Add noop-enclave

sgx-jvm/noop-enclave/CMakeLists.txt

@@ -0,0 +1,111 @@
+cmake_minimum_required(VERSION 3.5)
+
+set(SGX_SDK ${CMAKE_CURRENT_SOURCE_DIR}/../linux-sgx)
+set(SGX_LIBRARY_PATH ${SGX_SDK}/build/linux)
+set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fvisibility=hidden -fpie -fstack-protector")
+set(SGX_SIGN_TOOL ${SGX_SDK}/build/linux/sgx_sign)
+set(ENCLAVE_UNSIGNED_OUTPUT_LIB noop_enclave.so)
+set(ENCLAVE_BLOB_TO_SIGN noop_enclave_blob_to_sign.bin)
+set(ENCLAVE_SIGNED_OUTPUT_LIB noop_enclave.signed.so)
+set(PRIVATE_KEY_NAME selfsigning.pem)
+set(PUBLIC_KEY_NAME selfsigning.public.pem)
+set(NOOP_ENCLAVE noop_enclave_objects)
+set(SGX_SDK_INCLUDE ${SGX_SDK}/common/inc)
+set(GENERATED_RPC_DIR ${CMAKE_CURRENT_BINARY_DIR}/rpc)
+set(ENCLAVE_SIGNATURE noop_enclave.signature.sha256)
+
+set(GENERATED_EDL_FILES ${GENERATED_RPC_DIR}/empty_t.c ${GENERATED_RPC_DIR}/empty_t.h ${GENERATED_RPC_DIR}/empty_u.c ${GENERATED_RPC_DIR}/empty_u.h)
+add_custom_command(
+    OUTPUT ${GENERATED_EDL_FILES}
+    COMMAND edger8r --search-path ${CMAKE_CURRENT_SOURCE_DIR}/src --search-path ${SGX_SDK_INCLUDE} --trusted-dir ${GENERATED_RPC_DIR} --untrusted-dir ${GENERATED_RPC_DIR} ${CMAKE_CURRENT_SOURCE_DIR}/src/empty.edl
+    DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/src/empty.edl ${SGX_LIBRARY_PATH}/sgx_edger8r ${SGX_SDK_INCLUDE}
+)
+set_source_files_properties(${GENERATED_EDL_FILES} PROPERTIES GENERATED TRUE)
+add_custom_target(
+    GENERATED_EDL
+    DEPENDS ${GENERATED_EDL_FILES}
+)
+
+add_library(${NOOP_ENCLAVE} ${CMAKE_CURRENT_SOURCE_DIR}/src/noop_enclave.cpp ${GENERATED_RPC_DIR}/empty_t.c)
+add_dependencies(${NOOP_ENCLAVE} GENERATED_EDL)
+set_property(TARGET ${NOOP_ENCLAVE} PROPERTY POSITION_INDEPENDENT_CODE ON)
+target_include_directories(${NOOP_ENCLAVE} PUBLIC ${SGX_SDK_INCLUDE} ${SGX_SDK_INCLUDE}/tlibc ${GENERATED_RPC_DIR})
+target_compile_options(${NOOP_ENCLAVE} PUBLIC -nostdinc)
+
+add_executable(edger8r IMPORTED)
+set_target_properties(edger8r PROPERTIES IMPORTED_LOCATION ${SGX_LIBRARY_PATH}/sgx_edger8r)
+
+if(SGX_USE_HARDWARE)
+    set(TRTS_LIB "sgx_trts")
+    set(SGX_SERVICE_LIB "sgx_tservice")
+else()
+    set(TRTS_LIB "sgx_trts_sim")
+    set(SGX_SERVICE_LIB "sgx_tservice_sim")
+endif()
+
+set(ENCLAVE_LINKER_FLAGS
+        "-Wl,--no-undefined"
+        "-nostdlib"
+        "-nodefaultlibs"
+        "-nostartfiles"
+        "-L${SGX_LIBRARY_PATH}"
+        "-Wl,--whole-archive"
+            "-l${TRTS_LIB}"
+        "-Wl,--no-whole-archive"
+        "-Wl,--start-group"
+            "lib${NOOP_ENCLAVE}.a"
+            "-lsgx_tstdc"
+            "-lsgx_tstdcxx"
+            "-lsgx_tcrypto"
+            "-l${SGX_SERVICE_LIB}"
+        "-Wl,--end-group"
+        "-Wl,-Bstatic"
+        "-Wl,-Bsymbolic"
+        "-Wl,--no-undefined"
+        "-Wl,-pie,-eenclave_entry"
+        "-Wl,--export-dynamic"
+        "-Wl,--defsym,__ImageBase=0"
+        "-Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/linkerscript.lds"
+)
+
+add_custom_command(
+    OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_UNSIGNED_OUTPUT_LIB}
+    COMMAND ${CMAKE_CXX_COMPILER} -o ${ENCLAVE_UNSIGNED_OUTPUT_LIB} ${ENCLAVE_LINKER_FLAGS}
+    DEPENDS ${NOOP_ENCLAVE} ${SGX_LIBRARY_PATH}
+)
+
+add_executable(sgx_sign IMPORTED)
+set_target_properties(sgx_sign PROPERTIES IMPORTED_LOCATION ${SGX_SIGN_TOOL})
+
+# add_custom_command(
+#     OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_SIGNED_OUTPUT_LIB}
+#     COMMAND sgx_sign sign -key ${CMAKE_CURRENT_SOURCE_DIR}/${PRIVATE_KEY_NAME} -enclave ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_UNSIGNED_OUTPUT_LIB} -out ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_SIGNED_OUTPUT_LIB} -config ${CMAKE_CURRENT_SOURCE_DIR}/enclave.xml
+#     DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_UNSIGNED_OUTPUT_LIB} ${CMAKE_CURRENT_SOURCE_DIR}/${PRIVATE_KEY_NAME} ${CMAKE_CURRENT_SOURCE_DIR}/enclave.xml
+# )
+
+add_custom_command(
+    OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_BLOB_TO_SIGN}
+    COMMAND sgx_sign gendata -enclave ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_UNSIGNED_OUTPUT_LIB} -out ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_BLOB_TO_SIGN} -config ${CMAKE_CURRENT_SOURCE_DIR}/enclave.xml
+    DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_UNSIGNED_OUTPUT_LIB}
+)
+
+# TODO: replace with getting the pubkey from HSM
+add_custom_command(
+    OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/${PUBLIC_KEY_NAME}
+    COMMAND openssl rsa -in ${CMAKE_CURRENT_SOURCE_DIR}/${PRIVATE_KEY_NAME} -pubout -out ${CMAKE_CURRENT_BINARY_DIR}/${PUBLIC_KEY_NAME}
+)
+
+# TODO: replace with signing on HSM
+add_custom_command(
+    OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_SIGNATURE}
+    COMMAND openssl dgst -sha256 -sign ${CMAKE_CURRENT_SOURCE_DIR}/${PRIVATE_KEY_NAME} -out ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_SIGNATURE} ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_BLOB_TO_SIGN}
+    DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_BLOB_TO_SIGN}
+)
+
+add_custom_command(
+    OUTPUT ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_SIGNED_OUTPUT_LIB}
+    COMMAND sgx_sign catsig -enclave ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_UNSIGNED_OUTPUT_LIB} -key ${CMAKE_CURRENT_BINARY_DIR}/${PUBLIC_KEY_NAME} -sig ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_SIGNATURE} -unsigned ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_BLOB_TO_SIGN} -config ${CMAKE_CURRENT_SOURCE_DIR}/enclave.xml -out ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_SIGNED_OUTPUT_LIB}
+    DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_SIGNATURE} ${CMAKE_CURRENT_BINARY_DIR}/${PUBLIC_KEY_NAME}
+)
+
+add_custom_target(noop-enclave ALL DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/${ENCLAVE_SIGNED_OUTPUT_LIB})

sgx-jvm/noop-enclave/Makefile

@@ -0,0 +1,14 @@
+.PHONY: all
+all: build/noop-enclave.so
+
+build:
+	mkdir -p build
+
+build/Makefile: | build
+	cd build/ && cmake ..
+
+build/noop-enclave.so: build/Makefile
+	$(MAKE) -C $(<D) VERBOSE=1
+
+clean:
+	rm -rf build

sgx-jvm/noop-enclave/enclave.xml

@@ -0,0 +1,12 @@
+<EnclaveConfiguration>
+    <ProdID>0</ProdID>
+    <ISVSVN>0</ISVSVN>
+    <StackMaxSize>0x280000</StackMaxSize>
+    <HeapMaxSize>0xFF00000</HeapMaxSize>
+    <HeapExecutable>1</HeapExecutable>
+    <TCSNum>10</TCSNum>
+    <TCSPolicy>1</TCSPolicy>
+    <DisableDebug>0</DisableDebug>
+    <MiscSelect>0</MiscSelect>
+    <MiscMask>0xFFFFFFFF</MiscMask>
+</EnclaveConfiguration>

sgx-jvm/noop-enclave/linkerscript.lds

@@ -0,0 +1,9 @@
+noop_enclave.so
+{
+    global:
+        g_global_data_sim;
+        g_global_data;
+        enclave_entry;
+    local:
+        *;
+};

sgx-jvm/noop-enclave/selfsigning.pem

@@ -0,0 +1,39 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIG4wIBAAKCAYEA0WN8oK1vGpJDTt81rc5csT5umw1rIkiymw8c9v5J1Yn+tXNd
+GuaAqKj/xlbOtO4GjCvhOTsZnI0kklchrb4qYVs4SrLRecHjrwdACnwhgF/mkuMa
+D9eOhNwgoVQTOsuLF7lHdUEN429Q9ER81S3wuEpOlQgU81Qiyi3UHVpmvxqoelzB
+6ubDYWxCBGKpyGNflxcWE7Uic4Kp6S3b4gblRjmnuRipTV6aHh4vlKR69gNhGZst
+LO5L/bqMb+kGKTbR537ouq0R8nfkhUGroP62UPkg7Uq0BktAMdo1pAJlKC2Rnzyq
+kc3+05KWl+NSpEXN23BfPEL/Bx3AQ1lu0KlAuLTtT4zBkWqnAbo4UiP6/v+/o5L9
+RFu7oSQODTIrnfed7ojOll9SBxaG8jlXKx/o/ePoYfyDegzFyX1MkMY0fUrg8Li3
+CCzcDfPExl4r1gYEpVjACBBO8mBOsK3KSO6THm92bA7/alAEg7a5pTn/8NYwI6xH
+dLlGizJ6idIYWervAgEDAoIBgQCLl6hrHkoRtteJ6iPJND3LfvRnXkdsMHcSChNP
+VDE5BqnOTOi8masbG1Uu5InN9ARdcpYmJ2ZoXhhhj2vJKXGWPNAxzIumgUJ0r4AG
+/Wuq6pm3QhFf5Qmt6BXA4rd8h7IP0NpOK16Xn4tNgv3jc/XQMYm4sA33jWyGyTgT
+kZnUvHBRkyvx7yzrnYFYQcaFl5UPZLlieMGiVxvwyT1BWe4u0Rp7ZcYzlGa+vspj
+GFH5V5YREh4d9DKpJwhKm1lwzzVlnIjerY9e7hIlM5R54R4lWb+C4+LF/mwHL8eU
+Kp5EWno6+Hlr2TAnqLmZTunOG2uqfmJTvcP7G3KBTKd4WCk5IXYsJkIJBIzadp1F
+mgzTTHe65nspGKaLQZpdyzecR/JWRjgu/Z9oDkDCUThHBu80Qr3dM+/R9OdanP4S
+G3d3EjZKN6L151YOH/G5B1PiraX2f9BzZ9loP4OKvf103FCgg0z9sCb0j7n+g53l
+xdy8eJ06WiSaV679lTp9AO4ErlsCgcEA6izSkT/2N2KPTqyEfEka7MHLtwp80Q4M
+aK7OVR92bj70OSbtkwi5SunjBgoloAJhw3INq9c2Coz9/HJduviGVNBZWTOavOPf
+NXtBIAPwDwyyxdli5zQP/s+M0Zu+LML3chMSIwDJHRtY3iE6ycIhW1KBqF2VoIVJ
+jjRzw/t+wZqAE6Jmv/jZpyZ+pJuOUkPumELKfzpQzXuzJ+pMBCSH0DgI3LIu3ZLB
+jD5wNKHvgBRX7Qtw92fKG/wQKhUDK8gFAoHBAOTnSNtoxKywOf7HyG3j7iwwtfHq
+Yww/kb5ju/CjAVNm5g2hBtz/fU0rnSvizk8aSphAvhLPIwPnloT0FeEsfI4yYrQf
+w8b/9ISNC0m497MAWUVf4Z+CsdFyGa7lmgbIuvsMaCziGc3lzPCeR/bTYNQtSe3R
+Bh6YITNdW7GhgokVD23C29dZAVGdW4w3n6+9nRtWPNu6OAiFVjimghV/kl1yehLU
+lh3lq/my3JfvRVYM7F8Zn5XN9fLWkqQ7sCcdYwKBwQCcHeG2KqQk7F+JyFhS22dI
+gTJ6Bv3gtAhFyd7jak70KfgmGfO3WyYx8UIEBsPAAZaCTAkdOiQHCKlS9uknUFmN
+4DuQzRHTQpTOUitqrUq0syHZO5dEzV//NQiLvSlzLKT2t2FsqzC+Ejs+wNHb1sDn
+jFZwPmPAWNu0IvfX/P8rvFVibER/+zvExFRtvQmMLUm61zGqJuCI/SIanDKtba/g
+JVs9zB8+YdZdfvV4a/UADY/zXPX6RTFn/WAcDgIdMAMCgcEAmJowkkXYcyAmqdqF
+npf0HXXOoUbsstUL1EJ9SxdWN5nus8CvPf+o3h0Tcpc0NLwxutXUDIoXV++5rfgO
+lh2oXsxBzWqChKqjAwiyMSX6d1WQ2OqWalchNkwRH0O8BIXR/LLwHewRM+6IoGmF
+TzeV4sjb8+CuvxAWIj49IRZXBg4KSSySj5Cri749CCUVH9O+Ejl959F6sFjkJcRW
+uP+26Pb8DI25aUPH+8yTD/TY5AidlLu/uTP5TI8MbX0gGhOXAoHAB0s/g7QLEiuf
+KsbqhnH+6VWgjAMrlBI84lRM53UeM7YA2ww9np7lMMqGfHQPfWKKwMb3sTjRP5m0
+BWUpmP4Rivswhj1or8+7X7G2R4IYI34PjTMDlmsrihj4mVfpsi8eDhLEvBKDo+Nl
+W/PImwd8eJtQLGw+dlFjnKbNFAUz42vcvDpK5jz1pfoXITzVvZNCoDFE7SUlzlJe
+5dm68k56jbnvHP7gU+fCnxHlBbscWOE5HA17lA5tpJ1JUDrVea/4
+-----END RSA PRIVATE KEY-----

sgx-jvm/noop-enclave/src/empty.edl

@@ -0,0 +1,5 @@
+enclave {
+    trusted {
+        public void noop();
+    };
+};

sgx-jvm/noop-enclave/src/noop_enclave.cpp

@@ -0,0 +1,3 @@
+extern "C" {
+    void noop() {}
+}