocall([user_check] struct addrinfo *res);
char *u_gai_strerror_ocall(int errcode);
};
-};
\ No newline at end of file
+};
diff --git a/edl/sgx_net_switchless.edl b/edl/sgx_net_switchless.edl
index a149b40..618e9d7 100644
--- a/edl/sgx_net_switchless.edl
+++ b/edl/sgx_net_switchless.edl
@@ -36,7 +36,7 @@ enclave {
from "sgx_fs.edl" import *;
from "sgx_time.edl" import *;
from "sgx_mem.edl" import *;
-
+
trusted {
/* define ECALLs here. */
};
diff --git a/edl/sgx_pipe.edl b/edl/sgx_pipe.edl
index fcca6c1..797840c 100644
--- a/edl/sgx_pipe.edl
+++ b/edl/sgx_pipe.edl
@@ -40,6 +40,6 @@ enclave {
untrusted {
int u_pipe_ocall([out] int *error, [out, count=2] int *pipefd);
- int u_pipe2_ocall([out] int *error, [out, count=2] int *pipefd, int flags);
+ int u_pipe2_ocall([out] int *error, [out, count=2] int *pipefd, int flags);
};
-};
\ No newline at end of file
+};
diff --git a/edl/sgx_socket.edl b/edl/sgx_socket.edl
index 2e6ab0b..e82a235 100644
--- a/edl/sgx_socket.edl
+++ b/edl/sgx_socket.edl
@@ -103,4 +103,4 @@ enclave {
[out] socklen_t *addrlen_out);
int u_shutdown_ocall([out] int *error, int sockfd, int how);
};
-};
\ No newline at end of file
+};
diff --git a/edl/sgx_stdio.edl b/edl/sgx_stdio.edl
index 84a70f0..8d9c47c 100644
--- a/edl/sgx_stdio.edl
+++ b/edl/sgx_stdio.edl
@@ -28,11 +28,11 @@
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
-
+
enclave {
from "sgx_fd.edl" import *;
-
+
trusted {
/* define ECALLs here. */
};
@@ -40,4 +40,4 @@ enclave {
untrusted {
/* define OCALLs here. */
};
-};
\ No newline at end of file
+};
diff --git a/edl/sgx_sys.edl b/edl/sgx_sys.edl
index d3b8032..f23e069 100644
--- a/edl/sgx_sys.edl
+++ b/edl/sgx_sys.edl
@@ -28,7 +28,7 @@
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
-
+
enclave {
trusted {
@@ -39,4 +39,4 @@ enclave {
long u_sysconf_ocall([out] int *error, int name);
int u_prctl_ocall([out] int *error, int option, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5);
};
-};
\ No newline at end of file
+};
diff --git a/edl/sgx_thread.edl b/edl/sgx_thread.edl
index 98d1ced..24d825e 100644
--- a/edl/sgx_thread.edl
+++ b/edl/sgx_thread.edl
@@ -40,8 +40,8 @@ enclave {
untrusted {
int u_pthread_create_ocall([out]pthread_t *thread, [in]const pthread_attr_t *attr, [user_check]void *start_routine, [in, size=len]void *arg, int len);
int u_pthread_join_ocall(pthread_t thread, [out]void **result);
- int u_pthread_detach_ocall(pthread_t thread);
+ int u_pthread_detach_ocall(pthread_t thread);
int u_sched_yield_ocall([out]int *error);
int u_nanosleep_ocall([out]int *error, [in]const struct timespec *req, [out]struct timespec *rem);
};
-};
\ No newline at end of file
+};
diff --git a/edl/sgx_time.edl b/edl/sgx_time.edl
index 8f3c191..1b3b787 100644
--- a/edl/sgx_time.edl
+++ b/edl/sgx_time.edl
@@ -28,7 +28,7 @@
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
-
+
enclave {
include "time.h"
@@ -40,4 +40,4 @@ enclave {
untrusted {
int u_clock_gettime_ocall([out] int *error, int clk_id, [out] struct timespec *tp);
};
-};
\ No newline at end of file
+};
diff --git a/edl/sgx_tstd.edl b/edl/sgx_tstd.edl
index 96d5bb7..7137162 100644
--- a/edl/sgx_tstd.edl
+++ b/edl/sgx_tstd.edl
@@ -28,7 +28,7 @@
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
-
+
enclave {
from "sgx_time.edl" import *;
@@ -46,4 +46,4 @@ enclave {
int u_thread_set_multiple_events_ocall([out]int *error, [in, count=total]const void ** tcss, int total);
int u_thread_setwait_events_ocall([out]int *error, [user_check]const void * waiter_tcs, [user_check]const void * self_tcs, [in]const struct timespec *timeout);
};
-};
\ No newline at end of file
+};
diff --git a/samplecode/localattestation/attestation/attestation.edl b/samplecode/localattestation/attestation/attestation.edl
index b950b0c..8cb145d 100644
--- a/samplecode/localattestation/attestation/attestation.edl
+++ b/samplecode/localattestation/attestation/attestation.edl
@@ -44,8 +44,8 @@ enclave {
};
untrusted{
- uint32_t session_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [out] sgx_dh_msg1_t *dh_msg1,[out] uint32_t *session_id);
- uint32_t exchange_report_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [in] sgx_dh_msg2_t *dh_msg2, [out] sgx_dh_msg3_t *dh_msg3, uint32_t session_id);
+ uint32_t session_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [out] sgx_dh_msg1_t *dh_msg1);
+ uint32_t exchange_report_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [in] sgx_dh_msg2_t *dh_msg2, [out] sgx_dh_msg3_t *dh_msg3);
uint32_t end_session_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
};
};
diff --git a/samplecode/prost-protobuf/Makefile b/samplecode/prost-protobuf/Makefile
new file mode 100644
index 0000000..819c6a2
--- /dev/null
+++ b/samplecode/prost-protobuf/Makefile
@@ -0,0 +1,175 @@
+# Copyright (C) 2017-2019 Baidu, Inc. All Rights Reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+# * Neither the name of Baidu, Inc., nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+
+######## SGX SDK Settings ########
+
+SGX_SDK ?= /opt/intel/sgxsdk
+SGX_MODE ?= HW
+SGX_ARCH ?= x64
+
+ifeq ($(shell getconf LONG_BIT), 32)
+ SGX_ARCH := x86
+else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32)
+ SGX_ARCH := x86
+endif
+
+ifeq ($(SGX_ARCH), x86)
+ SGX_COMMON_CFLAGS := -m32
+ SGX_LIBRARY_PATH := $(SGX_SDK)/lib
+ SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign
+ SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r
+else
+ SGX_COMMON_CFLAGS := -m64
+ SGX_LIBRARY_PATH := $(SGX_SDK)/lib64
+ SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign
+ SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r
+endif
+
+ifeq ($(SGX_DEBUG), 1)
+ifeq ($(SGX_PRERELEASE), 1)
+$(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!)
+endif
+endif
+
+
+ifeq ($(SGX_DEBUG), 1)
+ SGX_COMMON_CFLAGS += -O0 -g
+else
+ SGX_COMMON_CFLAGS += -O2
+endif
+
+######## CUSTOM Settings ########
+
+CUSTOM_LIBRARY_PATH := ./lib
+CUSTOM_BIN_PATH := ./bin
+CUSTOM_EDL_PATH := ../../edl
+CUSTOM_COMMON_PATH := ../../common
+
+######## EDL Settings ########
+
+Enclave_EDL_Files := enclave/Enclave_t.c enclave/Enclave_t.h app/Enclave_u.c app/Enclave_u.h
+
+######## APP Settings ########
+
+App_Rust_Flags := --release
+App_SRC_Files := $(shell find app/ -type f -name '*.rs') $(shell find app/ -type f -name 'Cargo.toml')
+App_Include_Paths := -I ./app -I./include -I$(SGX_SDK)/include -I$(CUSTOM_EDL_PATH)
+App_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths)
+
+App_Rust_Path := ./app/target/release
+App_Enclave_u_Object :=app/libEnclave_u.a
+App_Name := bin/app
+
+######## Enclave Settings ########
+
+ifneq ($(SGX_MODE), HW)
+ Trts_Library_Name := sgx_trts_sim
+ Service_Library_Name := sgx_tservice_sim
+else
+ Trts_Library_Name := sgx_trts
+ Service_Library_Name := sgx_tservice
+endif
+Crypto_Library_Name := sgx_tcrypto
+KeyExchange_Library_Name := sgx_tkey_exchange
+ProtectedFs_Library_Name := sgx_tprotected_fs
+
+RustEnclave_C_Files := $(wildcard ./enclave/*.c)
+RustEnclave_C_Objects := $(RustEnclave_C_Files:.c=.o)
+RustEnclave_Include_Paths := -I$(CUSTOM_COMMON_PATH)/inc -I$(CUSTOM_EDL_PATH) -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/stlport -I$(SGX_SDK)/include/epid -I ./enclave -I./include
+
+RustEnclave_Link_Libs := -L$(CUSTOM_LIBRARY_PATH) -lcompiler-rt-patch -lenclave
+RustEnclave_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector $(RustEnclave_Include_Paths)
+RustEnclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \
+ -Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
+ -Wl,--start-group -lsgx_tstdc -l$(Service_Library_Name) -l$(Crypto_Library_Name) $(RustEnclave_Link_Libs) -Wl,--end-group \
+ -Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
+ -Wl,-pie,-eenclave_entry -Wl,--export-dynamic \
+ -Wl,--defsym,__ImageBase=0 \
+ -Wl,--gc-sections \
+ -Wl,--version-script=enclave/Enclave.lds
+
+RustEnclave_Name := enclave/enclave.so
+Signed_RustEnclave_Name := bin/enclave.signed.so
+
+.PHONY: all
+all: $(App_Name) $(Signed_RustEnclave_Name)
+
+######## EDL Objects ########
+
+$(Enclave_EDL_Files): $(SGX_EDGER8R) enclave/Enclave.edl
+ $(SGX_EDGER8R) --trusted enclave/Enclave.edl --search-path $(SGX_SDK)/include --search-path ../../edl --trusted-dir enclave
+ $(SGX_EDGER8R) --untrusted enclave/Enclave.edl --search-path $(SGX_SDK)/include --search-path ../../edl --untrusted-dir app
+ @echo "GEN => $(Enclave_EDL_Files)"
+
+######## App Objects ########
+
+app/Enclave_u.o: $(Enclave_EDL_Files)
+ @$(CC) $(App_C_Flags) -c app/Enclave_u.c -o $@
+ @echo "CC <= $<"
+
+$(App_Enclave_u_Object): app/Enclave_u.o
+ $(AR) rcsD $@ $^
+ cp $(App_Enclave_u_Object) ./lib
+
+$(App_Name): $(App_Enclave_u_Object) $(App_SRC_Files)
+ @cd app && SGX_SDK=$(SGX_SDK) cargo build $(App_Rust_Flags)
+ @echo "Cargo => $@"
+ mkdir -p bin
+ cp $(App_Rust_Path)/app ./bin
+
+######## Enclave Objects ########
+
+enclave/Enclave_t.o: $(Enclave_EDL_Files)
+ @$(CC) $(RustEnclave_Compile_Flags) -c enclave/Enclave_t.c -o $@
+ @echo "CC <= $<"
+
+$(RustEnclave_Name): enclave compiler-rt enclave/Enclave_t.o
+ cp ../../compiler-rt/libcompiler-rt-patch.a ./lib
+ @$(CXX) enclave/Enclave_t.o -o $@ $(RustEnclave_Link_Flags)
+ @echo "LINK => $@"
+
+$(Signed_RustEnclave_Name): $(RustEnclave_Name)
+ mkdir -p bin
+ @$(SGX_ENCLAVE_SIGNER) sign -key enclave/Enclave_private.pem -enclave $(RustEnclave_Name) -out $@ -config enclave/Enclave.config.xml
+ @echo "SIGN => $@"
+
+.PHONY: enclave
+enclave:
+ $(MAKE) -C ./enclave/
+
+.PHONY: compiler-rt
+compiler-rt:
+ $(MAKE) -C ../../compiler-rt/ 2> /dev/null
+
+.PHONY: clean
+clean:
+ @rm -f $(App_Name) $(RustEnclave_Name) $(Signed_RustEnclave_Name) enclave/*_t.* app/*_u.* lib/*.a
+ @cd enclave && cargo clean && rm -f Cargo.lock
+ @cd app && cargo clean && rm -f Cargo.lock
+
diff --git a/samplecode/prost-protobuf/app/Cargo.toml b/samplecode/prost-protobuf/app/Cargo.toml
new file mode 100644
index 0000000..357ccb6
--- /dev/null
+++ b/samplecode/prost-protobuf/app/Cargo.toml
@@ -0,0 +1,16 @@
+[package]
+name = "app"
+version = "1.0.0"
+authors = ["Baidu"]
+build = "build.rs"
+
+[dependencies]
+sgx_types = { rev = "v1.0.9", git = "https://github.com/baidu/rust-sgx-sdk.git" }
+sgx_urts = { rev = "v1.0.9", git = "https://github.com/baidu/rust-sgx-sdk.git" }
+dirs = "1.0.2"
+prost = "*"
+prost-types = "*"
+bytes = "*"
+
+[build-dependencies]
+prost-build = "*"
diff --git a/samplecode/prost-protobuf/app/src/main.rs b/samplecode/prost-protobuf/app/src/main.rs
new file mode 100644
index 0000000..eaaaa2c
--- /dev/null
+++ b/samplecode/prost-protobuf/app/src/main.rs
@@ -0,0 +1,168 @@
+// Copyright (C) 2017-2018 Baidu, Inc. All Rights Reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions
+// are met:
+//
+// * Redistributions of source code must retain the above copyright
+// notice, this list of conditions and the following disclaimer.
+// * Redistributions in binary form must reproduce the above copyright
+// notice, this list of conditions and the following disclaimer in
+// the documentation and/or other materials provided with the
+// distribution.
+// * Neither the name of Baidu, Inc., nor the names of its
+// contributors may be used to endorse or promote products derived
+// from this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+extern crate sgx_types;
+extern crate sgx_urts;
+extern crate dirs;
+extern crate prost;
+extern crate bytes;
+
+use sgx_types::*;
+use sgx_urts::SgxEnclave;
+
+use std::io::{Read, Write};
+use std::fs;
+use std::path;
+
+use prost::Message;
+
+static ENCLAVE_FILE: &'static str = "enclave.signed.so";
+static ENCLAVE_TOKEN: &'static str = "enclave.token";
+
+extern {
+ fn say_something(eid: sgx_enclave_id_t, retval: *mut sgx_status_t,
+ some_string: *const u8, len: usize) -> sgx_status_t;
+}
+
+mod person{
+ include!(concat!(env!("OUT_DIR"), "/person.rs"));
+}
+
+fn init_enclave() -> SgxResult<SgxEnclave> {
+
+ let mut launch_token: sgx_launch_token_t = [0; 1024];
+ let mut launch_token_updated: i32 = 0;
+ // Step 1: try to retrieve the launch token saved by last transaction
+ // if there is no token, then create a new one.
+ //
+ // try to get the token saved in $HOME */
+ let mut home_dir = path::PathBuf::new();
+ let use_token = match dirs::home_dir() {
+ Some(path) => {
+ println!("[+] Home dir is {}", path.display());
+ home_dir = path;
+ true
+ },
+ None => {
+ println!("[-] Cannot get home dir");
+ false
+ }
+ };
+
+ let token_file: path::PathBuf = home_dir.join(ENCLAVE_TOKEN);;
+ if use_token == true {
+ match fs::File::open(&token_file) {
+ Err(_) => {
+ println!("[-] Open token file {} error! Will create one.", token_file.as_path().to_str().unwrap());
+ },
+ Ok(mut f) => {
+ println!("[+] Open token file success! ");
+ match f.read(&mut launch_token) {
+ Ok(1024) => {
+ println!("[+] Token file valid!");
+ },
+ _ => println!("[+] Token file invalid, will create new token file"),
+ }
+ }
+ }
+ }
+
+ // Step 2: call sgx_create_enclave to initialize an enclave instance
+ // Debug Support: set 2nd parameter to 1
+ let debug = 1;
+ let mut misc_attr = sgx_misc_attribute_t {secs_attr: sgx_attributes_t { flags:0, xfrm:0}, misc_select:0};
+ let enclave = try!(SgxEnclave::create(ENCLAVE_FILE,
+ debug,
+ &mut launch_token,
+ &mut launch_token_updated,
+ &mut misc_attr));
+
+ // Step 3: save the launch token if it is updated
+ if use_token == true && launch_token_updated != 0 {
+ // reopen the file with write capablity
+ match fs::File::create(&token_file) {
+ Ok(mut f) => {
+ match f.write_all(&launch_token) {
+ Ok(()) => println!("[+] Saved updated launch token!"),
+ Err(_) => println!("[-] Failed to save updated launch token!"),
+ }
+ },
+ Err(_) => {
+ println!("[-] Failed to save updated enclave token, but doesn't matter");
+ },
+ }
+ }
+
+ Ok(enclave)
+}
+
+fn main() {
+
+ let enclave = match init_enclave() {
+ Ok(r) => {
+ println!("[+] Init Enclave Successful {}!", r.geteid());
+ r
+ },
+ Err(x) => {
+ println!("[-] Init Enclave Failed {}!", x.as_str());
+ return;
+ },
+ };
+
+ //let input_string = String::from("This is a normal world string passed into Enclave!\n");
+
+ let david: person::Person = person::Person {
+ name: "David".to_string(),
+ id: 0x12345678,
+ email: "david@foo.com".to_string()
+ };
+
+ let mut david_vec = Vec::new();
+ david.encode(&mut david_vec).unwrap();
+
+ let mut retval = sgx_status_t::SGX_SUCCESS;
+
+ let result = unsafe {
+ say_something(enclave.geteid(),
+ &mut retval,
+ david_vec.as_ptr() as * const u8,
+ david_vec.len())
+ };
+
+ match result {
+ sgx_status_t::SGX_SUCCESS => {},
+ _ => {
+ println!("[-] ECALL Enclave Failed {}!", result.as_str());
+ return;
+ }
+ }
+
+ println!("[+] say_something success...");
+
+ enclave.destroy();
+}
diff --git a/samplecode/prost-protobuf/bin/readme.txt b/samplecode/prost-protobuf/bin/readme.txt
new file mode 100644
index 0000000..7951405
--- /dev/null
+++ b/samplecode/prost-protobuf/bin/readme.txt
@@ -0,0 +1 @@
+lib
\ No newline at end of file
diff --git a/samplecode/prost-protobuf/enclave/Cargo.toml b/samplecode/prost-protobuf/enclave/Cargo.toml
new file mode 100644
index 0000000..ac13992
--- /dev/null
+++ b/samplecode/prost-protobuf/enclave/Cargo.toml
@@ -0,0 +1,23 @@
+[package]
+name = "Helloworldsampleenclave"
+version = "1.0.0"
+authors = ["Baidu"]
+
+[lib]
+name = "helloworldsampleenclave"
+crate-type = ["staticlib"]
+
+[features]
+default = []
+
+[dependencies]
+prost = { git = "https://github.com/mesalock-linux/prost-sgx" }
+bytes = { git = "https://github.com/mesalock-linux/bytes-sgx" }
+prost-types = { git = "https://github.com/mesalock-linux/prost-sgx" }
+
+[build-dependencies]
+prost-build = "*"
+
+[target.'cfg(not(target_env = "sgx"))'.dependencies]
+sgx_types = { rev = "v1.0.9", git = "https://github.com/baidu/rust-sgx-sdk.git" }
+sgx_tstd = { rev = "v1.0.9", git = "https://github.com/baidu/rust-sgx-sdk.git" }
diff --git a/samplecode/prost-protobuf/enclave/Enclave.config.xml b/samplecode/prost-protobuf/enclave/Enclave.config.xml
new file mode 100644
index 0000000..ee4c3f7
--- /dev/null
+++ b/samplecode/prost-protobuf/enclave/Enclave.config.xml
@@ -0,0 +1,12 @@
+<!-- Please refer to User's Guide for the explanation of each field -->
+<EnclaveConfiguration>
+ <ProdID>0</ProdID>
+ <ISVSVN>0</ISVSVN>
+ <StackMaxSize>0x40000</StackMaxSize>
+ <HeapMaxSize>0x100000</HeapMaxSize>
+ <TCSNum>1</TCSNum>
+ <TCSPolicy>1</TCSPolicy>
+ <DisableDebug>0</DisableDebug>
+ <MiscSelect>0</MiscSelect>
+ <MiscMask>0xFFFFFFFF</MiscMask>
+</EnclaveConfiguration>
diff --git a/samplecode/prost-protobuf/enclave/Enclave.lds b/samplecode/prost-protobuf/enclave/Enclave.lds
new file mode 100644
index 0000000..e3d9d0e
--- /dev/null
+++ b/samplecode/prost-protobuf/enclave/Enclave.lds
@@ -0,0 +1,9 @@
+enclave.so
+{
+ global:
+ g_global_data_sim;
+ g_global_data;
+ enclave_entry;
+ local:
+ *;
+};
diff --git a/samplecode/prost-protobuf/enclave/Enclave_private.pem b/samplecode/prost-protobuf/enclave/Enclave_private.pem
new file mode 100644
index 0000000..529d07b
--- /dev/null
+++ b/samplecode/prost-protobuf/enclave/Enclave_private.pem
@@ -0,0 +1,39 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIG4gIBAAKCAYEAroOogvsj/fZDZY8XFdkl6dJmky0lRvnWMmpeH41Bla6U1qLZ
+AmZuyIF+mQC/cgojIsrBMzBxb1kKqzATF4+XwPwgKz7fmiddmHyYz2WDJfAjIveJ
+ZjdMjM4+EytGlkkJ52T8V8ds0/L2qKexJ+NBLxkeQLfV8n1mIk7zX7jguwbCG1Pr
+nEMdJ3Sew20vnje+RsngAzdPChoJpVsWi/K7cettX/tbnre1DL02GXc5qJoQYk7b
+3zkmhz31TgFrd9VVtmUGyFXAysuSAb3EN+5VnHGr0xKkeg8utErea2FNtNIgua8H
+ONfm9Eiyaav1SVKzPHlyqLtcdxH3I8Wg7yqMsaprZ1n5A1v/levxnL8+It02KseD
+5HqV4rf/cImSlCt3lpRg8U5E1pyFQ2IVEC/XTDMiI3c+AR+w2jSRB3Bwn9zJtFlW
+KHG3m1xGI4ck+Lci1JvWWLXQagQSPtZTsubxTQNx1gsgZhgv1JHVZMdbVlAbbRMC
+1nSuJNl7KPAS/VfzAgEDAoIBgHRXxaynbVP5gkO0ug6Qw/E27wzIw4SmjsxG6Wpe
+K7kfDeRskKxESdsA/xCrKkwGwhcx1iIgS5+Qscd1Yg+1D9X9asd/P7waPmWoZd+Z
+AhlKwhdPsO7PiF3e1AzHhGQwsUTt/Y/aSI1MpHBvy2/s1h9mFCslOUxTmWw0oj/Q
+ldIEgWeNR72CE2+jFIJIyml6ftnb6qzPiga8Bm48ubKh0kvySOqnkmnPzgh+JBD6
+JnBmtZbfPT97bwTT+N6rnPqOOApvfHPf15kWI8yDbprG1l4OCUaIUH1AszxLd826
+5IPM+8gINLRDP1MA6azECPjTyHXhtnSIBZCyWSVkc05vYmNXYUNiXWMajcxW9M02
+wKzFELO8NCEAkaTPxwo4SCyIjUxiK1LbQ9h8PSy4c1+gGP4LAMR8xqP4QKg6zdu9
+osUGG/xRe/uufgTBFkcjqBHtK5L5VI0jeNIUAgW/6iNbYXjBMJ0GfauLs+g1VsOm
+WfdgXzsb9DYdMa0OXXHypmV4GwKBwQDUwQj8RKJ6c8cT4vcWCoJvJF00+RFL+P3i
+Gx2DLERxRrDa8AVGfqaCjsR+3vLgG8V/py+z+dxZYSqeB80Qeo6PDITcRKoeAYh9
+xlT3LJOS+k1cJcEmlbbO2IjLkTmzSwa80fWexKu8/Xv6vv15gpqYl1ngYoqJM3pd
+vzmTIOi7MKSZ0WmEQavrZj8zK4endE3v0eAEeQ55j1GImbypSf7Idh7wOXtjZ7WD
+Dg6yWDrri+AP/L3gClMj8wsAxMV4ZR8CgcEA0fzDHkFa6raVOxWnObmRoDhAtE0a
+cjUj976NM5yyfdf2MrKy4/RhdTiPZ6b08/lBC/+xRfV3xKVGzacm6QjqjZrUpgHC
+0LKiZaMtccCJjLtPwQd0jGQEnKfMFaPsnhOc5y8qVkCzVOSthY5qhz0XNotHHFmJ
+gffVgB0iqrMTvSL7IA2yqqpOqNRlhaYhNl8TiFP3gIeMtVa9rZy31JPgT2uJ+kfo
+gV7sdTPEjPWZd7OshGxWpT6QfVDj/T9T7L6tAoHBAI3WBf2DFvxNL2KXT2QHAZ9t
+k3imC4f7U+wSE6zILaDZyzygA4RUbwG0gv8/TJVn2P/Eynf76DuWHGlaiLWnCbSz
+Az2DHBQBBaku409zDQym3j1ugMRjzzSQWzJg0SIyBH3hTmnYcn3+Uqcp/lEBvGW6
+O+rsXFt3pukqJmIV8HzLGGaLm62BHUeZf3dyWm+i3p/hQAL7Xvu04QW70xuGqdr5
+afV7p5eaeQIJXyGQJ0eylV/90+qxjMKiB1XYg6WYvwKBwQCL/ddpgOdHJGN8uRom
+e7Zq0Csi3hGheMKlKbN3vcxT5U7MdyHtTZZOJbTvxKNNUNYH/8uD+PqDGNneb29G
+BfGzvI3EASyLIcGZF3OhKwZd0jUrWk2y7Vhob91jwp2+t73vdMbkKyI4mHOuXvGv
+fg95si9oO7EBT+Oqvhccd2J+F1IVXncccYnF4u5ZGWt5lLewN/pVr7MjjykeaHqN
+t+rfnQam2psA6fL4zS2zTmZPzR2tnY8Y1GBTi0Ko1OKd1HMCgcAb5cB/7/AQlhP9
+yQa04PLH9ygQkKKptZp7dy5WcWRx0K/hAHRoi2aw1wZqfm7VBNu2SLcs90kCCCxp
+6C5sfJi6b8NpNbIPC+sc9wsFr7pGo9SFzQ78UlcWYK2Gu2FxlMjonhka5hvo4zvg
+WxlpXKEkaFt3gLd92m/dMqBrHfafH7VwOJY2zT3WIpjwuk0ZzmRg5p0pG/svVQEH
+NZmwRwlopysbR69B/n1nefJ84UO50fLh5s5Zr3gBRwbWNZyzhXk=
+-----END RSA PRIVATE KEY-----
diff --git a/samplecode/prost-protobuf/enclave/Makefile b/samplecode/prost-protobuf/enclave/Makefile
new file mode 100644
index 0000000..198251b
--- /dev/null
+++ b/samplecode/prost-protobuf/enclave/Makefile
@@ -0,0 +1,44 @@
+# Copyright (C) 2017-2018 Baidu, Inc. All Rights Reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+# * Neither the name of Baidu, Inc., nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+Rust_Enclave_Name := libenclave.a
+Rust_Enclave_Files := $(wildcard src/*.rs)
+Rust_Target_Path := $(CURDIR)
+
+.PHONY: all
+
+all: $(Rust_Enclave_Name)
+
+$(Rust_Enclave_Name): $(Rust_Enclave_Files)
+ifeq ($(XARGO_SGX), 1)
+ RUST_TARGET_PATH=$(Rust_Target_Path) xargo build --target x86_64-unknown-linux-sgx --release
+ cp ./target/x86_64-unknown-linux-sgx/release/libhelloworldsampleenclave.a ../lib/libenclave.a
+else
+ cargo build --release
+ cp ./target/release/libhelloworldsampleenclave.a ../lib/libenclave.a
+endif
diff --git a/samplecode/prost-protobuf/enclave/Xargo.toml b/samplecode/prost-protobuf/enclave/Xargo.toml
new file mode 100644
index 0000000..c088ebb
--- /dev/null
+++ b/samplecode/prost-protobuf/enclave/Xargo.toml
@@ -0,0 +1,90 @@
+[dependencies]
+alloc = {}
+
+[dependencies.sgx_types]
+path = "../../../sgx_types"
+stage = 1
+
+[dependencies.sgx_demangle]
+path = "../../../sgx_demangle"
+stage = 1
+
+[dependencies.panic_abort]
+path = "../../../sgx_panic_abort"
+stage = 1
+
+[dependencies.sgx_libc]
+path = "../../../sgx_libc"
+stage = 2
+
+[dependencies.sgx_tkey_exchange]
+path = "../../../sgx_tkey_exchange"
+stage = 2
+
+[dependencies.sgx_tservice]
+path = "../../../sgx_tservice"
+stage = 2
+
+[dependencies.sgx_tse]
+path = "../../../sgx_tse"
+stage = 2
+
+[dependencies.sgx_tcrypto]
+path = "../../../sgx_tcrypto"
+stage = 2
+
+[dependencies.sgx_trts]
+path = "../../../sgx_trts"
+stage = 3
+
+[dependencies.sgx_backtrace_sys]
+path = "../../../sgx_backtrace_sys"
+stage = 3
+
+[dependencies.sgx_unwind]
+path = "../../../sgx_unwind"
+stage = 4
+
+[dependencies.sgx_tdh]
+path = "../../../sgx_tdh"
+stage = 4
+
+[dependencies.sgx_tseal]
+path = "../../../sgx_tseal"
+stage = 4
+
+[dependencies.sgx_tprotected_fs]
+path = "../../../sgx_tprotected_fs"
+stage = 4
+
+[dependencies.sgx_alloc]
+path = "../../../sgx_alloc"
+stage = 4
+
+[dependencies.panic_unwind]
+path = "../../../sgx_panic_unwind"
+stage = 5
+
+[dependencies.std]
+path = "../../../xargo/sgx_tstd"
+stage = 6
+
+[dependencies.sgx_rand]
+path = "../../../sgx_rand"
+stage = 7
+
+[dependencies.sgx_serialize]
+path = "../../../sgx_serialize"
+stage = 7
+
+[dependencies.sgx_tunittest]
+path = "../../../sgx_tunittest"
+stage = 7
+
+[dependencies.sgx_backtrace]
+path = "../../../sgx_backtrace"
+stage = 8
+
+[dependencies.sgx_cov]
+path = "../../../sgx_cov"
+stage = 8
diff --git a/samplecode/prost-protobuf/enclave/build.rs b/samplecode/prost-protobuf/enclave/build.rs
new file mode 100644
index 0000000..4685c45
--- /dev/null
+++ b/samplecode/prost-protobuf/enclave/build.rs
@@ -0,0 +1,9 @@
+use std::path::PathBuf;
+
+fn main () {
+ let src = PathBuf::from("..");
+ let includes = &[src.clone()];
+ let mut config = prost_build::Config::new();
+
+ config.compile_protos(&[src.join("person.proto")], includes).unwrap();
+}
diff --git a/edl/inc/dirent.h b/samplecode/prost-protobuf/enclave/src/lib.rs
similarity index 57%
copy from edl/inc/dirent.h
copy to samplecode/prost-protobuf/enclave/src/lib.rs
index ba3c2c3..41d5c15 100644
--- a/edl/inc/dirent.h
+++ b/samplecode/prost-protobuf/enclave/src/lib.rs
@@ -1,4 +1,4 @@
-// Copyright (C) 2017-2019 Baidu, Inc. All Rights Reserved.
+// Copyright (C) 2017-2018 Baidu, Inc. All Rights Reserved.
//
// Redistribution and use in source and binary forms, with or without
// modification, are permitted provided that the following conditions
@@ -26,25 +26,44 @@
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#ifndef _EDL_DIRENT_H
-#define _EDL_DIRENT_H
-
-struct dirent_t
-{
- uint64_t d_ino;
- int64_t d_off;
- unsigned short int d_reclen;
- unsigned char d_type;
- char d_name[256];
-};
-
-struct dirent64_t
-{
- uint64_t d_ino;
- int64_t d_off;
- unsigned short int d_reclen;
- unsigned char d_type;
- char d_name[256];
-};
-
-#endif
\ No newline at end of file
+#![crate_name = "helloworldsampleenclave"]
+#![crate_type = "staticlib"]
+
+#![cfg_attr(not(target_env = "sgx"), no_std)]
+#![cfg_attr(target_env = "sgx", feature(rustc_private))]
+
+extern crate sgx_types;
+#[cfg(not(target_env = "sgx"))]
+#[macro_use]
+extern crate sgx_tstd as std;
+
+use sgx_types::*;
+use std::slice;
+
+extern crate prost;
+extern crate prost_types;
+extern crate bytes;
+
+use prost::Message;
+use prost_types::Timestamp;
+
+mod person {
+ include!(concat!(env!("OUT_DIR"), "/person.rs"));
+}
+
+#[no_mangle]
+pub extern "C" fn say_something(some_string: *const u8, some_len: usize) -> sgx_status_t {
+ let person_slice = unsafe { slice::from_raw_parts(some_string, some_len) };
+
+ let the_one: person::Person = person::Person::decode(person_slice).unwrap();
+ println!("name: {}, id: 0x{:08X}, email at: {}",
+ the_one.name,
+ the_one.id,
+ the_one.email);
+ println!("{:?}", the_one);
+
+ let ts = Timestamp { seconds: 0x1234, nanos: 0x5678 };
+ println!("well known types ts = {:?}", ts);
+
+ sgx_status_t::SGX_SUCCESS
+}
diff --git a/samplecode/prost-protobuf/enclave/x86_64-unknown-linux-sgx.json b/samplecode/prost-protobuf/enclave/x86_64-unknown-linux-sgx.json
new file mode 100644
index 0000000..10d37a7
--- /dev/null
+++ b/samplecode/prost-protobuf/enclave/x86_64-unknown-linux-sgx.json
@@ -0,0 +1,31 @@
+{
+ "arch": "x86_64",
+ "cpu": "x86-64",
+ "data-layout": "e-m:e-i64:64-f80:128-n8:16:32:64-S128",
+ "dynamic-linking": true,
+ "env": "sgx",
+ "exe-allocation-crate": "alloc_system",
+ "executables": true,
+ "has-elf-tls": true,
+ "has-rpath": true,
+ "linker-flavor": "gcc",
+ "linker-is-gnu": true,
+ "llvm-target": "x86_64-unknown-linux-gnu",
+ "max-atomic-width": 64,
+ "os": "linux",
+ "position-independent-executables": true,
+ "pre-link-args": {
+ "gcc": [
+ "-Wl,--as-needed",
+ "-Wl,-z,noexecstack",
+ "-m64"
+ ]
+ },
+ "relro-level": "full",
+ "stack-probes": true,
+ "target-c-int-width": "32",
+ "target-endian": "little",
+ "target-family": "unix",
+ "target-pointer-width": "64",
+ "vendor": "mesalock"
+}
diff --git a/samplecode/prost-protobuf/lib/readme.txt b/samplecode/prost-protobuf/lib/readme.txt
new file mode 100644
index 0000000..7951405
--- /dev/null
+++ b/samplecode/prost-protobuf/lib/readme.txt
@@ -0,0 +1 @@
+lib
\ No newline at end of file
diff --git a/samplecode/prost-protobuf/person.proto b/samplecode/prost-protobuf/person.proto
new file mode 100644
index 0000000..5c7d2e5
--- /dev/null
+++ b/samplecode/prost-protobuf/person.proto
@@ -0,0 +1,8 @@
+syntax = "proto3";
+package person;
+
+message Person {
+ string name = 1;
+ int32 id = 2;
+ string email = 3;
+}
diff --git a/third_party/Readme.md b/third_party/Readme.md
index b1b93e1..f561198 100644
--- a/third_party/Readme.md
+++ b/third_party/Readme.md
@@ -1,5 +1,37 @@
-# Attention
+# The World of Forked crates
-Since all of the code samples depends on forked crate, we removed all of the old dependencies in this directory.
+We created a "super repo" at [dingelish/sgx-world](https://github.com/dingelish/sgx-world), which includes all the forked repos as git submodules.
-We'll provide a world map of the forked crates later.
+We created a "dumb crate" [dumb-all](https://github.com/dingelish/sgx-world/tree/master/dumb-all) to help us maintain the world of forked crates. Each dependency of dumb-all is a valid crate in Rust-SGX ecosystem. The enabled feature set is likely to be the universe of supported feature set. Exceptions exist in a couple of crates, where there are conflict features.
+
+Generally speaking, to use a forked crate, simply use the following statement:
+
+```toml
+wasmi = { git = "https://github.com/mesalock-linux/wasmi-sgx" }
+```
+
+No need to config the branch in most cases. Only a few of the forked crates use specific branches.
+
+## Tagging
+
+As of today, Oct 23 2019, cargo still has problem on git dependencies. The issue is [cargo #7497](https://github.com/rust-lang/cargo/issues/7497). It leads to a dependency hell if the Cargo.toml looks like:
+
+```toml
+foo = { git = "https://github.com/..." }
+foo = { git = "https://github.com/...", rev = "deadbeaf" }
+foo = { git = "https://github.com/...", tag = "deadbeaf" }
+```
+
+These three foos are all valid, but different from each other in compilation. Assume that crate `bar` depends on foo with the first one, and `haa` depends on foo with the second one, then the dependency tree is going to mess up. So this is the reason that almost all forked crates are tagged with `sgx_1.0.9` but the cross references are not using that tag.
+
+One potential fix is a tool to fix Cargo.lock and remove the redundant crates. I've done this successfully by manually dedup Cargo.lock according to the hash value instead of URI. Maybe we can automate this later"
+
+## The World Map
+
+Generated by `cargo deps` on dumb-all.
+
+
+
+## Security audit
+
+We use [`cargo-audit`](https://github.com/RustSec/cargo-audit) to automatically check for known vulnerabilities. And the pipeline has been added to CI which runs nightly. We'll update immediately once we find a security issue by `cargo-audit`. Thanks to @tarcieri for this fantastic tool!
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@mesatee.apache.org
For additional commands, e-mail: commits-help@mesatee.apache.org