From 3d8581a946eea56fa9dbbf46c27ee202888867cf Mon Sep 17 00:00:00 2001 From: Andras Slemmer Date: Mon, 5 Jun 2017 19:21:47 +0100 Subject: [PATCH] Add noop-enclave --- sgx-jvm/noop-enclave/CMakeLists.txt | 111 ++++++++++++++++++++++ sgx-jvm/noop-enclave/Makefile | 14 +++ sgx-jvm/noop-enclave/enclave.xml | 12 +++ sgx-jvm/noop-enclave/linkerscript.lds | 9 ++ sgx-jvm/noop-enclave/selfsigning.pem | 39 ++++++++ sgx-jvm/noop-enclave/src/empty.edl | 5 + sgx-jvm/noop-enclave/src/noop_enclave.cpp | 3 + 7 files changed, 193 insertions(+) create mode 100644 sgx-jvm/noop-enclave/CMakeLists.txt create mode 100644 sgx-jvm/noop-enclave/Makefile create mode 100644 sgx-jvm/noop-enclave/enclave.xml create mode 100644 sgx-jvm/noop-enclave/linkerscript.lds create mode 100644 sgx-jvm/noop-enclave/selfsigning.pem create mode 100644 sgx-jvm/noop-enclave/src/empty.edl create mode 100644 sgx-jvm/noop-enclave/src/noop_enclave.cpp diff --git a/sgx-jvm/noop-enclave/CMakeLists.txt b/sgx-jvm/noop-enclave/CMakeLists.txt new file mode 100644 index 0000000000..9fdbc3cb33 --- /dev/null +++ b/sgx-jvm/noop-enclave/CMakeLists.txt @@ -0,0 +1,111 @@ +cmake_minimum_required(VERSION 3.5) + +set(SGX_SDK ${CMAKE_CURRENT_SOURCE_DIR}/../linux-sgx) +set(SGX_LIBRARY_PATH ${SGX_SDK}/build/linux) +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fvisibility=hidden -fpie -fstack-protector") +set(SGX_SIGN_TOOL ${SGX_SDK}/build/linux/sgx_sign) +set(ENCLAVE_UNSIGNED_OUTPUT_LIB noop_enclave.so) +set(ENCLAVE_BLOB_TO_SIGN noop_enclave_blob_to_sign.bin) +set(ENCLAVE_SIGNED_OUTPUT_LIB noop_enclave.signed.so) +set(PRIVATE_KEY_NAME selfsigning.pem) +set(PUBLIC_KEY_NAME selfsigning.public.pem) +set(NOOP_ENCLAVE noop_enclave_objects) +set(SGX_SDK_INCLUDE ${SGX_SDK}/common/inc) +set(GENERATED_RPC_DIR ${CMAKE_CURRENT_BINARY_DIR}/rpc) +set(ENCLAVE_SIGNATURE noop_enclave.signature.sha256) + +set(GENERATED_EDL_FILES ${GENERATED_RPC_DIR}/empty_t.c ${GENERATED_RPC_DIR}/empty_t.h ${GENERATED_RPC_DIR}/empty_u.c ${GENERATED_RPC_DIR}/empty_u.h) +add_custom_command( + OUTPUT ${GENERATED_EDL_FILES} + COMMAND edger8r --search-path ${CMAKE_CURRENT_SOURCE_DIR}/src --search-path ${SGX_SDK_INCLUDE} --trusted-dir ${GENERATED_RPC_DIR} --untrusted-dir ${GENERATED_RPC_DIR} ${CMAKE_CURRENT_SOURCE_DIR}/src/empty.edl + DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/src/empty.edl ${SGX_LIBRARY_PATH}/sgx_edger8r ${SGX_SDK_INCLUDE} +) +set_source_files_properties(${GENERATED_EDL_FILES} PROPERTIES GENERATED TRUE) +add_custom_target( + GENERATED_EDL + DEPENDS ${GENERATED_EDL_FILES} +) + +add_library(${NOOP_ENCLAVE} ${CMAKE_CURRENT_SOURCE_DIR}/src/noop_enclave.cpp ${GENERATED_RPC_DIR}/empty_t.c) +add_dependencies(${NOOP_ENCLAVE} GENERATED_EDL) +set_property(TARGET ${NOOP_ENCLAVE} PROPERTY POSITION_INDEPENDENT_CODE ON) +target_include_directories(${NOOP_ENCLAVE} PUBLIC ${SGX_SDK_INCLUDE} ${SGX_SDK_INCLUDE}/tlibc ${GENERATED_RPC_DIR}) +target_compile_options(${NOOP_ENCLAVE} PUBLIC -nostdinc) + +add_executable(edger8r IMPORTED) +set_target_properties(edger8r PROPERTIES IMPORTED_LOCATION ${SGX_LIBRARY_PATH}/sgx_edger8r) + +if(SGX_USE_HARDWARE) + set(TRTS_LIB "sgx_trts") + set(SGX_SERVICE_LIB "sgx_tservice") +else() + set(TRTS_LIB "sgx_trts_sim") + set(SGX_SERVICE_LIB "sgx_tservice_sim") +endif() + +set(ENCLAVE_LINKER_FLAGS + "-Wl,--no-undefined" + "-nostdlib" + "-nodefaultlibs" + "-nostartfiles" + "-L${SGX_LIBRARY_PATH}" + "-Wl,--whole-archive" + "-l${TRTS_LIB}" + "-Wl,--no-whole-archive" + "-Wl,--start-group" + "lib${NOOP_ENCLAVE}.a" + "-lsgx_tstdc" + "-lsgx_tstdcxx" + "-lsgx_tcrypto" + "-l${SGX_SERVICE_LIB}" + "-Wl,--end-group" + "-Wl,-Bstatic" + "-Wl,-Bsymbolic" + "-Wl,--no-undefined" + "-Wl,-pie,-eenclave_entry" + "-Wl,--export-dynamic" + "-Wl,--defsym,__ImageBase=0" + "-Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/linkerscript.lds" +) + +add_custom_command( + OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_UNSIGNED_OUTPUT_LIB} + COMMAND ${CMAKE_CXX_COMPILER} -o ${ENCLAVE_UNSIGNED_OUTPUT_LIB} ${ENCLAVE_LINKER_FLAGS} + DEPENDS ${NOOP_ENCLAVE} ${SGX_LIBRARY_PATH} +) + +add_executable(sgx_sign IMPORTED) +set_target_properties(sgx_sign PROPERTIES IMPORTED_LOCATION ${SGX_SIGN_TOOL}) + +# add_custom_command( +# OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_SIGNED_OUTPUT_LIB} +# COMMAND sgx_sign sign -key ${CMAKE_CURRENT_SOURCE_DIR}/${PRIVATE_KEY_NAME} -enclave ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_UNSIGNED_OUTPUT_LIB} -out ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_SIGNED_OUTPUT_LIB} -config ${CMAKE_CURRENT_SOURCE_DIR}/enclave.xml +# DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_UNSIGNED_OUTPUT_LIB} ${CMAKE_CURRENT_SOURCE_DIR}/${PRIVATE_KEY_NAME} ${CMAKE_CURRENT_SOURCE_DIR}/enclave.xml +# ) + +add_custom_command( + OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_BLOB_TO_SIGN} + COMMAND sgx_sign gendata -enclave ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_UNSIGNED_OUTPUT_LIB} -out ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_BLOB_TO_SIGN} -config ${CMAKE_CURRENT_SOURCE_DIR}/enclave.xml + DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_UNSIGNED_OUTPUT_LIB} +) + +# TODO: replace with getting the pubkey from HSM +add_custom_command( + OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/${PUBLIC_KEY_NAME} + COMMAND openssl rsa -in ${CMAKE_CURRENT_SOURCE_DIR}/${PRIVATE_KEY_NAME} -pubout -out ${CMAKE_CURRENT_BINARY_DIR}/${PUBLIC_KEY_NAME} +) + +# TODO: replace with signing on HSM +add_custom_command( + OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_SIGNATURE} + COMMAND openssl dgst -sha256 -sign ${CMAKE_CURRENT_SOURCE_DIR}/${PRIVATE_KEY_NAME} -out ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_SIGNATURE} ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_BLOB_TO_SIGN} + DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_BLOB_TO_SIGN} +) + +add_custom_command( + OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_SIGNED_OUTPUT_LIB} + COMMAND sgx_sign catsig -enclave ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_UNSIGNED_OUTPUT_LIB} -key ${CMAKE_CURRENT_BINARY_DIR}/${PUBLIC_KEY_NAME} -sig ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_SIGNATURE} -unsigned ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_BLOB_TO_SIGN} -config ${CMAKE_CURRENT_SOURCE_DIR}/enclave.xml -out ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_SIGNED_OUTPUT_LIB} + DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_SIGNATURE} ${CMAKE_CURRENT_BINARY_DIR}/${PUBLIC_KEY_NAME} +) + +add_custom_target(noop-enclave ALL DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_SIGNED_OUTPUT_LIB}) diff --git a/sgx-jvm/noop-enclave/Makefile b/sgx-jvm/noop-enclave/Makefile new file mode 100644 index 0000000000..2dd0ed89ec --- /dev/null +++ b/sgx-jvm/noop-enclave/Makefile @@ -0,0 +1,14 @@ +.PHONY: all +all: build/noop-enclave.so + +build: + mkdir -p build + +build/Makefile: | build + cd build/ && cmake .. + +build/noop-enclave.so: build/Makefile + $(MAKE) -C $( + 0 + 0 + 0x280000 + 0xFF00000 + 1 + 10 + 1 + 0 + 0 + 0xFFFFFFFF + diff --git a/sgx-jvm/noop-enclave/linkerscript.lds b/sgx-jvm/noop-enclave/linkerscript.lds new file mode 100644 index 0000000000..829e2929e9 --- /dev/null +++ b/sgx-jvm/noop-enclave/linkerscript.lds @@ -0,0 +1,9 @@ +noop_enclave.so +{ + global: + g_global_data_sim; + g_global_data; + enclave_entry; + local: + *; +}; diff --git a/sgx-jvm/noop-enclave/selfsigning.pem b/sgx-jvm/noop-enclave/selfsigning.pem new file mode 100644 index 0000000000..976edc7d8f --- /dev/null +++ b/sgx-jvm/noop-enclave/selfsigning.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4wIBAAKCAYEA0WN8oK1vGpJDTt81rc5csT5umw1rIkiymw8c9v5J1Yn+tXNd +GuaAqKj/xlbOtO4GjCvhOTsZnI0kklchrb4qYVs4SrLRecHjrwdACnwhgF/mkuMa +D9eOhNwgoVQTOsuLF7lHdUEN429Q9ER81S3wuEpOlQgU81Qiyi3UHVpmvxqoelzB +6ubDYWxCBGKpyGNflxcWE7Uic4Kp6S3b4gblRjmnuRipTV6aHh4vlKR69gNhGZst +LO5L/bqMb+kGKTbR537ouq0R8nfkhUGroP62UPkg7Uq0BktAMdo1pAJlKC2Rnzyq +kc3+05KWl+NSpEXN23BfPEL/Bx3AQ1lu0KlAuLTtT4zBkWqnAbo4UiP6/v+/o5L9 +RFu7oSQODTIrnfed7ojOll9SBxaG8jlXKx/o/ePoYfyDegzFyX1MkMY0fUrg8Li3 +CCzcDfPExl4r1gYEpVjACBBO8mBOsK3KSO6THm92bA7/alAEg7a5pTn/8NYwI6xH +dLlGizJ6idIYWervAgEDAoIBgQCLl6hrHkoRtteJ6iPJND3LfvRnXkdsMHcSChNP +VDE5BqnOTOi8masbG1Uu5InN9ARdcpYmJ2ZoXhhhj2vJKXGWPNAxzIumgUJ0r4AG +/Wuq6pm3QhFf5Qmt6BXA4rd8h7IP0NpOK16Xn4tNgv3jc/XQMYm4sA33jWyGyTgT +kZnUvHBRkyvx7yzrnYFYQcaFl5UPZLlieMGiVxvwyT1BWe4u0Rp7ZcYzlGa+vspj +GFH5V5YREh4d9DKpJwhKm1lwzzVlnIjerY9e7hIlM5R54R4lWb+C4+LF/mwHL8eU +Kp5EWno6+Hlr2TAnqLmZTunOG2uqfmJTvcP7G3KBTKd4WCk5IXYsJkIJBIzadp1F +mgzTTHe65nspGKaLQZpdyzecR/JWRjgu/Z9oDkDCUThHBu80Qr3dM+/R9OdanP4S +G3d3EjZKN6L151YOH/G5B1PiraX2f9BzZ9loP4OKvf103FCgg0z9sCb0j7n+g53l +xdy8eJ06WiSaV679lTp9AO4ErlsCgcEA6izSkT/2N2KPTqyEfEka7MHLtwp80Q4M +aK7OVR92bj70OSbtkwi5SunjBgoloAJhw3INq9c2Coz9/HJduviGVNBZWTOavOPf +NXtBIAPwDwyyxdli5zQP/s+M0Zu+LML3chMSIwDJHRtY3iE6ycIhW1KBqF2VoIVJ +jjRzw/t+wZqAE6Jmv/jZpyZ+pJuOUkPumELKfzpQzXuzJ+pMBCSH0DgI3LIu3ZLB +jD5wNKHvgBRX7Qtw92fKG/wQKhUDK8gFAoHBAOTnSNtoxKywOf7HyG3j7iwwtfHq +Yww/kb5ju/CjAVNm5g2hBtz/fU0rnSvizk8aSphAvhLPIwPnloT0FeEsfI4yYrQf +w8b/9ISNC0m497MAWUVf4Z+CsdFyGa7lmgbIuvsMaCziGc3lzPCeR/bTYNQtSe3R +Bh6YITNdW7GhgokVD23C29dZAVGdW4w3n6+9nRtWPNu6OAiFVjimghV/kl1yehLU +lh3lq/my3JfvRVYM7F8Zn5XN9fLWkqQ7sCcdYwKBwQCcHeG2KqQk7F+JyFhS22dI +gTJ6Bv3gtAhFyd7jak70KfgmGfO3WyYx8UIEBsPAAZaCTAkdOiQHCKlS9uknUFmN +4DuQzRHTQpTOUitqrUq0syHZO5dEzV//NQiLvSlzLKT2t2FsqzC+Ejs+wNHb1sDn +jFZwPmPAWNu0IvfX/P8rvFVibER/+zvExFRtvQmMLUm61zGqJuCI/SIanDKtba/g +JVs9zB8+YdZdfvV4a/UADY/zXPX6RTFn/WAcDgIdMAMCgcEAmJowkkXYcyAmqdqF +npf0HXXOoUbsstUL1EJ9SxdWN5nus8CvPf+o3h0Tcpc0NLwxutXUDIoXV++5rfgO +lh2oXsxBzWqChKqjAwiyMSX6d1WQ2OqWalchNkwRH0O8BIXR/LLwHewRM+6IoGmF +TzeV4sjb8+CuvxAWIj49IRZXBg4KSSySj5Cri749CCUVH9O+Ejl959F6sFjkJcRW +uP+26Pb8DI25aUPH+8yTD/TY5AidlLu/uTP5TI8MbX0gGhOXAoHAB0s/g7QLEiuf +KsbqhnH+6VWgjAMrlBI84lRM53UeM7YA2ww9np7lMMqGfHQPfWKKwMb3sTjRP5m0 +BWUpmP4Rivswhj1or8+7X7G2R4IYI34PjTMDlmsrihj4mVfpsi8eDhLEvBKDo+Nl +W/PImwd8eJtQLGw+dlFjnKbNFAUz42vcvDpK5jz1pfoXITzVvZNCoDFE7SUlzlJe +5dm68k56jbnvHP7gU+fCnxHlBbscWOE5HA17lA5tpJ1JUDrVea/4 +-----END RSA PRIVATE KEY----- diff --git a/sgx-jvm/noop-enclave/src/empty.edl b/sgx-jvm/noop-enclave/src/empty.edl new file mode 100644 index 0000000000..1cd0ca9792 --- /dev/null +++ b/sgx-jvm/noop-enclave/src/empty.edl @@ -0,0 +1,5 @@ +enclave { + trusted { + public void noop(); + }; +}; diff --git a/sgx-jvm/noop-enclave/src/noop_enclave.cpp b/sgx-jvm/noop-enclave/src/noop_enclave.cpp new file mode 100644 index 0000000000..ce14971beb --- /dev/null +++ b/sgx-jvm/noop-enclave/src/noop_enclave.cpp @@ -0,0 +1,3 @@ +extern "C" { + void noop() {} +}