ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2025-06-20 08:03:53 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Initial release of Intel SGX for Linux.

Browse Source 
This release is used in conjunction with the linux-sgx-driver Intial release:
https://github.com/01org/linux-sgx-driver
commit-id: 0e865ce5e6b297a787bcdc12d98bada8174be6d7

Intel-id: 33399

Signed-off-by: Angie Chinchilla <angie.v.chinchilla@intel.com>
This commit is contained in:
Angie Chinchilla
2016-06-23 18:51:53 -04:00
parent ba82cfcbb0
commit 9441de4c38
2767 changed files with 820699 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

219
SampleCode/LocalAttestation/.cproject Normal file
View File

@ -0,0 +1,219 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<?fileVersion 4.0.0?><cproject storage_type_id="org.eclipse.cdt.core.XmlProjectDescriptionStorage">
<storageModule moduleId="org.eclipse.cdt.core.settings">
<cconfiguration id="com.intel.sgx.configuration.Sim.Debug">
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.Sim.Debug" moduleId="org.eclipse.cdt.core.settings" name="SGX Debug Sim Mode">
<externalSettings/>
<extensions>
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
</extensions>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.Sim.Debug" name="SGX Debug Sim Mode" parent="com.intel.sgx.configuration.Sim.Debug">
<folderInfo id="com.intel.sgx.configuration.Sim.Debug.292452237" name="/" resourcePath="">
<toolChain id="com.intel.sgx.toolChain.Sim.Debug.1618485184" name="SGX GCC" superClass="com.intel.sgx.toolChain.Sim.Debug">
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.1039454044" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
<builder arguments="SGX_DEBUG=1 SGX_MODE=SIM -f Makefile" command="make" id="com.intel.sgx.builder2.1591862020" keepEnvironmentInBuildfile="false" name="Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder2"/>
<tool id="com.intel.sgx.compiler.1853780321" name="SGX GCC Compiler" superClass="com.intel.sgx.compiler">
<option id="com.intel.sgx.option.includePath.1427419865" superClass="com.intel.sgx.option.includePath" valueType="includePath">
<listOptionValue builtIn="false" value="/opt/intel/sgxsdk/include"/>
</option>
<inputType id="com.intel.sgx.inputType.1817588305" superClass="com.intel.sgx.inputType"/>
</tool>
</toolChain>
</folderInfo>
</configuration>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
</cconfiguration>
<cconfiguration id="com.intel.sgx.configuration.HW.Debug">
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.HW.Debug" moduleId="org.eclipse.cdt.core.settings" name="SGX Debug HW Mode">
<externalSettings/>
<extensions>
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
</extensions>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.HW.Debug" name="SGX Debug HW Mode" parent="com.intel.sgx.configuration.HW.Debug">
<folderInfo id="com.intel.sgx.configuration.HW.Debug.971320034" name="/" resourcePath="">
<toolChain id="com.intel.sgx.toolChain.HW.Debug.1761600540" name="SGX GCC" superClass="com.intel.sgx.toolChain.HW.Debug">
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.131147161" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
<builder arguments="SGX_DEBUG=1 SGX_MODE=HW -f Makefile" command="make" id="com.intel.sgx.builder1.1502087524" keepEnvironmentInBuildfile="false" name="Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder1"/>
<tool id="com.intel.sgx.compiler.1085280084" name="SGX GCC Compiler" superClass="com.intel.sgx.compiler">
<option id="com.intel.sgx.option.includePath.57165741" superClass="com.intel.sgx.option.includePath" valueType="includePath">
<listOptionValue builtIn="false" value="/opt/intel/sgxsdk/include"/>
</option>
<inputType id="com.intel.sgx.inputType.79844751" superClass="com.intel.sgx.inputType"/>
</tool>
</toolChain>
</folderInfo>
</configuration>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
</cconfiguration>
<cconfiguration id="com.intel.sgx.configuration.Sim.Release">
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.Sim.Release" moduleId="org.eclipse.cdt.core.settings" name="SGX Release Sim Mode">
<externalSettings/>
<extensions>
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
</extensions>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.Sim.Release" name="SGX Release Sim Mode" parent="com.intel.sgx.configuration.Sim.Release">
<folderInfo id="com.intel.sgx.configuration.Sim.Release.151408355" name="/" resourcePath="">
<toolChain id="com.intel.sgx.toolChain.Sim.Release.1055083183" name="SGX GCC" superClass="com.intel.sgx.toolChain.Sim.Release">
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.471419902" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
<builder arguments="SGX_DEBUG=0 SGX_MODE=SIM -f Makefile" command="make" id="com.intel.sgx.builder3.1151273037" keepEnvironmentInBuildfile="false" name="Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder3"/>
<tool id="com.intel.sgx.compiler.1302347316" name="SGX GCC Compiler" superClass="com.intel.sgx.compiler">
<option id="com.intel.sgx.option.includePath.1645761127" superClass="com.intel.sgx.option.includePath" valueType="includePath">
<listOptionValue builtIn="false" value="/opt/intel/sgxsdk/include"/>
</option>
<inputType id="com.intel.sgx.inputType.640775034" superClass="com.intel.sgx.inputType"/>
</tool>
</toolChain>
</folderInfo>
</configuration>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
</cconfiguration>
<cconfiguration id="com.intel.sgx.configuration.HW.Prerelease">
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.HW.Prerelease" moduleId="org.eclipse.cdt.core.settings" name="SGX Pre-release Release HW Mode">
<externalSettings/>
<extensions>
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
</extensions>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.HW.Prerelease" name="SGX Pre-release Release HW Mode" parent="com.intel.sgx.configuration.HW.Prerelease">
<folderInfo id="com.intel.sgx.configuration.HW.Prerelease.1418650208" name="/" resourcePath="">
<toolChain id="com.intel.sgx.toolChain.HW.Prerelease.1668578385" name="SGX GCC" superClass="com.intel.sgx.toolChain.HW.Prerelease">
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.977258758" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
<builder arguments="SGX_PRERELEASE=1 SGX_MODE=HW -f Makefile" command="make" id="com.intel.sgx.builder5.1888300852" keepEnvironmentInBuildfile="false" name="Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder5"/>
<tool id="com.intel.sgx.compiler.2113538546" name="SGX GCC Compiler" superClass="com.intel.sgx.compiler">
<option id="com.intel.sgx.option.includePath.904888562" superClass="com.intel.sgx.option.includePath" valueType="includePath">
<listOptionValue builtIn="false" value="/opt/intel/sgxsdk/include"/>
</option>
<inputType id="com.intel.sgx.inputType.283498732" superClass="com.intel.sgx.inputType"/>
</tool>
</toolChain>
</folderInfo>
</configuration>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
</cconfiguration>
<cconfiguration id="com.intel.sgx.configuration.HW.Release">
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.HW.Release" moduleId="org.eclipse.cdt.core.settings" name="SGX Release HW Mode">
<externalSettings/>
<extensions>
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
</extensions>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.HW.Release" name="SGX Release HW Mode" parent="com.intel.sgx.configuration.HW.Release">
<folderInfo id="com.intel.sgx.configuration.HW.Release.1657582763" name="/" resourcePath="">
<toolChain id="com.intel.sgx.toolChain.HW.Release.465410401" name="SGX GCC" superClass="com.intel.sgx.toolChain.HW.Release">
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.828352216" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
<builder arguments="SGX_DEBUG=0 SGX_MODE=HW -f Makefile" command="make" id="com.intel.sgx.builder6.714105790" keepEnvironmentInBuildfile="false" name="Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder6"/>
<tool id="com.intel.sgx.compiler.595797282" name="SGX GCC Compiler" superClass="com.intel.sgx.compiler">
<option id="com.intel.sgx.option.includePath.1385078253" superClass="com.intel.sgx.option.includePath" valueType="includePath">
<listOptionValue builtIn="false" value="/opt/intel/sgxsdk/include"/>
</option>
<inputType id="com.intel.sgx.inputType.463677873" superClass="com.intel.sgx.inputType"/>
</tool>
</toolChain>
</folderInfo>
</configuration>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
</cconfiguration>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<project id="SimpleEnclave.null.1312290154" name="SimpleEnclave"/>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.LanguageSettingsProviders"/>
<storageModule moduleId="refreshScope" versionNumber="2">
<configuration configurationName="SGX Debug HW Mode">
<resource resourceType="PROJECT" workspacePath="/SimpleEnclave"/>
</configuration>
<configuration configurationName="SGX Debug Sim Mode">
<resource resourceType="PROJECT" workspacePath="/SimpleEnclave"/>
</configuration>
<configuration configurationName="Debug">
<resource resourceType="PROJECT" workspacePath="/SimpleEnclave"/>
</configuration>
<configuration configurationName="Release">
<resource resourceType="PROJECT" workspacePath="/SimpleEnclave"/>
</configuration>
<configuration configurationName="SGX Release HW Mode">
<resource resourceType="PROJECT" workspacePath="/SimpleEnclave"/>
</configuration>
</storageModule>
<storageModule moduleId="scannerConfiguration">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
<scannerConfigBuildInfo instanceId="cdt.managedbuild.config.gnu.exe.release.680828348;cdt.managedbuild.config.gnu.exe.release.680828348.;cdt.managedbuild.tool.gnu.c.compiler.exe.release.2137539087;cdt.managedbuild.tool.gnu.c.compiler.input.762444756">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="com.intel.sgx.SGXtoolChain.977521771;com.intel.sgx.SGXtoolChain.977521771.100429378;com.intel.sgx.compiler.787445976;com.intel.sgx.inputType.1814458059">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.Sim.Release;com.intel.sgx.configuration.Sim.Release.151408355;com.intel.sgx.compiler.1302347316;com.intel.sgx.inputType.640775034">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="cdt.managedbuild.config.gnu.exe.debug.1377487595;cdt.managedbuild.config.gnu.exe.debug.1377487595.;cdt.managedbuild.tool.gnu.c.compiler.exe.debug.1972419354;cdt.managedbuild.tool.gnu.c.compiler.input.1480710981">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.HW.Release;com.intel.sgx.configuration.HW.Release.1657582763;com.intel.sgx.compiler.595797282;com.intel.sgx.inputType.463677873">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.Sim.Debug;com.intel.sgx.configuration.Sim.Debug.292452237;com.intel.sgx.compiler.1853780321;com.intel.sgx.inputType.1817588305">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.HW.Debug;com.intel.sgx.configuration.HW.Debug.971320034;com.intel.sgx.compiler.1085280084;com.intel.sgx.inputType.79844751">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.HW.Prerelease;com.intel.sgx.configuration.HW.Prerelease.1418650208;com.intel.sgx.compiler.2113538546;com.intel.sgx.inputType.283498732">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
</scannerConfigBuildInfo>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.internal.ui.text.commentOwnerProjectMappings"/>
</cproject>

28
SampleCode/LocalAttestation/.project Normal file
View File

@ -0,0 +1,28 @@
<?xml version="1.0" encoding="UTF-8"?>
<projectDescription>
<name>SimpleEnclave</name>
<comment></comment>
<projects>
</projects>
<buildSpec>
<buildCommand>
<name>org.eclipse.cdt.managedbuilder.core.genmakebuilder</name>
<triggers>clean,full,incremental,</triggers>
<arguments>
</arguments>
</buildCommand>
<buildCommand>
<name>org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder</name>
<triggers>full,incremental,</triggers>
<arguments>
</arguments>
</buildCommand>
</buildSpec>
<natures>
<nature>org.eclipse.cdt.core.cnature</nature>
<nature>org.eclipse.cdt.managedbuilder.core.managedBuildNature</nature>
<nature>org.eclipse.cdt.managedbuilder.core.ScannerConfigNature</nature>
<nature>org.eclipse.cdt.core.ccnature</nature>
<nature>com.intel.sgx.sgxnature</nature>
</natures>
</projectDescription>

446
SampleCode/LocalAttestation/App/App.cpp Normal file
View File

@ -0,0 +1,446 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
// App.cpp : Defines the entry point for the console application.
#include <stdio.h>
#include <map>
#include "../Enclave1/Enclave1_u.h"
#include "../Enclave2/Enclave2_u.h"
#include "../Enclave3/Enclave3_u.h"
#include "sgx_eid.h"
#include "sgx_urts.h"
#define UNUSED(val) (void)(val)
#define TCHAR char
#define _TCHAR char
#define _T(str) str
#define scanf_s scanf
#define _tmain main
extern std::map<sgx_enclave_id_t, uint32_t>g_enclave_id_map;
sgx_enclave_id_t e1_enclave_id = 0;
sgx_enclave_id_t e2_enclave_id = 0;
sgx_enclave_id_t e3_enclave_id = 0;
#define ENCLAVE1_PATH "libenclave1.so"
#define ENCLAVE2_PATH "libenclave2.so"
#define ENCLAVE3_PATH "libenclave3.so"
void waitForKeyPress()
{
uint8_t ch;
printf("\n\nHit a key....\n");
scanf_s("%c", &ch);
}
uint32_t load_enclaves()
{
uint32_t enclave_temp_no;
int ret, launch_token_updated;
sgx_launch_token_t launch_token;
enclave_temp_no = 0;
ret = sgx_create_enclave(ENCLAVE1_PATH, SGX_DEBUG_FLAG, &launch_token, &launch_token_updated, &e1_enclave_id, NULL);
if (ret != SGX_SUCCESS) {
return ret;
}
enclave_temp_no++;
g_enclave_id_map.insert(std::pair<sgx_enclave_id_t, uint32_t>(e1_enclave_id, enclave_temp_no));
ret = sgx_create_enclave(ENCLAVE2_PATH, SGX_DEBUG_FLAG, &launch_token, &launch_token_updated, &e2_enclave_id, NULL);
if (ret != SGX_SUCCESS) {
return ret;
}
enclave_temp_no++;
g_enclave_id_map.insert(std::pair<sgx_enclave_id_t, uint32_t>(e2_enclave_id, enclave_temp_no));
ret = sgx_create_enclave(ENCLAVE3_PATH, SGX_DEBUG_FLAG, &launch_token, &launch_token_updated, &e3_enclave_id, NULL);
if (ret != SGX_SUCCESS) {
return ret;
}
enclave_temp_no++;
g_enclave_id_map.insert(std::pair<sgx_enclave_id_t, uint32_t>(e3_enclave_id, enclave_temp_no));
return SGX_SUCCESS;
}
int _tmain(int argc, _TCHAR* argv[])
{
uint32_t ret_status;
sgx_status_t status;
UNUSED(argc);
UNUSED(argv);
if(load_enclaves() != SGX_SUCCESS)
{
printf("\nLoad Enclave Failure");
}
printf("\nAvaliable Enclaves");
printf("\nEnclave1 - EnclaveID %llx",e1_enclave_id);
printf("\nEnclave2 - EnclaveID %llx",e2_enclave_id);
printf("\nEnclave3 - EnclaveID %llx",e3_enclave_id);
do
{
//Test Create session between Enclave1(Source) and Enclave2(Destination)
status = Enclave1_test_create_session(e1_enclave_id, &ret_status, e1_enclave_id, e2_enclave_id);
if (status!=SGX_SUCCESS)
{
printf("Enclave1_test_create_session Ecall failed: Error code is %x", status);
break;
}
else
{
if(ret_status==0)
{
printf("\n\nSecure Channel Establishment between Source (E1) and Destination (E2) Enclaves successful !!!");
}
else
{
printf("\nSession establishment and key exchange failure between Source (E1) and Destination (E2): Error code is %x", ret_status);
break;
}
}
//Test Enclave to Enclave call between Enclave1(Source) and Enclave2(Destination)
status = Enclave1_test_enclave_to_enclave_call(e1_enclave_id, &ret_status, e1_enclave_id, e2_enclave_id);
if (status!=SGX_SUCCESS)
{
printf("Enclave1_test_enclave_to_enclave_call Ecall failed: Error code is %x", status);
break;
}
else
{
if(ret_status==0)
{
printf("\n\nEnclave to Enclave Call between Source (E1) and Destination (E2) Enclaves successful !!!");
}
else
{
printf("\n\nEnclave to Enclave Call failure between Source (E1) and Destination (E2): Error code is %x", ret_status);
break;
}
}
//Test message exchange between Enclave1(Source) and Enclave2(Destination)
status = Enclave1_test_message_exchange(e1_enclave_id, &ret_status, e1_enclave_id, e2_enclave_id);
if (status!=SGX_SUCCESS)
{
printf("Enclave1_test_message_exchange Ecall failed: Error code is %x", status);
break;
}
else
{
if(ret_status==0)
{
printf("\n\nMessage Exchange between Source (E1) and Destination (E2) Enclaves successful !!!");
}
else
{
printf("\n\nMessage Exchange failure between Source (E1) and Destination (E2): Error code is %x", ret_status);
break;
}
}
//Test Create session between Enclave1(Source) and Enclave3(Destination)
status = Enclave1_test_create_session(e1_enclave_id, &ret_status, e1_enclave_id, e3_enclave_id);
if (status!=SGX_SUCCESS)
{
printf("Enclave1_test_create_session Ecall failed: Error code is %x", status);
break;
}
else
{
if(ret_status==0)
{
printf("\n\nSecure Channel Establishment between Source (E1) and Destination (E3) Enclaves successful !!!");
}
else
{
printf("\n\nSession establishment and key exchange failure between Source (E1) and Destination (E3): Error code is %x", ret_status);
break;
}
}
//Test Enclave to Enclave call between Enclave1(Source) and Enclave3(Destination)
status = Enclave1_test_enclave_to_enclave_call(e1_enclave_id, &ret_status, e1_enclave_id, e3_enclave_id);
if (status!=SGX_SUCCESS)
{
printf("Enclave1_test_enclave_to_enclave_call Ecall failed: Error code is %x", status);
break;
}
else
{
if(ret_status==0)
{
printf("\n\nEnclave to Enclave Call between Source (E1) and Destination (E3) Enclaves successful !!!");
}
else
{
printf("\n\nEnclave to Enclave Call failure between Source (E1) and Destination (E3): Error code is %x", ret_status);
break;
}
}
//Test message exchange between Enclave1(Source) and Enclave3(Destination)
status = Enclave1_test_message_exchange(e1_enclave_id, &ret_status, e1_enclave_id, e3_enclave_id);
if (status!=SGX_SUCCESS)
{
printf("Enclave1_test_message_exchange Ecall failed: Error code is %x", status);
break;
}
else
{
if(ret_status==0)
{
printf("\n\nMessage Exchange between Source (E1) and Destination (E3) Enclaves successful !!!");
}
else
{
printf("\n\nMessage Exchange failure between Source (E1) and Destination (E3): Error code is %x", ret_status);
break;
}
}
//Test Create session between Enclave2(Source) and Enclave3(Destination)
status = Enclave2_test_create_session(e2_enclave_id, &ret_status, e2_enclave_id, e3_enclave_id);
if (status!=SGX_SUCCESS)
{
printf("Enclave2_test_create_session Ecall failed: Error code is %x", status);
break;
}
else
{
if(ret_status==0)
{
printf("\n\nSecure Channel Establishment between Source (E2) and Destination (E3) Enclaves successful !!!");
}
else
{
printf("\n\nSession establishment and key exchange failure between Source (E2) and Destination (E3): Error code is %x", ret_status);
break;
}
}
//Test Enclave to Enclave call between Enclave2(Source) and Enclave3(Destination)
status = Enclave2_test_enclave_to_enclave_call(e2_enclave_id, &ret_status, e2_enclave_id, e3_enclave_id);
if (status!=SGX_SUCCESS)
{
printf("Enclave2_test_enclave_to_enclave_call Ecall failed: Error code is %x", status);
break;
}
else
{
if(ret_status==0)
{
printf("\n\nEnclave to Enclave Call between Source (E2) and Destination (E3) Enclaves successful !!!");
}
else
{
printf("\n\nEnclave to Enclave Call failure between Source (E2) and Destination (E3): Error code is %x", ret_status);
break;
}
}
//Test message exchange between Enclave2(Source) and Enclave3(Destination)
status = Enclave2_test_message_exchange(e2_enclave_id, &ret_status, e2_enclave_id, e3_enclave_id);
if (status!=SGX_SUCCESS)
{
printf("Enclave2_test_message_exchange Ecall failed: Error code is %x", status);
break;
}
else
{
if(ret_status==0)
{
printf("\n\nMessage Exchange between Source (E2) and Destination (E3) Enclaves successful !!!");
}
else
{
printf("\n\nMessage Exchange failure between Source (E2) and Destination (E3): Error code is %x", ret_status);
break;
}
}
//Test Create session between Enclave3(Source) and Enclave1(Destination)
status = Enclave3_test_create_session(e3_enclave_id, &ret_status, e3_enclave_id, e1_enclave_id);
if (status!=SGX_SUCCESS)
{
printf("Enclave3_test_create_session Ecall failed: Error code is %x", status);
break;
}
else
{
if(ret_status==0)
{
printf("\n\nSecure Channel Establishment between Source (E3) and Destination (E1) Enclaves successful !!!");
}
else
{
printf("\n\nSession establishment and key exchange failure between Source (E3) and Destination (E1): Error code is %x", ret_status);
break;
}
}
//Test Enclave to Enclave call between Enclave3(Source) and Enclave1(Destination)
status = Enclave3_test_enclave_to_enclave_call(e3_enclave_id, &ret_status, e3_enclave_id, e1_enclave_id);
if (status!=SGX_SUCCESS)
{
printf("Enclave3_test_enclave_to_enclave_call Ecall failed: Error code is %x", status);
break;
}
else
{
if(ret_status==0)
{
printf("\n\nEnclave to Enclave Call between Source (E3) and Destination (E1) Enclaves successful !!!");
}
else
{
printf("\n\nEnclave to Enclave Call failure between Source (E3) and Destination (E1): Error code is %x", ret_status);
break;
}
}
//Test message exchange between Enclave3(Source) and Enclave1(Destination)
status = Enclave3_test_message_exchange(e3_enclave_id, &ret_status, e3_enclave_id, e1_enclave_id);
if (status!=SGX_SUCCESS)
{
printf("Enclave3_test_message_exchange Ecall failed: Error code is %x", status);
break;
}
else
{
if(ret_status==0)
{
printf("\n\nMessage Exchange between Source (E3) and Destination (E1) Enclaves successful !!!");
}
else
{
printf("\n\nMessage Exchange failure between Source (E3) and Destination (E1): Error code is %x", ret_status);
break;
}
}
//Test Closing Session between Enclave1(Source) and Enclave2(Destination)
status = Enclave1_test_close_session(e1_enclave_id, &ret_status, e1_enclave_id, e2_enclave_id);
if (status!=SGX_SUCCESS)
{
printf("Enclave1_test_close_session Ecall failed: Error code is %x", status);
break;
}
else
{
if(ret_status==0)
{
printf("\n\nClose Session between Source (E1) and Destination (E2) Enclaves successful !!!");
}
else
{
printf("\n\nClose session failure between Source (E1) and Destination (E2): Error code is %x", ret_status);
break;
}
}
//Test Closing Session between Enclave1(Source) and Enclave3(Destination)
status = Enclave1_test_close_session(e1_enclave_id, &ret_status, e1_enclave_id, e3_enclave_id);
if (status!=SGX_SUCCESS)
{
printf("Enclave1_test_close_session Ecall failed: Error code is %x", status);
break;
}
else
{
if(ret_status==0)
{
printf("\n\nClose Session between Source (E1) and Destination (E3) Enclaves successful !!!");
}
else
{
printf("\n\nClose session failure between Source (E1) and Destination (E3): Error code is %x", ret_status);
break;
}
}
//Test Closing Session between Enclave2(Source) and Enclave3(Destination)
status = Enclave2_test_close_session(e2_enclave_id, &ret_status, e2_enclave_id, e3_enclave_id);
if (status!=SGX_SUCCESS)
{
printf("Enclave2_test_close_session Ecall failed: Error code is %x", status);
break;
}
else
{
if(ret_status==0)
{
printf("\n\nClose Session between Source (E2) and Destination (E3) Enclaves successful !!!");
}
else
{
printf("\n\nClose session failure between Source (E2) and Destination (E3): Error code is %x", ret_status);
break;
}
}
//Test Closing Session between Enclave3(Source) and Enclave1(Destination)
status = Enclave3_test_close_session(e3_enclave_id, &ret_status, e3_enclave_id, e1_enclave_id);
if (status!=SGX_SUCCESS)
{
printf("Enclave3_test_close_session Ecall failed: Error code is %x", status);
break;
}
else
{
if(ret_status==0)
{
printf("\n\nClose Session between Source (E3) and Destination (E1) Enclaves successful !!!");
}
else
{
printf("\n\nClose session failure between Source (E3) and Destination (E1): Error code is %x", ret_status);
break;
}
}
#pragma warning (push)
#pragma warning (disable : 4127)
}while(0);
#pragma warning (pop)
sgx_destroy_enclave(e1_enclave_id);
sgx_destroy_enclave(e2_enclave_id);
sgx_destroy_enclave(e3_enclave_id);
waitForKeyPress();
return 0;
}

11
SampleCode/LocalAttestation/Enclave1/Enclave1.config.xml Normal file
View File

@ -0,0 +1,11 @@
<EnclaveConfiguration>
<ProdID>0</ProdID>
<ISVSVN>0</ISVSVN>
<StackMaxSize>0x40000</StackMaxSize>
<HeapMaxSize>0x100000</HeapMaxSize>
<TCSNum>1</TCSNum>
<TCSPolicy>1</TCSPolicy>
<DisableDebug>0</DisableDebug>
<MiscSelect>0</MiscSelect>
<MiscMask>0xFFFFFFFF</MiscMask>
</EnclaveConfiguration>

373
SampleCode/LocalAttestation/Enclave1/Enclave1.cpp Normal file
View File

@ -0,0 +1,373 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
// Enclave1.cpp : Defines the exported functions for the .so application
#include "sgx_eid.h"
#include "Enclave1_t.h"
#include "EnclaveMessageExchange.h"
#include "error_codes.h"
#include "Utility_E1.h"
#include "sgx_thread.h"
#include "sgx_dh.h"
#include <map>
#define UNUSED(val) (void)(val)
std::map<sgx_enclave_id_t, dh_session_t>g_src_session_info_map;
static uint32_t e1_foo1_wrapper(ms_in_msg_exchange_t *ms, size_t param_lenth, char** resp_buffer, size_t* resp_length);
//Function pointer table containing the list of functions that the enclave exposes
const struct {
size_t num_funcs;
const void* table[1];
} func_table = {
1,
{
(const void*)e1_foo1_wrapper,
}
};
//Makes use of the sample code function to establish a secure channel with the destination enclave (Test Vector)
uint32_t test_create_session(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id)
{
ATTESTATION_STATUS ke_status = SUCCESS;
dh_session_t dest_session_info;
//Core reference code function for creating a session
ke_status = create_session(src_enclave_id, dest_enclave_id, &dest_session_info);
//Insert the session information into the map under the corresponding destination enclave id
if(ke_status == SUCCESS)
{
g_src_session_info_map.insert(std::pair<sgx_enclave_id_t, dh_session_t>(dest_enclave_id, dest_session_info));
}
memset(&dest_session_info, 0, sizeof(dh_session_t));
return ke_status;
}
//Makes use of the sample code function to do an enclave to enclave call (Test Vector)
uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id)
{
ATTESTATION_STATUS ke_status = SUCCESS;
uint32_t var1,var2;
uint32_t target_fn_id, msg_type;
char* marshalled_inp_buff;
size_t marshalled_inp_buff_len;
char* out_buff;
size_t out_buff_len;
dh_session_t *dest_session_info;
size_t max_out_buff_size;
char* retval;
var1 = 0x4;
var2 = 0x5;
target_fn_id = 0;
msg_type = ENCLAVE_TO_ENCLAVE_CALL;
max_out_buff_size = 50;
//Marshals the input parameters for calling function foo1 in Enclave2 into a input buffer
ke_status = marshal_input_parameters_e2_foo1(target_fn_id, msg_type, var1, var2, &marshalled_inp_buff, &marshalled_inp_buff_len);
if(ke_status != SUCCESS)
{
return ke_status;
}
//Search the map for the session information associated with the destination enclave id of Enclave2 passed in
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
if(it != g_src_session_info_map.end())
{
dest_session_info = &it->second;
}
else
{
SAFE_FREE(marshalled_inp_buff);
return INVALID_SESSION;
}
//Core Reference Code function
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
if(ke_status != SUCCESS)
{
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
return ke_status;
}
//Un-marshal the return value and output parameters from foo1 of Enclave 2
ke_status = unmarshal_retval_and_output_parameters_e2_foo1(out_buff, &retval);
if(ke_status != SUCCESS)
{
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
return ke_status;
}
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
SAFE_FREE(retval);
return SUCCESS;
}
//Makes use of the sample code function to do a generic secret message exchange (Test Vector)
uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id)
{
ATTESTATION_STATUS ke_status = SUCCESS;
uint32_t target_fn_id, msg_type;
char* marshalled_inp_buff;
size_t marshalled_inp_buff_len;
char* out_buff;
size_t out_buff_len;
dh_session_t *dest_session_info;
size_t max_out_buff_size;
char* secret_response;
uint32_t secret_data;
target_fn_id = 0;
msg_type = MESSAGE_EXCHANGE;
max_out_buff_size = 50;
secret_data = 0x12345678; //Secret Data here is shown only for purpose of demonstration.
//Marshals the secret data into a buffer
ke_status = marshal_message_exchange_request(target_fn_id, msg_type, secret_data, &marshalled_inp_buff, &marshalled_inp_buff_len);
if(ke_status != SUCCESS)
{
return ke_status;
}
//Search the map for the session information associated with the destination enclave id passed in
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
if(it != g_src_session_info_map.end())
{
dest_session_info = &it->second;
}
else
{
SAFE_FREE(marshalled_inp_buff);
return INVALID_SESSION;
}
//Core Reference Code function
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
if(ke_status != SUCCESS)
{
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
return ke_status;
}
//Un-marshal the secret response data
ke_status = umarshal_message_exchange_response(out_buff, &secret_response);
if(ke_status != SUCCESS)
{
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
return ke_status;
}
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
SAFE_FREE(secret_response);
return SUCCESS;
}
//Makes use of the sample code function to close a current session
uint32_t test_close_session(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id)
{
dh_session_t dest_session_info;
ATTESTATION_STATUS ke_status = SUCCESS;
//Search the map for the session information associated with the destination enclave id passed in
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
if(it != g_src_session_info_map.end())
{
dest_session_info = it->second;
}
else
{
return NULL;
}
//Core reference code function for closing a session
ke_status = close_session(src_enclave_id, dest_enclave_id);
//Erase the session information associated with the destination enclave id
g_src_session_info_map.erase(dest_enclave_id);
return ke_status;
}
//Function that is used to verify the trust of the other enclave
//Each enclave can have its own way verifying the peer enclave identity
extern "C" uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity)
{
if(!peer_enclave_identity)
{
return INVALID_PARAMETER_ERROR;
}
if(peer_enclave_identity->isv_prod_id != 0 || !(peer_enclave_identity->attributes.flags & SGX_FLAGS_INITTED))
// || peer_enclave_identity->attributes.xfrm !=3)// || peer_enclave_identity->mr_signer != xx //TODO: To be hardcoded with values to check
{
return ENCLAVE_TRUST_ERROR;
}
else
{
return SUCCESS;
}
}
//Dispatcher function that calls the approriate enclave function based on the function id
//Each enclave can have its own way of dispatching the calls from other enclave
extern "C" uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data,
size_t decrypted_data_length,
char** resp_buffer,
size_t* resp_length)
{
ms_in_msg_exchange_t *ms;
uint32_t (*fn1)(ms_in_msg_exchange_t *ms, size_t, char**, size_t*);
if(!decrypted_data || !resp_length)
{
return INVALID_PARAMETER_ERROR;
}
ms = (ms_in_msg_exchange_t *)decrypted_data;
if(ms->target_fn_id >= func_table.num_funcs)
{
return INVALID_PARAMETER_ERROR;
}
fn1 = (uint32_t (*)(ms_in_msg_exchange_t*, size_t, char**, size_t*))func_table.table[ms->target_fn_id];
return fn1(ms, decrypted_data_length, resp_buffer, resp_length);
}
//Operates on the input secret and generates the output secret
uint32_t get_message_exchange_response(uint32_t inp_secret_data)
{
uint32_t secret_response;
//User should use more complex encryption method to protect their secret, below is just a simple example
secret_response = inp_secret_data & 0x11111111;
return secret_response;
}
//Generates the response from the request message
extern "C" uint32_t message_exchange_response_generator(char* decrypted_data,
char** resp_buffer,
size_t* resp_length)
{
ms_in_msg_exchange_t *ms;
uint32_t inp_secret_data;
uint32_t out_secret_data;
if(!decrypted_data || !resp_length)
{
return INVALID_PARAMETER_ERROR;
}
ms = (ms_in_msg_exchange_t *)decrypted_data;
if(umarshal_message_exchange_request(&inp_secret_data,ms) != SUCCESS)
return ATTESTATION_ERROR;
out_secret_data = get_message_exchange_response(inp_secret_data);
if(marshal_message_exchange_response(resp_buffer, resp_length, out_secret_data) != SUCCESS)
return MALLOC_ERROR;
return SUCCESS;
}
static uint32_t e1_foo1(external_param_struct_t *p_struct_var)
{
if(!p_struct_var)
{
return INVALID_PARAMETER_ERROR;
}
(p_struct_var->var1)++;
(p_struct_var->var2)++;
(p_struct_var->p_internal_struct->ivar1)++;
(p_struct_var->p_internal_struct->ivar2)++;
return (p_struct_var->var1 + p_struct_var->var2 + p_struct_var->p_internal_struct->ivar1 + p_struct_var->p_internal_struct->ivar2);
}
//Function which is executed on request from the source enclave
static uint32_t e1_foo1_wrapper(ms_in_msg_exchange_t *ms,
size_t param_lenth,
char** resp_buffer,
size_t* resp_length)
{
UNUSED(param_lenth);
uint32_t ret;
size_t len_data, len_ptr_data;
external_param_struct_t *p_struct_var;
internal_param_struct_t internal_struct_var;
if(!ms || !resp_length)
{
return INVALID_PARAMETER_ERROR;
}
p_struct_var = (external_param_struct_t*)malloc(sizeof(external_param_struct_t));
if(!p_struct_var)
return MALLOC_ERROR;
p_struct_var->p_internal_struct = &internal_struct_var;
if(unmarshal_input_parameters_e1_foo1(p_struct_var, ms) != SUCCESS)//can use the stack
{
SAFE_FREE(p_struct_var);
return ATTESTATION_ERROR;
}
ret = e1_foo1(p_struct_var);
len_data = sizeof(external_param_struct_t) - sizeof(p_struct_var->p_internal_struct);
len_ptr_data = sizeof(internal_struct_var);
if(marshal_retval_and_output_parameters_e1_foo1(resp_buffer, resp_length, ret, p_struct_var, len_data, len_ptr_data) != SUCCESS)
{
SAFE_FREE(p_struct_var);
return MALLOC_ERROR;
}
SAFE_FREE(p_struct_var);
return SUCCESS;
}

43
SampleCode/LocalAttestation/Enclave1/Enclave1.edl Normal file
View File

@ -0,0 +1,43 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
enclave {
include "sgx_eid.h"
from "../LocalAttestationCode/LocalAttestationCode.edl" import *;
from "sgx_tstdc.edl" import *;
trusted{
public uint32_t test_create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
public uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
public uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
public uint32_t test_close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
};
};

39
SampleCode/LocalAttestation/Enclave1/Enclave1_private.pem Normal file
View File

@ -0,0 +1,39 @@
-----BEGIN RSA PRIVATE KEY-----
MIIG4wIBAAKCAYEAuJh4w/KzndQhzEqwH6Ut/3BmOom5CN117KT1/cemEbDLPhn0
c5yjAfe4NL1qtGqz0RTK9X9BBSi89b6BrsM9S6c2cUJaeYAPrAtJ+IuzN/5BAmmf
RXbPccETd7rHvDdQ9KBRjCipTx+H0D5nOB76S5PZPVrduwrCmSqVFmLNVWWfPYQx
YewbJ2QfEfioICZFYR0Jou38mJqDTl+CH0gLAuQ4n1kdpQ3VGymzt3oUiPzf5ImJ
oZh5HjarRRiWV+cyNyXYJTnx0dOtFQDgd8HhniagbRB0ZOIt6599JjMkWGkVP0Ni
U/NIlXG5musU35GfLB8MbTcxblMNm9sMYz1R8y/eAreoPTXUhtK8NG2TEywRh3UP
RF9/jM9WczjQXxJ3RznKOwNVwg4cRY2AOqD2vb1iGSqyc/WMzVULgfclkcScp75/
Auz9Y6473CQvaxyrseSWHGwCG7KG1GxYE8Bg8T6OlYD4mzKggoMdwVLAzUepRaPZ
5hqRDZzbTGUxJ+GLAgEDAoIBgHsQUIKhzRPiwTLcdWpuHqpK7tGxJgXo+Uht+VPa
brZ13NQRTaJobKv6es3TnHhHIotjMfj/gK4bKKPUVnSCKN0aJEuBkaZVX8gHhqWy
d3qpgKxGai5PNPaAt6UnL9LPi03ANl1wcN9qWorURNAUpt0NO348k9IHLGYcY2RB
3jjuaikCy5adZ2+YFLalxWrELkC+BmyeqGW8V4mVAWowB1dC0Go7aRiz42dxInpR
YwX96phbsRZlphQkci4QZDqaIFg3ndzTO5bo704zaMcbWtEjmFrYRyb519tRoDkN
Y0rGwOxFANeRV5dSfGGLm7K5JztiuHN0nMu3PhY4LOV0SeZ4+5sYn0LzB2nyKqgy
/c3AA2OG34DEdGxxh94kD66iKFVPyJG38/gnu9CsGmrLl3n4fgutPEVIbPdSSjex
4Y9EQfcnqImPxTrpP9CqD208VPcQHD/uy8s9q3961Ew3RPdHMZ8amIJdXkOmPEme
KZ7SG+VENBaj8r038iq1mPzcWwKBwQDcvJg75LfVuKX+cWMrTO2+MFVcEFiZ/NB/
gh7mgL6lCleROVa9P6iR2Wn6vHq8nP5BkChehm/rXEG78fgXEMoArimF7FrrICfI
4yB0opDJz/tWrE/62impN7OR8Ce+RQThFj4RTnibQEEVt++JMUXFiMKLdWDSpC2i
tNWnlTOb7d89bk0yk62IoLElCZK/MIMxkCHBKW6YgrmvlPJKQwpA6Z3wQbUpE6Rb
9f8xJfxZGEJPH0s3Ds9A0CVuEt8OOXcCgcEA1hXTHhhgmb2gIUJgIcvrpkDmiLux
EG6ZoyLt6h5QwzScS6KKU1mcoJyVDd0wlt7mEXrPYYHWUWPuvpTQ8/4ZGMw7FCZe
bakhnwRbw36FlLwRG35wCF6nQO1XFBKRGto15ivfTyDvMpJBdtNpET5NwT/ifDF3
OWS7t6TGhtcfnvBad5S1AgGoAq+q/huFiBGpDbxJ+1xh0lNL5Z8nVypvPWomNpde
rpLuwRPEIb+GBfQ9Hp5AjRXVsPjKnkHsnl2NAoHBAJMoZX1DJTklw/72Qhzd89Qg
OOgK5bv94FUBae8Afxixj7YmOdN/xbaQ8VHS/H29/tZgGumu9UeS1n1L+roLMVXJ
cQPy50dqxTCXavhsYIaKp48diqc8G8YlImFKxSmDWJYO1AuJpbzVgLklSlt2LoOw
gbJOQIxtc8HN48UOImfz6ij0M3cNHlsVy24GYdTLAiEKwStw9GWse8pjTDGCBtXx
E/WBI3C3wuf5VMtuqDtlgYoU3M9fNNXgGPQMlLQmTwKBwQCOuTdpZZW708AWLEAW
h/Ju1e8F0nYK9GZswfPxaYsszb2HwbGM5mhrEw4JPiBklJlg/IpBATmLl/R/DeCi
qWYQiCdixD7zxhZqAufXqa5jKAtnqaAFlG+AnjoNYbYR5s6ZcpTfa0ohttZPN5tg
1DPWKpb9dk97mH0lGIRZ5L+/Sub6YyNWq8VXH8dUElkFYRtefYankuvhjN1Dv2+P
cZ9+RsQkZOnJt0nWDS1r1QQD+Ci/FCsIuTkgpdxpgUhpk7MCgcEAkfkmaBDb7DG2
Kc39R6ZZuPnV10w+WOpph7ugwcguG/E0wGq+jFWv6HFckCPeHT4BNtOk8Dem/kPp
teF51eAuFWEefj2tScvlSBBPcnla+WzMWXrlxVnajTt73w+oT2Ql//WhgREpsNfx
SvU80YPVu4GJfl+hhxBifLx+0FM20OESW93qFRc3p040bNrDY9JIZuly/y5zaiBa
mRZF9H8P+x3Lu5AJpdXQEOMZ/XJ/xkoWWjbTojkmgOmmZSMLd5Te
-----END RSA PRIVATE KEY-----

222
SampleCode/LocalAttestation/Enclave1/Utility_E1.cpp Normal file
View File

@ -0,0 +1,222 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include "sgx_eid.h"
#include "EnclaveMessageExchange.h"
#include "error_codes.h"
#include "Utility_E1.h"
#include "stdlib.h"
#include "string.h"
uint32_t marshal_input_parameters_e2_foo1(uint32_t target_fn_id, uint32_t msg_type, uint32_t var1, uint32_t var2, char** marshalled_buff, size_t* marshalled_buff_len)
{
ms_in_msg_exchange_t *ms;
size_t param_len, ms_len;
char *temp_buff;
param_len = sizeof(var1)+sizeof(var2);
temp_buff = (char*)malloc(param_len);
if(!temp_buff)
return MALLOC_ERROR;
memcpy(temp_buff,&var1,sizeof(var1));
memcpy(temp_buff+sizeof(var1),&var2,sizeof(var2));
ms_len = sizeof(ms_in_msg_exchange_t) + param_len;
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
if(!ms)
{
SAFE_FREE(temp_buff);
return MALLOC_ERROR;
}
ms->msg_type = msg_type;
ms->target_fn_id = target_fn_id;
ms->inparam_buff_len = (uint32_t)param_len;
memcpy(&ms->inparam_buff, temp_buff, param_len);
*marshalled_buff = (char*)ms;
*marshalled_buff_len = ms_len;
SAFE_FREE(temp_buff);
return SUCCESS;
}
uint32_t unmarshal_retval_and_output_parameters_e2_foo1(char* out_buff, char** retval)
{
size_t retval_len;
ms_out_msg_exchange_t *ms;
if(!out_buff)
return INVALID_PARAMETER_ERROR;
ms = (ms_out_msg_exchange_t *)out_buff;
retval_len = ms->retval_len;
*retval = (char*)malloc(retval_len);
if(!*retval)
return MALLOC_ERROR;
memcpy(*retval, ms->ret_outparam_buff, retval_len);
return SUCCESS;
}
uint32_t unmarshal_input_parameters_e1_foo1(external_param_struct_t *pstruct, ms_in_msg_exchange_t* ms)
{
char* buff;
size_t len;
if(!pstruct || !ms)
return INVALID_PARAMETER_ERROR;
buff = ms->inparam_buff;
len = ms->inparam_buff_len;
if(len != (sizeof(pstruct->var1)+sizeof(pstruct->var2)+sizeof(pstruct->p_internal_struct->ivar1)+sizeof(pstruct->p_internal_struct->ivar2)))
return ATTESTATION_ERROR;
memcpy(&pstruct->var1, buff, sizeof(pstruct->var1));
memcpy(&pstruct->var2, buff + sizeof(pstruct->var1), sizeof(pstruct->var2));
memcpy(&pstruct->p_internal_struct->ivar1, buff+(sizeof(pstruct->var1)+sizeof(pstruct->var2)), sizeof(pstruct->p_internal_struct->ivar1));
memcpy(&pstruct->p_internal_struct->ivar2, buff+(sizeof(pstruct->var1)+sizeof(pstruct->var2)+sizeof(pstruct->p_internal_struct->ivar1)), sizeof(pstruct->p_internal_struct->ivar2));
return SUCCESS;
}
uint32_t marshal_retval_and_output_parameters_e1_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval, external_param_struct_t *p_struct_var, size_t len_data, size_t len_ptr_data)
{
ms_out_msg_exchange_t *ms;
size_t param_len, ms_len, ret_param_len;;
char *temp_buff;
int* addr;
char* struct_data;
size_t retval_len;
if(!resp_length || !p_struct_var)
return INVALID_PARAMETER_ERROR;
retval_len = sizeof(retval);
struct_data = (char*)p_struct_var;
param_len = len_data + len_ptr_data;
ret_param_len = param_len + retval_len;
addr = *(int **)(struct_data + len_data);
temp_buff = (char*)malloc(ret_param_len);
if(!temp_buff)
return MALLOC_ERROR;
memcpy(temp_buff, &retval, sizeof(retval));
memcpy(temp_buff + sizeof(retval), struct_data, len_data);
memcpy(temp_buff + sizeof(retval) + len_data, addr, len_ptr_data);
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
if(!ms)
{
SAFE_FREE(temp_buff);
return MALLOC_ERROR;
}
ms->retval_len = (uint32_t)retval_len;
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
memcpy(&ms->ret_outparam_buff, temp_buff, ret_param_len);
*resp_buffer = (char*)ms;
*resp_length = ms_len;
SAFE_FREE(temp_buff);
return SUCCESS;
}
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len)
{
ms_in_msg_exchange_t *ms;
size_t secret_data_len, ms_len;
if(!marshalled_buff_len)
return INVALID_PARAMETER_ERROR;
secret_data_len = sizeof(secret_data);
ms_len = sizeof(ms_in_msg_exchange_t) + secret_data_len;
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
if(!ms)
return MALLOC_ERROR;
ms->msg_type = msg_type;
ms->target_fn_id = target_fn_id;
ms->inparam_buff_len = (uint32_t)secret_data_len;
memcpy(&ms->inparam_buff, &secret_data, secret_data_len);
*marshalled_buff = (char*)ms;
*marshalled_buff_len = ms_len;
return SUCCESS;
}
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms)
{
char* buff;
size_t len;
if(!inp_secret_data || !ms)
return INVALID_PARAMETER_ERROR;
buff = ms->inparam_buff;
len = ms->inparam_buff_len;
if(len != sizeof(uint32_t))
return ATTESTATION_ERROR;
memcpy(inp_secret_data, buff, sizeof(uint32_t));
return SUCCESS;
}
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response)
{
ms_out_msg_exchange_t *ms;
size_t secret_response_len, ms_len;
size_t retval_len, ret_param_len;
if(!resp_length)
return INVALID_PARAMETER_ERROR;
secret_response_len = sizeof(secret_response);
retval_len = secret_response_len;
ret_param_len = secret_response_len;
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
if(!ms)
return MALLOC_ERROR;
ms->retval_len = (uint32_t)retval_len;
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
memcpy(&ms->ret_outparam_buff, &secret_response, secret_response_len);
*resp_buffer = (char*)ms;
*resp_length = ms_len;
return SUCCESS;
}
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response)
{
size_t retval_len;
ms_out_msg_exchange_t *ms;
if(!out_buff)
return INVALID_PARAMETER_ERROR;
ms = (ms_out_msg_exchange_t *)out_buff;
retval_len = ms->retval_len;
*secret_response = (char*)malloc(retval_len);
if(!*secret_response)
{
return MALLOC_ERROR;
}
memcpy(*secret_response, ms->ret_outparam_buff, retval_len);
return SUCCESS;
}

65
SampleCode/LocalAttestation/Enclave1/Utility_E1.h Normal file
View File

@ -0,0 +1,65 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef UTILITY_E1_H__
#define UTILITY_E1_H__
#include "stdint.h"
typedef struct _internal_param_struct_t
{
uint32_t ivar1;
uint32_t ivar2;
}internal_param_struct_t;
typedef struct _external_param_struct_t
{
uint32_t var1;
uint32_t var2;
internal_param_struct_t *p_internal_struct;
}external_param_struct_t;
#ifdef __cplusplus
extern "C" {
#endif
uint32_t marshal_input_parameters_e2_foo1(uint32_t target_fn_id, uint32_t msg_type, uint32_t var1, uint32_t var2, char** marshalled_buff, size_t* marshalled_buff_len);
uint32_t unmarshal_retval_and_output_parameters_e2_foo1(char* out_buff, char** retval);
uint32_t unmarshal_input_parameters_e1_foo1(external_param_struct_t *pstruct, ms_in_msg_exchange_t* ms);
uint32_t marshal_retval_and_output_parameters_e1_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval, external_param_struct_t *p_struct_var, size_t len_data, size_t len_ptr_data);
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len);
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms);
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response);
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response);
#ifdef __cplusplus
}
#endif
#endif

11
SampleCode/LocalAttestation/Enclave2/Enclave2.config.xml Normal file
View File

@ -0,0 +1,11 @@
<EnclaveConfiguration>
<ProdID>0</ProdID>
<ISVSVN>0</ISVSVN>
<StackMaxSize>0x40000</StackMaxSize>
<HeapMaxSize>0x100000</HeapMaxSize>
<TCSNum>1</TCSNum>
<TCSPolicy>1</TCSPolicy>
<DisableDebug>0</DisableDebug>
<MiscSelect>0</MiscSelect>
<MiscMask>0xFFFFFFFF</MiscMask>
</EnclaveConfiguration>

339
SampleCode/LocalAttestation/Enclave2/Enclave2.cpp Normal file
View File

@ -0,0 +1,339 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
// Enclave2.cpp : Defines the exported functions for the DLL application
#include "sgx_eid.h"
#include "Enclave2_t.h"
#include "EnclaveMessageExchange.h"
#include "error_codes.h"
#include "Utility_E2.h"
#include "sgx_thread.h"
#include "sgx_dh.h"
#include <map>
#define UNUSED(val) (void)(val)
std::map<sgx_enclave_id_t, dh_session_t>g_src_session_info_map;
static uint32_t e2_foo1_wrapper(ms_in_msg_exchange_t *ms, size_t param_lenth, char** resp_buffer, size_t* resp_length);
//Function pointer table containing the list of functions that the enclave exposes
const struct {
size_t num_funcs;
const void* table[1];
} func_table = {
1,
{
(const void*)e2_foo1_wrapper,
}
};
//Makes use of the sample code function to establish a secure channel with the destination enclave
uint32_t test_create_session(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id)
{
ATTESTATION_STATUS ke_status = SUCCESS;
dh_session_t dest_session_info;
//Core reference code function for creating a session
ke_status = create_session(src_enclave_id, dest_enclave_id,&dest_session_info);
if(ke_status == SUCCESS)
{
//Insert the session information into the map under the corresponding destination enclave id
g_src_session_info_map.insert(std::pair<sgx_enclave_id_t, dh_session_t>(dest_enclave_id, dest_session_info));
}
memset(&dest_session_info, 0, sizeof(dh_session_t));
return ke_status;
}
//Makes use of the sample code function to do an enclave to enclave call (Test Vector)
uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id)
{
ATTESTATION_STATUS ke_status = SUCCESS;
param_struct_t *p_struct_var, struct_var;
uint32_t target_fn_id, msg_type;
char* marshalled_inp_buff;
size_t marshalled_inp_buff_len;
char* out_buff;
size_t out_buff_len;
dh_session_t *dest_session_info;
size_t max_out_buff_size;
char* retval;
max_out_buff_size = 50;
target_fn_id = 0;
msg_type = ENCLAVE_TO_ENCLAVE_CALL;
struct_var.var1 = 0x3;
struct_var.var2 = 0x4;
p_struct_var = &struct_var;
//Marshals the input parameters for calling function foo1 in Enclave3 into a input buffer
ke_status = marshal_input_parameters_e3_foo1(target_fn_id, msg_type, p_struct_var, &marshalled_inp_buff, &marshalled_inp_buff_len);
if(ke_status != SUCCESS)
{
return ke_status;
}
//Search the map for the session information associated with the destination enclave id passed in
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
if(it != g_src_session_info_map.end())
{
dest_session_info = &it->second;
}
else
{
SAFE_FREE(marshalled_inp_buff);
return INVALID_SESSION;
}
//Core Reference Code function
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
if(ke_status != SUCCESS)
{
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
return ke_status;
}
//Un-marshal the return value and output parameters from foo1 of Enclave3
ke_status = unmarshal_retval_and_output_parameters_e3_foo1(out_buff, p_struct_var, &retval);
if(ke_status != SUCCESS)
{
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
return ke_status;
}
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
SAFE_FREE(retval);
return SUCCESS;
}
//Makes use of the sample code function to do a generic secret message exchange (Test Vector)
uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id)
{
ATTESTATION_STATUS ke_status = SUCCESS;
uint32_t target_fn_id, msg_type;
char* marshalled_inp_buff;
size_t marshalled_inp_buff_len;
char* out_buff;
size_t out_buff_len;
dh_session_t *dest_session_info;
size_t max_out_buff_size;
char* secret_response;
uint32_t secret_data;
target_fn_id = 0;
msg_type = MESSAGE_EXCHANGE;
max_out_buff_size = 50;
secret_data = 0x12345678; //Secret Data here is shown only for purpose of demonstration.
//Marshals the secret data into a buffer
ke_status = marshal_message_exchange_request(target_fn_id, msg_type, secret_data, &marshalled_inp_buff, &marshalled_inp_buff_len);
if(ke_status != SUCCESS)
{
return ke_status;
}
//Search the map for the session information associated with the destination enclave id passed in
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
if(it != g_src_session_info_map.end())
{
dest_session_info = &it->second;
}
else
{
SAFE_FREE(marshalled_inp_buff);
return INVALID_SESSION;
}
//Core Reference Code function
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
if(ke_status != SUCCESS)
{
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
return ke_status;
}
//Un-marshal the secret response data
ke_status = umarshal_message_exchange_response(out_buff, &secret_response);
if(ke_status != SUCCESS)
{
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
return ke_status;
}
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
SAFE_FREE(secret_response);
return SUCCESS;
}
//Makes use of the sample code function to close a current session
uint32_t test_close_session(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id)
{
dh_session_t dest_session_info;
ATTESTATION_STATUS ke_status = SUCCESS;
//Search the map for the session information associated with the destination enclave id passed in
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
if(it != g_src_session_info_map.end())
{
dest_session_info = it->second;
}
else
{
return NULL;
}
//Core reference code function for closing a session
ke_status = close_session(src_enclave_id, dest_enclave_id);
//Erase the session information associated with the destination enclave id
g_src_session_info_map.erase(dest_enclave_id);
return ke_status;
}
//Function that is used to verify the trust of the other enclave
//Each enclave can have its own way verifying the peer enclave identity
extern "C" uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity)
{
if(!peer_enclave_identity)
{
return INVALID_PARAMETER_ERROR;
}
if(peer_enclave_identity->isv_prod_id != 0 || !(peer_enclave_identity->attributes.flags & SGX_FLAGS_INITTED))
// || peer_enclave_identity->attributes.xfrm !=3)// || peer_enclave_identity->mr_signer != xx //TODO: To be hardcoded with values to check
{
return ENCLAVE_TRUST_ERROR;
}
else
{
return SUCCESS;
}
}
//Dispatch function that calls the approriate enclave function based on the function id
//Each enclave can have its own way of dispatching the calls from other enclave
extern "C" uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data,
size_t decrypted_data_length,
char** resp_buffer,
size_t* resp_length)
{
ms_in_msg_exchange_t *ms;
uint32_t (*fn1)(ms_in_msg_exchange_t *ms, size_t, char**, size_t*);
if(!decrypted_data || !resp_length)
{
return INVALID_PARAMETER_ERROR;
}
ms = (ms_in_msg_exchange_t *)decrypted_data;
if(ms->target_fn_id >= func_table.num_funcs)
{
return INVALID_PARAMETER_ERROR;
}
fn1 = (uint32_t (*)(ms_in_msg_exchange_t*, size_t, char**, size_t*))func_table.table[ms->target_fn_id];
return fn1(ms, decrypted_data_length, resp_buffer, resp_length);
}
//Operates on the input secret and generates the output secret
uint32_t get_message_exchange_response(uint32_t inp_secret_data)
{
uint32_t secret_response;
//User should use more complex encryption method to protect their secret, below is just a simple example
secret_response = inp_secret_data & 0x11111111;
return secret_response;
}
//Generates the response from the request message
extern "C" uint32_t message_exchange_response_generator(char* decrypted_data,
char** resp_buffer,
size_t* resp_length)
{
ms_in_msg_exchange_t *ms;
uint32_t inp_secret_data;
uint32_t out_secret_data;
if(!decrypted_data || !resp_length)
{
return INVALID_PARAMETER_ERROR;
}
ms = (ms_in_msg_exchange_t *)decrypted_data;
if(umarshal_message_exchange_request(&inp_secret_data,ms) != SUCCESS)
return ATTESTATION_ERROR;
out_secret_data = get_message_exchange_response(inp_secret_data);
if(marshal_message_exchange_response(resp_buffer, resp_length, out_secret_data) != SUCCESS)
return MALLOC_ERROR;
return SUCCESS;
}
static uint32_t e2_foo1(uint32_t var1, uint32_t var2)
{
return(var1 + var2);
}
//Function which is executed on request from the source enclave
static uint32_t e2_foo1_wrapper(ms_in_msg_exchange_t *ms,
size_t param_lenth,
char** resp_buffer,
size_t* resp_length)
{
UNUSED(param_lenth);
uint32_t var1,var2,ret;
if(!ms || !resp_length)
{
return INVALID_PARAMETER_ERROR;
}
if(unmarshal_input_parameters_e2_foo1(&var1, &var2, ms) != SUCCESS)
return ATTESTATION_ERROR;
ret = e2_foo1(var1, var2);
if(marshal_retval_and_output_parameters_e2_foo1(resp_buffer, resp_length, ret) != SUCCESS )
return MALLOC_ERROR; //can set resp buffer to null here
return SUCCESS;
}

43
SampleCode/LocalAttestation/Enclave2/Enclave2.edl Normal file
View File

@ -0,0 +1,43 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
enclave {
include "sgx_eid.h"
from "../LocalAttestationCode/LocalAttestationCode.edl" import *;
from "sgx_tstdc.edl" import *;
trusted{
public uint32_t test_create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
public uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
public uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
public uint32_t test_close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
};
};

39
SampleCode/LocalAttestation/Enclave2/Enclave2_private.pem Normal file
View File

@ -0,0 +1,39 @@
-----BEGIN RSA PRIVATE KEY-----
MIIG4gIBAAKCAYEAroOogvsj/fZDZY8XFdkl6dJmky0lRvnWMmpeH41Bla6U1qLZ
AmZuyIF+mQC/cgojIsrBMzBxb1kKqzATF4+XwPwgKz7fmiddmHyYz2WDJfAjIveJ
ZjdMjM4+EytGlkkJ52T8V8ds0/L2qKexJ+NBLxkeQLfV8n1mIk7zX7jguwbCG1Pr
nEMdJ3Sew20vnje+RsngAzdPChoJpVsWi/K7cettX/tbnre1DL02GXc5qJoQYk7b
3zkmhz31TgFrd9VVtmUGyFXAysuSAb3EN+5VnHGr0xKkeg8utErea2FNtNIgua8H
ONfm9Eiyaav1SVKzPHlyqLtcdxH3I8Wg7yqMsaprZ1n5A1v/levxnL8+It02KseD
5HqV4rf/cImSlCt3lpRg8U5E1pyFQ2IVEC/XTDMiI3c+AR+w2jSRB3Bwn9zJtFlW
KHG3m1xGI4ck+Lci1JvWWLXQagQSPtZTsubxTQNx1gsgZhgv1JHVZMdbVlAbbRMC
1nSuJNl7KPAS/VfzAgEDAoIBgHRXxaynbVP5gkO0ug6Qw/E27wzIw4SmjsxG6Wpe
K7kfDeRskKxESdsA/xCrKkwGwhcx1iIgS5+Qscd1Yg+1D9X9asd/P7waPmWoZd+Z
AhlKwhdPsO7PiF3e1AzHhGQwsUTt/Y/aSI1MpHBvy2/s1h9mFCslOUxTmWw0oj/Q
ldIEgWeNR72CE2+jFIJIyml6ftnb6qzPiga8Bm48ubKh0kvySOqnkmnPzgh+JBD6
JnBmtZbfPT97bwTT+N6rnPqOOApvfHPf15kWI8yDbprG1l4OCUaIUH1AszxLd826
5IPM+8gINLRDP1MA6azECPjTyHXhtnSIBZCyWSVkc05vYmNXYUNiXWMajcxW9M02
wKzFELO8NCEAkaTPxwo4SCyIjUxiK1LbQ9h8PSy4c1+gGP4LAMR8xqP4QKg6zdu9
osUGG/xRe/uufgTBFkcjqBHtK5L5VI0jeNIUAgW/6iNbYXjBMJ0GfauLs+g1VsOm
WfdgXzsb9DYdMa0OXXHypmV4GwKBwQDUwQj8RKJ6c8cT4vcWCoJvJF00+RFL+P3i
Gx2DLERxRrDa8AVGfqaCjsR+3vLgG8V/py+z+dxZYSqeB80Qeo6PDITcRKoeAYh9
xlT3LJOS+k1cJcEmlbbO2IjLkTmzSwa80fWexKu8/Xv6vv15gpqYl1ngYoqJM3pd
vzmTIOi7MKSZ0WmEQavrZj8zK4endE3v0eAEeQ55j1GImbypSf7Idh7wOXtjZ7WD
Dg6yWDrri+AP/L3gClMj8wsAxMV4ZR8CgcEA0fzDHkFa6raVOxWnObmRoDhAtE0a
cjUj976NM5yyfdf2MrKy4/RhdTiPZ6b08/lBC/+xRfV3xKVGzacm6QjqjZrUpgHC
0LKiZaMtccCJjLtPwQd0jGQEnKfMFaPsnhOc5y8qVkCzVOSthY5qhz0XNotHHFmJ
gffVgB0iqrMTvSL7IA2yqqpOqNRlhaYhNl8TiFP3gIeMtVa9rZy31JPgT2uJ+kfo
gV7sdTPEjPWZd7OshGxWpT6QfVDj/T9T7L6tAoHBAI3WBf2DFvxNL2KXT2QHAZ9t
k3imC4f7U+wSE6zILaDZyzygA4RUbwG0gv8/TJVn2P/Eynf76DuWHGlaiLWnCbSz
Az2DHBQBBaku409zDQym3j1ugMRjzzSQWzJg0SIyBH3hTmnYcn3+Uqcp/lEBvGW6
O+rsXFt3pukqJmIV8HzLGGaLm62BHUeZf3dyWm+i3p/hQAL7Xvu04QW70xuGqdr5
afV7p5eaeQIJXyGQJ0eylV/90+qxjMKiB1XYg6WYvwKBwQCL/ddpgOdHJGN8uRom
e7Zq0Csi3hGheMKlKbN3vcxT5U7MdyHtTZZOJbTvxKNNUNYH/8uD+PqDGNneb29G
BfGzvI3EASyLIcGZF3OhKwZd0jUrWk2y7Vhob91jwp2+t73vdMbkKyI4mHOuXvGv
fg95si9oO7EBT+Oqvhccd2J+F1IVXncccYnF4u5ZGWt5lLewN/pVr7MjjykeaHqN
t+rfnQam2psA6fL4zS2zTmZPzR2tnY8Y1GBTi0Ko1OKd1HMCgcAb5cB/7/AQlhP9
yQa04PLH9ygQkKKptZp7dy5WcWRx0K/hAHRoi2aw1wZqfm7VBNu2SLcs90kCCCxp
6C5sfJi6b8NpNbIPC+sc9wsFr7pGo9SFzQ78UlcWYK2Gu2FxlMjonhka5hvo4zvg
WxlpXKEkaFt3gLd92m/dMqBrHfafH7VwOJY2zT3WIpjwuk0ZzmRg5p0pG/svVQEH
NZmwRwlopysbR69B/n1nefJ84UO50fLh5s5Zr3gBRwbWNZyzhXk=
-----END RSA PRIVATE KEY-----

213
SampleCode/LocalAttestation/Enclave2/Utility_E2.cpp Normal file
View File

@ -0,0 +1,213 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include "sgx_eid.h"
#include "EnclaveMessageExchange.h"
#include "error_codes.h"
#include "Utility_E2.h"
#include "stdlib.h"
#include "string.h"
uint32_t marshal_input_parameters_e3_foo1(uint32_t target_fn_id, uint32_t msg_type, param_struct_t *p_struct_var, char** marshalled_buff, size_t* marshalled_buff_len)
{
ms_in_msg_exchange_t *ms;
size_t param_len, ms_len;
char *temp_buff;
if(!p_struct_var || !marshalled_buff_len)
return INVALID_PARAMETER_ERROR;
param_len = sizeof(param_struct_t);
temp_buff = (char*)malloc(param_len);
if(!temp_buff)
return MALLOC_ERROR;
memcpy(temp_buff, p_struct_var, sizeof(param_struct_t)); //can be optimized
ms_len = sizeof(ms_in_msg_exchange_t) + param_len;
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
if(!ms)
{
SAFE_FREE(temp_buff);
return MALLOC_ERROR;
}
ms->msg_type = msg_type;
ms->target_fn_id = target_fn_id;
ms->inparam_buff_len = (uint32_t)param_len;
memcpy(&ms->inparam_buff, temp_buff, param_len);
*marshalled_buff = (char*)ms;
*marshalled_buff_len = ms_len;
SAFE_FREE(temp_buff);
return SUCCESS;
}
uint32_t unmarshal_retval_and_output_parameters_e3_foo1(char* out_buff, param_struct_t *p_struct_var, char** retval)
{
size_t retval_len;
ms_out_msg_exchange_t *ms;
if(!out_buff)
return INVALID_PARAMETER_ERROR;
ms = (ms_out_msg_exchange_t *)out_buff;
retval_len = ms->retval_len;
*retval = (char*)malloc(retval_len);
if(!*retval)
{
return MALLOC_ERROR;
}
memcpy(*retval, ms->ret_outparam_buff, retval_len);
memcpy(&p_struct_var->var1, (ms->ret_outparam_buff) + retval_len, sizeof(p_struct_var->var1));
memcpy(&p_struct_var->var2, (ms->ret_outparam_buff) + retval_len + sizeof(p_struct_var->var1), sizeof(p_struct_var->var2));
return SUCCESS;
}
uint32_t unmarshal_input_parameters_e2_foo1(uint32_t* var1, uint32_t* var2, ms_in_msg_exchange_t* ms)
{
char* buff;
size_t len;
if(!var1 || !var2 || !ms)
return INVALID_PARAMETER_ERROR;
buff = ms->inparam_buff;
len = ms->inparam_buff_len;
if(len != (sizeof(*var1) + sizeof(*var2)))
return ATTESTATION_ERROR;
memcpy(var1, buff, sizeof(*var1));
memcpy(var2, buff + sizeof(*var1), sizeof(*var2));
return SUCCESS;
}
uint32_t marshal_retval_and_output_parameters_e2_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval)
{
ms_out_msg_exchange_t *ms;
size_t ret_param_len, ms_len;
char *temp_buff;
size_t retval_len;
if(!resp_length)
return INVALID_PARAMETER_ERROR;
retval_len = sizeof(retval);
ret_param_len = retval_len; //no out parameters
temp_buff = (char*)malloc(ret_param_len);
if(!temp_buff)
return MALLOC_ERROR;
memcpy(temp_buff, &retval, sizeof(retval));
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
if(!ms)
{
SAFE_FREE(temp_buff);
return MALLOC_ERROR;
}
ms->retval_len = (uint32_t)retval_len;
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
memcpy(&ms->ret_outparam_buff, temp_buff, ret_param_len);
*resp_buffer = (char*)ms;
*resp_length = ms_len;
SAFE_FREE(temp_buff);
return SUCCESS;
}
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len)
{
ms_in_msg_exchange_t *ms;
size_t secret_data_len, ms_len;
if(!marshalled_buff_len)
return INVALID_PARAMETER_ERROR;
secret_data_len = sizeof(secret_data);
ms_len = sizeof(ms_in_msg_exchange_t) + secret_data_len;
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
if(!ms)
return MALLOC_ERROR;
ms->msg_type = msg_type;
ms->target_fn_id = target_fn_id;
ms->inparam_buff_len = (uint32_t)secret_data_len;
memcpy(&ms->inparam_buff, &secret_data, secret_data_len);
*marshalled_buff = (char*)ms;
*marshalled_buff_len = ms_len;
return SUCCESS;
}
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms)
{
char* buff;
size_t len;
if(!inp_secret_data || !ms)
return INVALID_PARAMETER_ERROR;
buff = ms->inparam_buff;
len = ms->inparam_buff_len;
if(len != sizeof(uint32_t))
return ATTESTATION_ERROR;
memcpy(inp_secret_data, buff, sizeof(uint32_t));
return SUCCESS;
}
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response)
{
ms_out_msg_exchange_t *ms;
size_t secret_response_len, ms_len;
size_t retval_len, ret_param_len;
if(!resp_length)
return INVALID_PARAMETER_ERROR;
secret_response_len = sizeof(secret_response);
retval_len = secret_response_len;
ret_param_len = secret_response_len;
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
if(!ms)
return MALLOC_ERROR;
ms->retval_len = (uint32_t)retval_len;
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
memcpy(&ms->ret_outparam_buff, &secret_response, secret_response_len);
*resp_buffer = (char*)ms;
*resp_length = ms_len;
return SUCCESS;
}
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response)
{
size_t retval_len;
ms_out_msg_exchange_t *ms;
if(!out_buff)
return INVALID_PARAMETER_ERROR;
ms = (ms_out_msg_exchange_t *)out_buff;
retval_len = ms->retval_len;
*secret_response = (char*)malloc(retval_len);
if(!*secret_response)
{
return MALLOC_ERROR;
}
memcpy(*secret_response, ms->ret_outparam_buff, retval_len);
return SUCCESS;
}

59
SampleCode/LocalAttestation/Enclave2/Utility_E2.h Normal file
View File

@ -0,0 +1,59 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef UTILITY_E2_H__
#define UTILITY_E2_H__
#include "stdint.h"
typedef struct _param_struct_t
{
uint32_t var1;
uint32_t var2;
}param_struct_t;
#ifdef __cplusplus
extern "C" {
#endif
uint32_t marshal_input_parameters_e3_foo1(uint32_t target_fn_id, uint32_t msg_type, param_struct_t *p_struct_var, char** marshalled_buff, size_t* marshalled_buff_len);
uint32_t unmarshal_retval_and_output_parameters_e3_foo1(char* out_buff, param_struct_t *p_struct_var, char** retval);
uint32_t unmarshal_input_parameters_e2_foo1(uint32_t* var1, uint32_t* var2, ms_in_msg_exchange_t* ms);
uint32_t marshal_retval_and_output_parameters_e2_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval);
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len);
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms);
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response);
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response);
#ifdef __cplusplus
}
#endif
#endif

11
SampleCode/LocalAttestation/Enclave3/Enclave3.config.xml Normal file
View File

@ -0,0 +1,11 @@
<EnclaveConfiguration>
<ProdID>0</ProdID>
<ISVSVN>0</ISVSVN>
<StackMaxSize>0x40000</StackMaxSize>
<HeapMaxSize>0x100000</HeapMaxSize>
<TCSNum>1</TCSNum>
<TCSPolicy>1</TCSPolicy>
<DisableDebug>0</DisableDebug>
<MiscSelect>0</MiscSelect>
<MiscMask>0xFFFFFFFF</MiscMask>
</EnclaveConfiguration>

366
SampleCode/LocalAttestation/Enclave3/Enclave3.cpp Normal file
View File

@ -0,0 +1,366 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
// Enclave3.cpp : Defines the exported functions for the DLL application
#include "sgx_eid.h"
#include "Enclave3_t.h"
#include "EnclaveMessageExchange.h"
#include "error_codes.h"
#include "Utility_E3.h"
#include "sgx_thread.h"
#include "sgx_dh.h"
#include <map>
#define UNUSED(val) (void)(val)
std::map<sgx_enclave_id_t, dh_session_t>g_src_session_info_map;
static uint32_t e3_foo1_wrapper(ms_in_msg_exchange_t *ms, size_t param_lenth, char** resp_buffer, size_t* resp_length);
//Function pointer table containing the list of functions that the enclave exposes
const struct {
size_t num_funcs;
const void* table[1];
} func_table = {
1,
{
(const void*)e3_foo1_wrapper,
}
};
//Makes use of the sample code function to establish a secure channel with the destination enclave
uint32_t test_create_session(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id)
{
ATTESTATION_STATUS ke_status = SUCCESS;
dh_session_t dest_session_info;
//Core reference code function for creating a session
ke_status = create_session(src_enclave_id, dest_enclave_id,&dest_session_info);
if(ke_status == SUCCESS)
{
//Insert the session information into the map under the corresponding destination enclave id
g_src_session_info_map.insert(std::pair<sgx_enclave_id_t, dh_session_t>(dest_enclave_id, dest_session_info));
}
memset(&dest_session_info, 0, sizeof(dh_session_t));
return ke_status;
}
//Makes use of the sample code function to do an enclave to enclave call (Test Vector)
uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id)
{
ATTESTATION_STATUS ke_status = SUCCESS;
external_param_struct_t *p_struct_var, struct_var;
internal_param_struct_t internal_struct_var;
uint32_t target_fn_id, msg_type;
char* marshalled_inp_buff;
size_t marshalled_inp_buff_len;
char* out_buff;
size_t out_buff_len;
dh_session_t *dest_session_info;
size_t max_out_buff_size;
char* retval;
max_out_buff_size = 50;
msg_type = ENCLAVE_TO_ENCLAVE_CALL;
target_fn_id = 0;
internal_struct_var.ivar1 = 0x5;
internal_struct_var.ivar2 = 0x6;
struct_var.var1 = 0x3;
struct_var.var2 = 0x4;
struct_var.p_internal_struct = &internal_struct_var;
p_struct_var = &struct_var;
size_t len_data = sizeof(struct_var) - sizeof(struct_var.p_internal_struct);
size_t len_ptr_data = sizeof(internal_struct_var);
//Marshals the input parameters for calling function foo1 in Enclave1 into a input buffer
ke_status = marshal_input_parameters_e1_foo1(target_fn_id, msg_type, p_struct_var, len_data,
len_ptr_data, &marshalled_inp_buff, &marshalled_inp_buff_len);
if(ke_status != SUCCESS)
{
return ke_status;
}
//Search the map for the session information associated with the destination enclave id passed in
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
if(it != g_src_session_info_map.end())
{
dest_session_info = &it->second;
}
else
{
SAFE_FREE(marshalled_inp_buff);
return INVALID_SESSION;
}
//Core Reference Code function
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info,
marshalled_inp_buff, marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
if(ke_status != SUCCESS)
{
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
return ke_status;
}
////Un-marshal the return value and output parameters from foo1 of Enclave1
ke_status = unmarshal_retval_and_output_parameters_e1_foo1(out_buff, p_struct_var, &retval);
if(ke_status != SUCCESS)
{
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
return ke_status;
}
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
SAFE_FREE(retval);
return SUCCESS;
}
//Makes use of the sample code function to do a generic secret message exchange (Test Vector)
uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id)
{
ATTESTATION_STATUS ke_status = SUCCESS;
uint32_t target_fn_id, msg_type;
char* marshalled_inp_buff;
size_t marshalled_inp_buff_len;
char* out_buff;
size_t out_buff_len;
dh_session_t *dest_session_info;
size_t max_out_buff_size;
char* secret_response;
uint32_t secret_data;
target_fn_id = 0;
msg_type = MESSAGE_EXCHANGE;
max_out_buff_size = 50;
secret_data = 0x12345678; //Secret Data here is shown only for purpose of demonstration.
//Marshals the parameters into a buffer
ke_status = marshal_message_exchange_request(target_fn_id, msg_type, secret_data, &marshalled_inp_buff, &marshalled_inp_buff_len);
if(ke_status != SUCCESS)
{
return ke_status;
}
//Search the map for the session information associated with the destination enclave id passed in
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
if(it != g_src_session_info_map.end())
{
dest_session_info = &it->second;
}
else
{
SAFE_FREE(marshalled_inp_buff);
return INVALID_SESSION;
}
//Core Reference Code function
ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
if(ke_status != SUCCESS)
{
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
return ke_status;
}
//Un-marshal the secret response data
ke_status = umarshal_message_exchange_response(out_buff, &secret_response);
if(ke_status != SUCCESS)
{
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
return ke_status;
}
SAFE_FREE(marshalled_inp_buff);
SAFE_FREE(out_buff);
SAFE_FREE(secret_response);
return SUCCESS;
}
//Makes use of the sample code function to close a current session
uint32_t test_close_session(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id)
{
dh_session_t dest_session_info;
ATTESTATION_STATUS ke_status = SUCCESS;
//Search the map for the session information associated with the destination enclave id passed in
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
if(it != g_src_session_info_map.end())
{
dest_session_info = it->second;
}
else
{
return NULL;
}
//Core reference code function for closing a session
ke_status = close_session(src_enclave_id, dest_enclave_id);
//Erase the session information associated with the destination enclave id
g_src_session_info_map.erase(dest_enclave_id);
return ke_status;
}
//Function that is used to verify the trust of the other enclave
//Each enclave can have its own way verifying the peer enclave identity
extern "C" uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity)
{
if(!peer_enclave_identity)
{
return INVALID_PARAMETER_ERROR;
}
if(peer_enclave_identity->isv_prod_id != 0 || !(peer_enclave_identity->attributes.flags & SGX_FLAGS_INITTED))
// || peer_enclave_identity->attributes.xfrm !=3)// || peer_enclave_identity->mr_signer != xx //TODO: To be hardcoded with values to check
{
return ENCLAVE_TRUST_ERROR;
}
else
{
return SUCCESS;
}
}
//Dispatch function that calls the approriate enclave function based on the function id
//Each enclave can have its own way of dispatching the calls from other enclave
extern "C" uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data,
size_t decrypted_data_length,
char** resp_buffer,
size_t* resp_length)
{
ms_in_msg_exchange_t *ms;
uint32_t (*fn1)(ms_in_msg_exchange_t *ms, size_t, char**, size_t*);
if(!decrypted_data || !resp_length)
{
return INVALID_PARAMETER_ERROR;
}
ms = (ms_in_msg_exchange_t *)decrypted_data;
if(ms->target_fn_id >= func_table.num_funcs)
{
return INVALID_PARAMETER_ERROR;
}
fn1 = (uint32_t (*)(ms_in_msg_exchange_t*, size_t, char**, size_t*))func_table.table[ms->target_fn_id];
return fn1(ms, decrypted_data_length, resp_buffer, resp_length);
}
//Operates on the input secret and generates the output secret
uint32_t get_message_exchange_response(uint32_t inp_secret_data)
{
uint32_t secret_response;
//User should use more complex encryption method to protect their secret, below is just a simple example
secret_response = inp_secret_data & 0x11111111;
return secret_response;
}
//Generates the response from the request message
extern "C" uint32_t message_exchange_response_generator(char* decrypted_data,
char** resp_buffer,
size_t* resp_length)
{
ms_in_msg_exchange_t *ms;
uint32_t inp_secret_data;
uint32_t out_secret_data;
if(!decrypted_data || !resp_length)
{
return INVALID_PARAMETER_ERROR;
}
ms = (ms_in_msg_exchange_t *)decrypted_data;
if(umarshal_message_exchange_request(&inp_secret_data,ms) != SUCCESS)
return ATTESTATION_ERROR;
out_secret_data = get_message_exchange_response(inp_secret_data);
if(marshal_message_exchange_response(resp_buffer, resp_length, out_secret_data) != SUCCESS)
return MALLOC_ERROR;
return SUCCESS;
}
static uint32_t e3_foo1(param_struct_t *p_struct_var)
{
if(!p_struct_var)
{
return INVALID_PARAMETER_ERROR;
}
p_struct_var->var1++;
p_struct_var->var2++;
return(p_struct_var->var1 * p_struct_var->var2);
}
//Function which is executed on request from the source enclave
static uint32_t e3_foo1_wrapper(ms_in_msg_exchange_t *ms,
size_t param_lenth,
char** resp_buffer,
size_t* resp_length)
{
UNUSED(param_lenth);
uint32_t ret;
param_struct_t *p_struct_var;
if(!ms || !resp_length)
{
return INVALID_PARAMETER_ERROR;
}
p_struct_var = (param_struct_t*)malloc(sizeof(param_struct_t));
if(!p_struct_var)
return MALLOC_ERROR;
if(unmarshal_input_parameters_e3_foo1(p_struct_var, ms) != SUCCESS)
{
SAFE_FREE(p_struct_var);
return ATTESTATION_ERROR;
}
ret = e3_foo1(p_struct_var);
if(marshal_retval_and_output_parameters_e3_foo1(resp_buffer, resp_length, ret, p_struct_var) != SUCCESS)
{
SAFE_FREE(p_struct_var);
return MALLOC_ERROR;
}
SAFE_FREE(p_struct_var);
return SUCCESS;
}

42
SampleCode/LocalAttestation/Enclave3/Enclave3.edl Normal file
View File

@ -0,0 +1,42 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
enclave {
include "sgx_eid.h"
from "../LocalAttestationCode/LocalAttestationCode.edl" import *;
from "sgx_tstdc.edl" import *;
trusted{
public uint32_t test_create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
public uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
public uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
public uint32_t test_close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
};
};

39
SampleCode/LocalAttestation/Enclave3/Enclave3_private.pem Normal file
View File

@ -0,0 +1,39 @@
-----BEGIN RSA PRIVATE KEY-----
MIIG4wIBAAKCAYEA0MvI9NpdP4GEqCvtlJQv00OybzTXzxBhPu/257VYt9cYw/ph
BN1WRyxBBcrZs15xmcvlb3xNmFGWs4w5oUgrFBNgi6g+CUOCsj0cM8xw7P/y3K0H
XaZUf+T3CXCp8NvlkZHzfdWAFA5lGGR9g6kmuk7SojE3h87Zm1KjPU/PvAe+BaMU
trlRr4gPNVnu19Vho60xwuswPxfl/pBFUIk7qWEUR3l2hiqWMeLgf3Ays/WSnkXA
uijwPt5g0hxsgIlyDrI3jKbf0zkFB56jvPwSykfU8aw4Gkbo5qSZxUAKnwH2L8Uf
yM6inBaaYtM79icRwsu45Yt6X0GAt7CSb/1TKBrnm5exmK1sug3YSQ/YuK1FYawU
vIaDD0YfzOndTNVBewA+Hr5xNPvqGJoRKHuGbyu2lI9jrKYpVxQWsmx38wnxF6kE
zX6N4m7KZiLeLpDdBVQtLuOzIdIE4wT3t/ckeqElxO/1Ut9bj765GcTTrYwMKHRw
ukWIH7ZtHtAjj0KzAgEDAoIBgQCLMoX4kZN/q63Fcp5jDXU3gnb0zeU0tZYp9U9F
I5B6j2XX/ECt6OQvctYD3JEiPvZmh+5KUt5li7nNCCZrhXINYkBdGtQGLQHMKL13
3aCd//c9yK+TxDhVQ09boHFLPUO2YUz+jlVitENlmFOtG28m3zcWy3paieZnjGzT
iop9Wn6ubLh50OEfsAojkUnlOOvCc3aB8iAqD+6ptYOLBifGQLgvpk8EHGQhQer/
oCHNTmG+2SsmxfV/Pus2vZ2rBkrUbZU0hwrnvKOIPhnt3Qwtmx9xsC67jF+MpWko
UisJXC27FAGz2gpIGMhBp35HEppwG9hhCuMQdK2g62bvweyr1tC4qOVdQrKvhksN
r6CMjS9eSXvmWdF7lU4oxStN0V56/LICSIsLbggUaxTPKhAVEgfTSqwEJoQuFA3Q
4GmgTydPhcRH1L/lhbWJqZQm7V1Gt+5i5J6iATD32uNQQ2iZi5GsUhr+jZC+WlE5
6lS813cRNiaK52HIk62bG7IXOksCgcEA+6RxZhQ5GaCPYZNsk7TqxqsKopXKoYAr
2R4KWuexJTd+1kcNMk0ETX8OSgpY2cYL2uPFWmdutxPpLfpr8S2u92Da/Wxs70Ti
QSb0426ybTmnS5L7nOnGOHiddXILhW175liAszTeoR7nQ6vpr9YjfcnrXiB8bKIm
akft2DQoxrBPzEe9tA8gfkyDTsSG2j7kncSbvYRtkKcJOmmypotVU6uhRPSrSXCc
J59uBQkg6Bk4CKA1mz8ctG07MluFY0/ZAoHBANRpZlfIFl39gFmuEER7lb80GySO
J190LbqOca3dGOvAMsDgEAi6juJyX7ZNpbHFHj++LvmTtw9+kxhVDBcswS7304kt
7J2EfnGdctEZtXif1wiq30YWAp1tjRpQENKtt9wssmgcwgK39rZNiEHmStHGv3l+
5TnKPKeuFCDnsLvi5lQYoK2wTYvZtsjf+Rnt7H17q90IV54pMjTS8BkGskCkKf2A
IYuaZkqX0T3cM6ovoYYDAU6rWL5rrYPLEwkbawKBwQCnwvZEDXtmawpBDPMNI0cv
HLHBuTHBAB07aVw8mnYYz6nkL14hiK2I/17cBuXmhAfnQoORmknPYptz/Ef2HnSk
6zyo8vNKLewrb03s9Hbze8TdDKe98S7QUGj49rJY86fu5asiIz8WFJotHUZ1OWz+
hpzpav2dwW7xhUk6zXCEdYqIL9PNX2r+3azfLa88Ke2+gxJ+WEkLGgYm8SHEXOON
HRYt+HIw9b1vv56uBhXwENAFwCO81L3Nnid2565CNTsCgcEAjZuZj9q5k/5VkR61
gv0Of3gSGF7E6k1z0bRLyT4QnSrMgJVgBdG0lvbqeYkZIS4UKn7J+7fPX6m3ZY4I
D3MrdKU3sMlIaQL+9mj3NhEjpb/ksHHqLrlXE55eEYq14cklPXMhmr3WrHqkeYkF
gUQx4S8qUP9De9wob8liwJp10pdEOBBrHnWJB+Z52z/7Zp6dqP0dPgWPvsYheIyg
EK8hgG1xU6rBB7xEMbqLfpLNHB/BBAIA3xzl1EfJAodiBhJHAoHAeTS2znDHYayI
TvK86tBAPVORiBVTSdRUONdGF3dipo24hyeyrI5MtiOoMc3sKWXnSTkDQWa3WiPx
qStBmmO/SbGTuz7T6+oOwGeMiYzYBe87Ayn8Y0KYYshFikieJbGusHjUlIGmCVPy
UHrDMYGwFGUGBwW47gBsnZa+YPHtxWCPDe/U80et2Trx0RXJJQPmupAVMSiJWObI
9k5gRU+xDqkHanyD1gkGGwhFTUNX94EJEOdQEWw3hxLnVtePoke/
-----END RSA PRIVATE KEY-----

223
SampleCode/LocalAttestation/Enclave3/Utility_E3.cpp Normal file
View File

@ -0,0 +1,223 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include "sgx_eid.h"
#include "EnclaveMessageExchange.h"
#include "error_codes.h"
#include "Utility_E3.h"
#include "stdlib.h"
#include "string.h"
uint32_t marshal_input_parameters_e1_foo1(uint32_t target_fn_id, uint32_t msg_type, external_param_struct_t *p_struct_var, size_t len_data, size_t len_ptr_data, char** marshalled_buff, size_t* marshalled_buff_len)
{
ms_in_msg_exchange_t *ms;
size_t param_len, ms_len;
char *temp_buff;
int* addr;
char* struct_data;
if(!p_struct_var || !marshalled_buff_len)
return INVALID_PARAMETER_ERROR;
struct_data = (char*)p_struct_var;
temp_buff = (char*)malloc(len_data + len_ptr_data);
if(!temp_buff)
return MALLOC_ERROR;
memcpy(temp_buff, struct_data, len_data);
addr = *(int **)(struct_data + len_data);
memcpy(temp_buff + len_data, addr, len_ptr_data); //can be optimized
param_len = len_data + len_ptr_data;
ms_len = sizeof(ms_in_msg_exchange_t) + param_len;
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
if(!ms)
{
SAFE_FREE(temp_buff);
return MALLOC_ERROR;
}
ms->msg_type = msg_type;
ms->target_fn_id = target_fn_id;
ms->inparam_buff_len = (uint32_t)param_len;
memcpy(&ms->inparam_buff, temp_buff, param_len);
*marshalled_buff = (char*)ms;
*marshalled_buff_len = ms_len;
SAFE_FREE(temp_buff);
return SUCCESS;
}
uint32_t marshal_retval_and_output_parameters_e3_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval, param_struct_t *p_struct_var)
{
ms_out_msg_exchange_t *ms;
size_t ret_param_len, ms_len;
char *temp_buff;
size_t retval_len;
if(!resp_length || !p_struct_var)
return INVALID_PARAMETER_ERROR;
retval_len = sizeof(retval);
ret_param_len = sizeof(retval) + sizeof(param_struct_t);
temp_buff = (char*)malloc(ret_param_len);
if(!temp_buff)
return MALLOC_ERROR;
memcpy(temp_buff, &retval, sizeof(retval));
memcpy(temp_buff + sizeof(retval), p_struct_var, sizeof(param_struct_t));
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
if(!ms)
{
SAFE_FREE(temp_buff);
return MALLOC_ERROR;
}
ms->retval_len = (uint32_t)retval_len;
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
memcpy(&ms->ret_outparam_buff, temp_buff, ret_param_len);
*resp_buffer = (char*)ms;
*resp_length = ms_len;
SAFE_FREE(temp_buff);
return SUCCESS;
}
uint32_t unmarshal_input_parameters_e3_foo1(param_struct_t *pstruct, ms_in_msg_exchange_t* ms)
{
char* buff;
size_t len;
if(!pstruct || !ms)
return INVALID_PARAMETER_ERROR;
buff = ms->inparam_buff;
len = ms->inparam_buff_len;
if(len != (sizeof(pstruct->var1) + sizeof(pstruct->var2)))
return ATTESTATION_ERROR;
memcpy(&pstruct->var1, buff, sizeof(pstruct->var1));
memcpy(&pstruct->var2, buff + sizeof(pstruct->var1), sizeof(pstruct->var2));
return SUCCESS;
}
uint32_t unmarshal_retval_and_output_parameters_e1_foo1(char* out_buff, external_param_struct_t *p_struct_var, char** retval)
{
size_t retval_len;
ms_out_msg_exchange_t *ms;
if(!out_buff || !p_struct_var)
return INVALID_PARAMETER_ERROR;
ms = (ms_out_msg_exchange_t *)out_buff;
retval_len = ms->retval_len;
*retval = (char*)malloc(retval_len);
if(!*retval)
{
return MALLOC_ERROR;
}
memcpy(*retval, ms->ret_outparam_buff, retval_len);
memcpy(&p_struct_var->var1, (ms->ret_outparam_buff) + retval_len, sizeof(p_struct_var->var1));
memcpy(&p_struct_var->var2, (ms->ret_outparam_buff) + retval_len + sizeof(p_struct_var->var1), sizeof(p_struct_var->var2));
memcpy(&p_struct_var->p_internal_struct->ivar1, (ms->ret_outparam_buff) + retval_len + sizeof(p_struct_var->var1)+ sizeof(p_struct_var->var2), sizeof(p_struct_var->p_internal_struct->ivar1));
memcpy(&p_struct_var->p_internal_struct->ivar2, (ms->ret_outparam_buff) + retval_len + sizeof(p_struct_var->var1)+ sizeof(p_struct_var->var2) + sizeof(p_struct_var->p_internal_struct->ivar1), sizeof(p_struct_var->p_internal_struct->ivar2));
return SUCCESS;
}
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len)
{
ms_in_msg_exchange_t *ms;
size_t secret_data_len, ms_len;
if(!marshalled_buff_len)
return INVALID_PARAMETER_ERROR;
secret_data_len = sizeof(secret_data);
ms_len = sizeof(ms_in_msg_exchange_t) + secret_data_len;
ms = (ms_in_msg_exchange_t *)malloc(ms_len);
if(!ms)
return MALLOC_ERROR;
ms->msg_type = msg_type;
ms->target_fn_id = target_fn_id;
ms->inparam_buff_len = (uint32_t)secret_data_len;
memcpy(&ms->inparam_buff, &secret_data, secret_data_len);
*marshalled_buff = (char*)ms;
*marshalled_buff_len = ms_len;
return SUCCESS;
}
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms)
{
char* buff;
size_t len;
if(!inp_secret_data || !ms)
return INVALID_PARAMETER_ERROR;
buff = ms->inparam_buff;
len = ms->inparam_buff_len;
if(len != sizeof(uint32_t))
return ATTESTATION_ERROR;
memcpy(inp_secret_data, buff, sizeof(uint32_t));
return SUCCESS;
}
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response)
{
ms_out_msg_exchange_t *ms;
size_t secret_response_len, ms_len;
size_t retval_len, ret_param_len;
if(!resp_length)
return INVALID_PARAMETER_ERROR;
secret_response_len = sizeof(secret_response);
retval_len = secret_response_len;
ret_param_len = secret_response_len;
ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
ms = (ms_out_msg_exchange_t *)malloc(ms_len);
if(!ms)
return MALLOC_ERROR;
ms->retval_len = (uint32_t)retval_len;
ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
memcpy(&ms->ret_outparam_buff, &secret_response, secret_response_len);
*resp_buffer = (char*)ms;
*resp_length = ms_len;
return SUCCESS;
}
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response)
{
size_t retval_len;
ms_out_msg_exchange_t *ms;
if(!out_buff)
return INVALID_PARAMETER_ERROR;
ms = (ms_out_msg_exchange_t *)out_buff;
retval_len = ms->retval_len;
*secret_response = (char*)malloc(retval_len);
if(!*secret_response)
{
return MALLOC_ERROR;
}
memcpy(*secret_response, ms->ret_outparam_buff, retval_len);
return SUCCESS;
}

73
SampleCode/LocalAttestation/Enclave3/Utility_E3.h Normal file
View File

@ -0,0 +1,73 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef UTILITY_E3_H__
#define UTILITY_E3_H__
#include "stdint.h"
typedef struct _internal_param_struct_t
{
uint32_t ivar1;
uint32_t ivar2;
}internal_param_struct_t;
typedef struct _external_param_struct_t
{
uint32_t var1;
uint32_t var2;
internal_param_struct_t *p_internal_struct;
}external_param_struct_t;
typedef struct _param_struct_t
{
uint32_t var1;
uint32_t var2;
}param_struct_t;
#ifdef __cplusplus
extern "C" {
#endif
uint32_t marshal_input_parameters_e1_foo1(uint32_t target_fn_id, uint32_t msg_type, external_param_struct_t *p_struct_var, size_t len_data, size_t len_ptr_data, char** marshalled_buff, size_t* marshalled_buff_len);
uint32_t unmarshal_retval_and_output_parameters_e1_foo1(char* out_buff, external_param_struct_t *p_struct_var, char** retval);
uint32_t unmarshal_input_parameters_e3_foo1(param_struct_t *pstruct, ms_in_msg_exchange_t* ms);
uint32_t marshal_retval_and_output_parameters_e3_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval, param_struct_t *p_struct_var);
uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len);
uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms);
uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response);
uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response);
#ifdef __cplusplus
}
#endif
#endif

68
SampleCode/LocalAttestation/Include/dh_session_protocol.h Normal file
View File

@ -0,0 +1,68 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef _DH_SESSION_PROROCOL_H
#define _DH_SESSION_PROROCOL_H
#include "sgx_ecp_types.h"
#include "sgx_key.h"
#include "sgx_report.h"
#include "sgx_attributes.h"
#define NONCE_SIZE 16
#define MAC_SIZE 16
#define MSG_BUF_LEN sizeof(ec_pub_t)*2
#define MSG_HASH_SZ 32
//Session information structure
typedef struct _la_dh_session_t
{
uint32_t session_id; //Identifies the current session
uint32_t status; //Indicates session is in progress, active or closed
union
{
struct
{
sgx_dh_session_t dh_session;
}in_progress;
struct
{
sgx_key_128bit_t AEK; //Session Key
uint32_t counter; //Used to store Message Sequence Number
}active;
};
} dh_session_t;
#endif

721
SampleCode/LocalAttestation/LocalAttestationCode/EnclaveMessageExchange.cpp Normal file
View File

@ -0,0 +1,721 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include "sgx_trts.h"
#include "sgx_utils.h"
#include "EnclaveMessageExchange.h"
#include "sgx_eid.h"
#include "error_codes.h"
#include "sgx_ecp_types.h"
#include "sgx_thread.h"
#include <map>
#include "dh_session_protocol.h"
#include "sgx_dh.h"
#include "sgx_tcrypto.h"
#include "LocalAttestationCode_t.h"
#ifdef __cplusplus
extern "C" {
#endif
uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data, size_t decrypted_data_length, char** resp_buffer, size_t* resp_length);
uint32_t message_exchange_response_generator(char* decrypted_data, char** resp_buffer, size_t* resp_length);
uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity);
#ifdef __cplusplus
}
#endif
#define MAX_SESSION_COUNT 16
//number of open sessions
uint32_t g_session_count = 0;
ATTESTATION_STATUS generate_session_id(uint32_t *session_id);
ATTESTATION_STATUS end_session(sgx_enclave_id_t src_enclave_id);
//Array of open session ids
session_id_tracker_t *g_session_id_tracker[MAX_SESSION_COUNT];
//Map between the source enclave id and the session information associated with that particular session
std::map<sgx_enclave_id_t, dh_session_t>g_dest_session_info_map;
//Create a session with the destination enclave
ATTESTATION_STATUS create_session(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id,
dh_session_t *session_info)
{
sgx_dh_msg1_t dh_msg1; //Diffie-Hellman Message 1
sgx_key_128bit_t dh_aek; // Session Key
sgx_dh_msg2_t dh_msg2; //Diffie-Hellman Message 2
sgx_dh_msg3_t dh_msg3; //Diffie-Hellman Message 3
uint32_t session_id;
uint32_t retstatus;
sgx_status_t status = SGX_SUCCESS;
sgx_dh_session_t sgx_dh_session;
sgx_dh_session_enclave_identity_t responder_identity;
if(!session_info)
{
return INVALID_PARAMETER_ERROR;
}
memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
memset(&dh_msg1, 0, sizeof(sgx_dh_msg1_t));
memset(&dh_msg2, 0, sizeof(sgx_dh_msg2_t));
memset(&dh_msg3, 0, sizeof(sgx_dh_msg3_t));
memset(session_info, 0, sizeof(dh_session_t));
//Intialize the session as a session initiator
status = sgx_dh_init_session(SGX_DH_SESSION_INITIATOR, &sgx_dh_session);
if(SGX_SUCCESS != status)
{
return status;
}
//Ocall to request for a session with the destination enclave and obtain session id and Message 1 if successful
status = session_request_ocall(&retstatus, src_enclave_id, dest_enclave_id, &dh_msg1, &session_id);
if (status == SGX_SUCCESS)
{
if ((ATTESTATION_STATUS)retstatus != SUCCESS)
return ((ATTESTATION_STATUS)retstatus);
}
else
{
return ATTESTATION_SE_ERROR;
}
//Process the message 1 obtained from desination enclave and generate message 2
status = sgx_dh_initiator_proc_msg1(&dh_msg1, &dh_msg2, &sgx_dh_session);
if(SGX_SUCCESS != status)
{
return status;
}
//Send Message 2 to Destination Enclave and get Message 3 in return
status = exchange_report_ocall(&retstatus, src_enclave_id, dest_enclave_id, &dh_msg2, &dh_msg3, session_id);
if (status == SGX_SUCCESS)
{
if ((ATTESTATION_STATUS)retstatus != SUCCESS)
return ((ATTESTATION_STATUS)retstatus);
}
else
{
return ATTESTATION_SE_ERROR;
}
//Process Message 3 obtained from the destination enclave
status = sgx_dh_initiator_proc_msg3(&dh_msg3, &sgx_dh_session, &dh_aek, &responder_identity);
if(SGX_SUCCESS != status)
{
return status;
}
// Verify the identity of the destination enclave
if(verify_peer_enclave_trust(&responder_identity) != SUCCESS)
{
return INVALID_SESSION;
}
memcpy(session_info->active.AEK, &dh_aek, sizeof(sgx_key_128bit_t));
session_info->session_id = session_id;
session_info->active.counter = 0;
session_info->status = ACTIVE;
memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
return status;
}
//Handle the request from Source Enclave for a session
ATTESTATION_STATUS session_request(sgx_enclave_id_t src_enclave_id,
sgx_dh_msg1_t *dh_msg1,
uint32_t *session_id )
{
dh_session_t session_info;
sgx_dh_session_t sgx_dh_session;
sgx_status_t status = SGX_SUCCESS;
if(!session_id || !dh_msg1)
{
return INVALID_PARAMETER_ERROR;
}
//Intialize the session as a session responder
status = sgx_dh_init_session(SGX_DH_SESSION_RESPONDER, &sgx_dh_session);
if(SGX_SUCCESS != status)
{
return status;
}
//get a new SessionID
if ((status = (sgx_status_t)generate_session_id(session_id)) != SUCCESS)
return status; //no more sessions available
//Allocate memory for the session id tracker
g_session_id_tracker[*session_id] = (session_id_tracker_t *)malloc(sizeof(session_id_tracker_t));
if(!g_session_id_tracker[*session_id])
{
return MALLOC_ERROR;
}
memset(g_session_id_tracker[*session_id], 0, sizeof(session_id_tracker_t));
g_session_id_tracker[*session_id]->session_id = *session_id;
session_info.status = IN_PROGRESS;
//Generate Message1 that will be returned to Source Enclave
status = sgx_dh_responder_gen_msg1((sgx_dh_msg1_t*)dh_msg1, &sgx_dh_session);
if(SGX_SUCCESS != status)
{
SAFE_FREE(g_session_id_tracker[*session_id]);
return status;
}
memcpy(&session_info.in_progress.dh_session, &sgx_dh_session, sizeof(sgx_dh_session_t));
//Store the session information under the correspoding source enlave id key
g_dest_session_info_map.insert(std::pair<sgx_enclave_id_t, dh_session_t>(src_enclave_id, session_info));
return status;
}
//Verify Message 2, generate Message3 and exchange Message 3 with Source Enclave
ATTESTATION_STATUS exchange_report(sgx_enclave_id_t src_enclave_id,
sgx_dh_msg2_t *dh_msg2,
sgx_dh_msg3_t *dh_msg3,
uint32_t session_id)
{
sgx_key_128bit_t dh_aek; // Session key
dh_session_t *session_info;
ATTESTATION_STATUS status = SUCCESS;
sgx_dh_session_t sgx_dh_session;
sgx_dh_session_enclave_identity_t initiator_identity;
if(!dh_msg2 || !dh_msg3)
{
return INVALID_PARAMETER_ERROR;
}
memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
do
{
//Retreive the session information for the corresponding source enclave id
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_dest_session_info_map.find(src_enclave_id);
if(it != g_dest_session_info_map.end())
{
session_info = &it->second;
}
else
{
status = INVALID_SESSION;
break;
}
if(session_info->status != IN_PROGRESS)
{
status = INVALID_SESSION;
break;
}
memcpy(&sgx_dh_session, &session_info->in_progress.dh_session, sizeof(sgx_dh_session_t));
dh_msg3->msg3_body.additional_prop_length = 0;
//Process message 2 from source enclave and obtain message 3
sgx_status_t se_ret = sgx_dh_responder_proc_msg2(dh_msg2,
dh_msg3,
&sgx_dh_session,
&dh_aek,
&initiator_identity);
if(SGX_SUCCESS != se_ret)
{
status = se_ret;
break;
}
//Verify source enclave's trust
if(verify_peer_enclave_trust(&initiator_identity) != SUCCESS)
{
return INVALID_SESSION;
}
//save the session ID, status and initialize the session nonce
session_info->session_id = session_id;
session_info->status = ACTIVE;
session_info->active.counter = 0;
memcpy(session_info->active.AEK, &dh_aek, sizeof(sgx_key_128bit_t));
memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
g_session_count++;
}while(0);
if(status != SUCCESS)
{
end_session(src_enclave_id);
}
return status;
}
//Request for the response size, send the request message to the destination enclave and receive the response message back
ATTESTATION_STATUS send_request_receive_response(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id,
dh_session_t *session_info,
char *inp_buff,
size_t inp_buff_len,
size_t max_out_buff_size,
char **out_buff,
size_t* out_buff_len)
{
const uint8_t* plaintext;
uint32_t plaintext_length;
sgx_status_t status;
uint32_t retstatus;
secure_message_t* req_message;
secure_message_t* resp_message;
uint8_t *decrypted_data;
uint32_t decrypted_data_length;
uint32_t plain_text_offset;
uint8_t l_tag[TAG_SIZE];
size_t max_resp_message_length;
plaintext = (const uint8_t*)(" ");
plaintext_length = 0;
if(!session_info || !inp_buff)
{
return INVALID_PARAMETER_ERROR;
}
//Check if the nonce for the session has not exceeded 2^32-2 if so end session and start a new session
if(session_info->active.counter == ((uint32_t) - 2))
{
close_session(src_enclave_id, dest_enclave_id);
create_session(src_enclave_id, dest_enclave_id, session_info);
}
//Allocate memory for the AES-GCM request message
req_message = (secure_message_t*)malloc(sizeof(secure_message_t)+ inp_buff_len);
if(!req_message)
{
return MALLOC_ERROR;
}
memset(req_message,0,sizeof(secure_message_t)+ inp_buff_len);
const uint32_t data2encrypt_length = (uint32_t)inp_buff_len;
//Set the payload size to data to encrypt length
req_message->message_aes_gcm_data.payload_size = data2encrypt_length;
//Use the session nonce as the payload IV
memcpy(req_message->message_aes_gcm_data.reserved,&session_info->active.counter,sizeof(session_info->active.counter));
//Set the session ID of the message to the current session id
req_message->session_id = session_info->session_id;
//Prepare the request message with the encrypted payload
status = sgx_rijndael128GCM_encrypt(&session_info->active.AEK, (uint8_t*)inp_buff, data2encrypt_length,
reinterpret_cast<uint8_t *>(&(req_message->message_aes_gcm_data.payload)),
reinterpret_cast<uint8_t *>(&(req_message->message_aes_gcm_data.reserved)),
sizeof(req_message->message_aes_gcm_data.reserved), plaintext, plaintext_length,
&(req_message->message_aes_gcm_data.payload_tag));
if(SGX_SUCCESS != status)
{
SAFE_FREE(req_message);
return status;
}
//Allocate memory for the response payload to be copied
*out_buff = (char*)malloc(max_out_buff_size);
if(!*out_buff)
{
SAFE_FREE(req_message);
return MALLOC_ERROR;
}
memset(*out_buff, 0, max_out_buff_size);
//Allocate memory for the response message
resp_message = (secure_message_t*)malloc(sizeof(secure_message_t)+ max_out_buff_size);
if(!resp_message)
{
SAFE_FREE(req_message);
return MALLOC_ERROR;
}
memset(resp_message, 0, sizeof(secure_message_t)+ max_out_buff_size);
//Ocall to send the request to the Destination Enclave and get the response message back
status = send_request_ocall(&retstatus, src_enclave_id, dest_enclave_id, req_message,
(sizeof(secure_message_t)+ inp_buff_len), max_out_buff_size,
resp_message, (sizeof(secure_message_t)+ max_out_buff_size));
if (status == SGX_SUCCESS)
{
if ((ATTESTATION_STATUS)retstatus != SUCCESS)
{
SAFE_FREE(req_message);
SAFE_FREE(resp_message);
return ((ATTESTATION_STATUS)retstatus);
}
}
else
{
SAFE_FREE(req_message);
SAFE_FREE(resp_message);
return ATTESTATION_SE_ERROR;
}
max_resp_message_length = sizeof(secure_message_t)+ max_out_buff_size;
if(sizeof(resp_message) > max_resp_message_length)
{
SAFE_FREE(req_message);
SAFE_FREE(resp_message);
return INVALID_PARAMETER_ERROR;
}
//Code to process the response message from the Destination Enclave
decrypted_data_length = resp_message->message_aes_gcm_data.payload_size;
plain_text_offset = decrypted_data_length;
decrypted_data = (uint8_t*)malloc(decrypted_data_length);
if(!decrypted_data)
{
SAFE_FREE(req_message);
SAFE_FREE(resp_message);
return MALLOC_ERROR;
}
memset(&l_tag, 0, 16);
memset(decrypted_data, 0, decrypted_data_length);
//Decrypt the response message payload
status = sgx_rijndael128GCM_decrypt(&session_info->active.AEK, resp_message->message_aes_gcm_data.payload,
decrypted_data_length, decrypted_data,
reinterpret_cast<uint8_t *>(&(resp_message->message_aes_gcm_data.reserved)),
sizeof(resp_message->message_aes_gcm_data.reserved), &(resp_message->message_aes_gcm_data.payload[plain_text_offset]), plaintext_length,
&resp_message->message_aes_gcm_data.payload_tag);
if(SGX_SUCCESS != status)
{
SAFE_FREE(req_message);
SAFE_FREE(decrypted_data);
SAFE_FREE(resp_message);
return status;
}
// Verify if the nonce obtained in the response is equal to the session nonce + 1 (Prevents replay attacks)
if(*(resp_message->message_aes_gcm_data.reserved) != (session_info->active.counter + 1 ))
{
SAFE_FREE(req_message);
SAFE_FREE(resp_message);
SAFE_FREE(decrypted_data);
return INVALID_PARAMETER_ERROR;
}
//Update the value of the session nonce in the source enclave
session_info->active.counter = session_info->active.counter + 1;
memcpy(out_buff_len, &decrypted_data_length, sizeof(decrypted_data_length));
memcpy(*out_buff, decrypted_data, decrypted_data_length);
SAFE_FREE(decrypted_data);
SAFE_FREE(req_message);
SAFE_FREE(resp_message);
return SUCCESS;
}
//Process the request from the Source enclave and send the response message back to the Source enclave
ATTESTATION_STATUS generate_response(sgx_enclave_id_t src_enclave_id,
secure_message_t* req_message,
size_t req_message_size,
size_t max_payload_size,
secure_message_t* resp_message,
size_t resp_message_size)
{
const uint8_t* plaintext;
uint32_t plaintext_length;
uint8_t *decrypted_data;
uint32_t decrypted_data_length;
uint32_t plain_text_offset;
ms_in_msg_exchange_t * ms;
size_t resp_data_length;
size_t resp_message_calc_size;
char* resp_data;
uint8_t l_tag[TAG_SIZE];
size_t header_size, expected_payload_size;
dh_session_t *session_info;
secure_message_t* temp_resp_message;
uint32_t ret;
sgx_status_t status;
plaintext = (const uint8_t*)(" ");
plaintext_length = 0;
if(!req_message || !resp_message)
{
return INVALID_PARAMETER_ERROR;
}
//Get the session information from the map corresponding to the source enclave id
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_dest_session_info_map.find(src_enclave_id);
if(it != g_dest_session_info_map.end())
{
session_info = &it->second;
}
else
{
return INVALID_SESSION;
}
if(session_info->status != ACTIVE)
{
return INVALID_SESSION;
}
//Set the decrypted data length to the payload size obtained from the message
decrypted_data_length = req_message->message_aes_gcm_data.payload_size;
header_size = sizeof(secure_message_t);
expected_payload_size = req_message_size - header_size;
//Verify the size of the payload
if(expected_payload_size != decrypted_data_length)
return INVALID_PARAMETER_ERROR;
memset(&l_tag, 0, 16);
plain_text_offset = decrypted_data_length;
decrypted_data = (uint8_t*)malloc(decrypted_data_length);
if(!decrypted_data)
{
return MALLOC_ERROR;
}
memset(decrypted_data, 0, decrypted_data_length);
//Decrypt the request message payload from source enclave
status = sgx_rijndael128GCM_decrypt(&session_info->active.AEK, req_message->message_aes_gcm_data.payload,
decrypted_data_length, decrypted_data,
reinterpret_cast<uint8_t *>(&(req_message->message_aes_gcm_data.reserved)),
sizeof(req_message->message_aes_gcm_data.reserved), &(req_message->message_aes_gcm_data.payload[plain_text_offset]), plaintext_length,
&req_message->message_aes_gcm_data.payload_tag);
if(SGX_SUCCESS != status)
{
SAFE_FREE(decrypted_data);
return status;
}
//Casting the decrypted data to the marshaling structure type to obtain type of request (generic message exchange/enclave to enclave call)
ms = (ms_in_msg_exchange_t *)decrypted_data;
// Verify if the nonce obtained in the request is equal to the session nonce
if((uint32_t)*(req_message->message_aes_gcm_data.reserved) != session_info->active.counter || *(req_message->message_aes_gcm_data.reserved) > ((2^32)-2))
{
SAFE_FREE(decrypted_data);
return INVALID_PARAMETER_ERROR;
}
if(ms->msg_type == MESSAGE_EXCHANGE)
{
//Call the generic secret response generator for message exchange
ret = message_exchange_response_generator((char*)decrypted_data, &resp_data, &resp_data_length);
if(ret !=0)
{
SAFE_FREE(decrypted_data);
SAFE_FREE(resp_data);
return INVALID_SESSION;
}
}
else if(ms->msg_type == ENCLAVE_TO_ENCLAVE_CALL)
{
//Call the destination enclave's dispatcher to call the appropriate function in the destination enclave
ret = enclave_to_enclave_call_dispatcher((char*)decrypted_data, decrypted_data_length, &resp_data, &resp_data_length);
if(ret !=0)
{
SAFE_FREE(decrypted_data);
SAFE_FREE(resp_data);
return INVALID_SESSION;
}
}
else
{
SAFE_FREE(decrypted_data);
return INVALID_REQUEST_TYPE_ERROR;
}
if(resp_data_length > max_payload_size)
{
SAFE_FREE(resp_data);
SAFE_FREE(decrypted_data);
return OUT_BUFFER_LENGTH_ERROR;
}
resp_message_calc_size = sizeof(secure_message_t)+ resp_data_length;
if(resp_message_calc_size > resp_message_size)
{
SAFE_FREE(resp_data);
SAFE_FREE(decrypted_data);
return OUT_BUFFER_LENGTH_ERROR;
}
//Code to build the response back to the Source Enclave
temp_resp_message = (secure_message_t*)malloc(resp_message_calc_size);
if(!temp_resp_message)
{
SAFE_FREE(resp_data);
SAFE_FREE(decrypted_data);
return MALLOC_ERROR;
}
memset(temp_resp_message,0,sizeof(secure_message_t)+ resp_data_length);
const uint32_t data2encrypt_length = (uint32_t)resp_data_length;
temp_resp_message->session_id = session_info->session_id;
temp_resp_message->message_aes_gcm_data.payload_size = data2encrypt_length;
//Increment the Session Nonce (Replay Protection)
session_info->active.counter = session_info->active.counter + 1;
//Set the response nonce as the session nonce
memcpy(&temp_resp_message->message_aes_gcm_data.reserved,&session_info->active.counter,sizeof(session_info->active.counter));
//Prepare the response message with the encrypted payload
status = sgx_rijndael128GCM_encrypt(&session_info->active.AEK, (uint8_t*)resp_data, data2encrypt_length,
reinterpret_cast<uint8_t *>(&(temp_resp_message->message_aes_gcm_data.payload)),
reinterpret_cast<uint8_t *>(&(temp_resp_message->message_aes_gcm_data.reserved)),
sizeof(temp_resp_message->message_aes_gcm_data.reserved), plaintext, plaintext_length,
&(temp_resp_message->message_aes_gcm_data.payload_tag));
if(SGX_SUCCESS != status)
{
SAFE_FREE(resp_data);
SAFE_FREE(decrypted_data);
SAFE_FREE(temp_resp_message);
return status;
}
memset(resp_message, 0, sizeof(secure_message_t)+ resp_data_length);
memcpy(resp_message, temp_resp_message, sizeof(secure_message_t)+ resp_data_length);
SAFE_FREE(decrypted_data);
SAFE_FREE(resp_data);
SAFE_FREE(temp_resp_message);
return SUCCESS;
}
//Close a current session
ATTESTATION_STATUS close_session(sgx_enclave_id_t src_enclave_id,
sgx_enclave_id_t dest_enclave_id)
{
sgx_status_t status;
uint32_t retstatus;
//Ocall to ask the destination enclave to end the session
status = end_session_ocall(&retstatus, src_enclave_id, dest_enclave_id);
if (status == SGX_SUCCESS)
{
if ((ATTESTATION_STATUS)retstatus != SUCCESS)
return ((ATTESTATION_STATUS)retstatus);
}
else
{
return ATTESTATION_SE_ERROR;
}
return SUCCESS;
}
//Respond to the request from the Source Enclave to close the session
ATTESTATION_STATUS end_session(sgx_enclave_id_t src_enclave_id)
{
ATTESTATION_STATUS status = SUCCESS;
int i;
dh_session_t session_info;
uint32_t session_id;
//Get the session information from the map corresponding to the source enclave id
std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_dest_session_info_map.find(src_enclave_id);
if(it != g_dest_session_info_map.end())
{
session_info = it->second;
}
else
{
return INVALID_SESSION;
}
session_id = session_info.session_id;
//Erase the session information for the current session
g_dest_session_info_map.erase(src_enclave_id);
//Update the session id tracker
if (g_session_count > 0)
{
//check if session exists
for (i=1; i <= MAX_SESSION_COUNT; i++)
{
if(g_session_id_tracker[i-1] != NULL && g_session_id_tracker[i-1]->session_id == session_id)
{
memset(g_session_id_tracker[i-1], 0, sizeof(session_id_tracker_t));
SAFE_FREE(g_session_id_tracker[i-1]);
g_session_count--;
break;
}
}
}
return status;
}
//Returns a new sessionID for the source destination session
ATTESTATION_STATUS generate_session_id(uint32_t *session_id)
{
ATTESTATION_STATUS status = SUCCESS;
if(!session_id)
{
return INVALID_PARAMETER_ERROR;
}
//if the session structure is untintialized, set that as the next session ID
for (int i = 0; i < MAX_SESSION_COUNT; i++)
{
if (g_session_id_tracker[i] == NULL)
{
*session_id = i;
return status;
}
}
status = NO_AVAILABLE_SESSION_ERROR;
return status;
}

54
SampleCode/LocalAttestation/LocalAttestationCode/EnclaveMessageExchange.h Normal file
View File

@ -0,0 +1,54 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include "datatypes.h"
#include "sgx_eid.h"
#include "sgx_trts.h"
#include <map>
#include "dh_session_protocol.h"
#ifndef LOCALATTESTATION_H_
#define LOCALATTESTATION_H_
#ifdef __cplusplus
extern "C" {
#endif
uint32_t SGXAPI create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, dh_session_t *p_session_info);
uint32_t SGXAPI send_request_receive_response(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, dh_session_t *p_session_info, char *inp_buff, size_t inp_buff_len, size_t max_out_buff_size, char **out_buff, size_t* out_buff_len);
uint32_t SGXAPI close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
#ifdef __cplusplus
}
#endif
#endif

49
SampleCode/LocalAttestation/LocalAttestationCode/LocalAttestationCode.edl Normal file
View File

@ -0,0 +1,49 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
enclave {
include "sgx_eid.h"
include "datatypes.h"
include "../Include/dh_session_protocol.h"
trusted{
public uint32_t session_request(sgx_enclave_id_t src_enclave_id, [out] sgx_dh_msg1_t *dh_msg1, [out] uint32_t *session_id);
public uint32_t exchange_report(sgx_enclave_id_t src_enclave_id, [in] sgx_dh_msg2_t *dh_msg2, [out] sgx_dh_msg3_t *dh_msg3, uint32_t session_id);
public uint32_t generate_response(sgx_enclave_id_t src_enclave_id, [in, size = req_message_size] secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, [out, size=resp_message_size] secure_message_t* resp_message, size_t resp_message_size );
public uint32_t end_session(sgx_enclave_id_t src_enclave_id);
};
untrusted{
uint32_t session_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [out] sgx_dh_msg1_t *dh_msg1,[out] uint32_t *session_id);
uint32_t exchange_report_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [in] sgx_dh_msg2_t *dh_msg2, [out] sgx_dh_msg3_t *dh_msg3, uint32_t session_id);
uint32_t send_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [in, size = req_message_size] secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, [out, size=resp_message_size] secure_message_t* resp_message, size_t resp_message_size);
uint32_t end_session_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
};
};

105
SampleCode/LocalAttestation/LocalAttestationCode/datatypes.h Normal file
View File

@ -0,0 +1,105 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include "sgx_report.h"
#include "sgx_eid.h"
#include "sgx_ecp_types.h"
#include "sgx_dh.h"
#include "sgx_tseal.h"
#ifndef DATATYPES_H_
#define DATATYPES_H_
#define DH_KEY_SIZE 20
#define NONCE_SIZE 16
#define MAC_SIZE 16
#define MAC_KEY_SIZE 16
#define PADDING_SIZE 16
#define TAG_SIZE 16
#define IV_SIZE 12
#define DERIVE_MAC_KEY 0x0
#define DERIVE_SESSION_KEY 0x1
#define DERIVE_VK1_KEY 0x3
#define DERIVE_VK2_KEY 0x4
#define CLOSED 0x0
#define IN_PROGRESS 0x1
#define ACTIVE 0x2
#define MESSAGE_EXCHANGE 0x0
#define ENCLAVE_TO_ENCLAVE_CALL 0x1
#define INVALID_ARGUMENT -2 ///< Invalid function argument
#define LOGIC_ERROR -3 ///< Functional logic error
#define FILE_NOT_FOUND -4 ///< File not found
#define SAFE_FREE(ptr) {if (NULL != (ptr)) {free(ptr); (ptr)=NULL;}}
#define VMC_ATTRIBUTE_MASK 0xFFFFFFFFFFFFFFCB
typedef uint8_t dh_nonce[NONCE_SIZE];
typedef uint8_t cmac_128[MAC_SIZE];
#pragma pack(push, 1)
//Format of the AES-GCM message being exchanged between the source and the destination enclaves
typedef struct _secure_message_t
{
uint32_t session_id; //Session ID identifyting the session to which the message belongs
sgx_aes_gcm_data_t message_aes_gcm_data;
}secure_message_t;
//Format of the input function parameter structure
typedef struct _ms_in_msg_exchange_t {
uint32_t msg_type; //Type of Call E2E or general message exchange
uint32_t target_fn_id; //Function Id to be called in Destination. Is valid only when msg_type=ENCLAVE_TO_ENCLAVE_CALL
uint32_t inparam_buff_len; //Length of the serialized input parameters
char inparam_buff[]; //Serialized input parameters
} ms_in_msg_exchange_t;
//Format of the return value and output function parameter structure
typedef struct _ms_out_msg_exchange_t {
uint32_t retval_len; //Length of the return value
uint32_t ret_outparam_buff_len; //Length of the serialized return value and output parameters
char ret_outparam_buff[]; //Serialized return value and output parameters
} ms_out_msg_exchange_t;
//Session Tracker to generate session ids
typedef struct _session_id_tracker_t
{
uint32_t session_id;
}session_id_tracker_t;
#pragma pack(pop)
#endif

53
SampleCode/LocalAttestation/LocalAttestationCode/error_codes.h Normal file
View File

@ -0,0 +1,53 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef ERROR_CODES_H_
#define ERROR_CODES_H_
typedef uint32_t ATTESTATION_STATUS;
#define SUCCESS 0x00
#define INVALID_PARAMETER 0xE1
#define VALID_SESSION 0xE2
#define INVALID_SESSION 0xE3
#define ATTESTATION_ERROR 0xE4
#define ATTESTATION_SE_ERROR 0xE5
#define IPP_ERROR 0xE6
#define NO_AVAILABLE_SESSION_ERROR 0xE7
#define MALLOC_ERROR 0xE8
#define ERROR_TAG_MISMATCH 0xE9
#define OUT_BUFFER_LENGTH_ERROR 0xEA
#define INVALID_REQUEST_TYPE_ERROR 0xEB
#define INVALID_PARAMETER_ERROR 0xEC
#define ENCLAVE_TRUST_ERROR 0xED
#define ENCRYPT_DECRYPT_ERROR 0xEE
#define DUPLICATE_SESSION 0xEF
#endif

297
SampleCode/LocalAttestation/Makefile Normal file
View File

@ -0,0 +1,297 @@
#
# Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
#
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
# * Neither the name of Intel Corporation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
#
######## SGX SDK Settings ########
SGX_SDK ?= /opt/intel/sgxsdk
SGX_MODE ?= SIM
SGX_ARCH ?= x64
ifeq ($(shell getconf LONG_BIT), 32)
SGX_ARCH := x86
else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32)
SGX_ARCH := x86
endif
ifeq ($(SGX_ARCH), x86)
SGX_COMMON_CFLAGS := -m32
SGX_LIBRARY_PATH := $(SGX_SDK)/lib
SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign
SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r
else
SGX_COMMON_CFLAGS := -m64
SGX_LIBRARY_PATH := $(SGX_SDK)/lib64
SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign
SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r
endif
ifeq ($(SGX_DEBUG), 1)
ifeq ($(SGX_PRERELEASE), 1)
$(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!)
endif
endif
ifeq ($(SGX_DEBUG), 1)
SGX_COMMON_CFLAGS += -O0 -g
else
SGX_COMMON_CFLAGS += -O2
endif
######## Library Settings ########
Trust_Lib_Name := libLocalAttestation_Trusted.a
TrustLib_Cpp_Files := $(wildcard LocalAttestationCode/*.cpp)
TrustLib_Cpp_Objects := $(TrustLib_Cpp_Files:.cpp=.o)
TrustLib_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/stlport -I$(SGX_SDK)/include/epid -I./Include
TrustLib_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector -std=c++03 -nostdinc++ $(TrustLib_Include_Paths)
UnTrustLib_Name := libLocalAttestation_unTrusted.a
UnTrustLib_Cpp_Files := $(wildcard Untrusted_LocalAttestation/*.cpp)
UnTrustLib_Cpp_Objects := $(UnTrustLib_Cpp_Files:.cpp=.o)
UnTrustLib_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/ippcp -I./Include -I./LocalAttestationCode
UnTrustLib_Compile_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes -std=c++11 $(UnTrustLib_Include_Paths)
######## App Settings ########
ifneq ($(SGX_MODE), HW)
Urts_Library_Name := sgx_urts_sim
else
Urts_Library_Name := sgx_urts
endif
App_Cpp_Files := $(wildcard App/*.cpp)
App_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/ippcp -I./Include -I./LocalAttestationCode
App_Compile_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths)
# Three configuration modes - Debug, prerelease, release
# Debug - Macro DEBUG enabled.
# Prerelease - Macro NDEBUG and EDEBUG enabled.
# Release - Macro NDEBUG enabled.
ifeq ($(SGX_DEBUG), 1)
App_Compile_Flags += -DDEBUG -UNDEBUG -UEDEBUG
else ifeq ($(SGX_PRERELEASE), 1)
App_Compile_Flags += -DNDEBUG -DEDEBUG -UDEBUG
else
App_Compile_Flags += -DNDEBUG -UEDEBUG -UDEBUG
endif
App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -L. -lpthread -lLocalAttestation_unTrusted
ifneq ($(SGX_MODE), HW)
App_Link_Flags += -lsgx_uae_service_sim
else
App_Link_Flags += -lsgx_uae_service
endif
App_Cpp_Objects := $(App_Cpp_Files:.cpp=.o)
App_Name := app
######## Enclave Settings ########
ifneq ($(SGX_MODE), HW)
Trts_Library_Name := sgx_trts_sim
Service_Library_Name := sgx_tservice_sim
else
Trts_Library_Name := sgx_trts
Service_Library_Name := sgx_tservice
endif
Crypto_Library_Name := sgx_tcrypto
Enclave_Cpp_Files_1 := $(wildcard Enclave1/*.cpp)
Enclave_Cpp_Files_2 := $(wildcard Enclave2/*.cpp)
Enclave_Cpp_Files_3 := $(wildcard Enclave3/*.cpp)
Enclave_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/stlport -I./LocalAttestationCode -I./Include
Enclave_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector $(Enclave_Include_Paths)
Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \
-Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
-Wl,--start-group -lsgx_tstdc -lsgx_tstdcxx -l$(Crypto_Library_Name) -L. -lLocalAttestation_Trusted -l$(Service_Library_Name) -Wl,--end-group \
-Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
-Wl,-pie,-eenclave_entry -Wl,--export-dynamic \
-Wl,--defsym,__ImageBase=0
Enclave_Cpp_Objects_1 := $(Enclave_Cpp_Files_1:.cpp=.o)
Enclave_Cpp_Objects_2 := $(Enclave_Cpp_Files_2:.cpp=.o)
Enclave_Cpp_Objects_3 := $(Enclave_Cpp_Files_3:.cpp=.o)
Enclave_Name_1 := libenclave1.so
Enclave_Name_2 := libenclave2.so
Enclave_Name_3 := libenclave3.so
ifeq ($(SGX_MODE), HW)
ifneq ($(SGX_DEBUG), 1)
ifneq ($(SGX_PRERELEASE), 1)
Build_Mode = HW_RELEASE
endif
endif
endif
ifeq ($(Build_Mode), HW_RELEASE)
all: $(Trust_Lib_Name) $(UnTrustLib_Name) Enclave1.so Enclave2.so Enclave3.so $(App_Name)
@echo "The project has been built in release hardware mode."
@echo "Please sign the enclaves (Enclave1.so, Enclave2.so, Enclave3.so) first with your signing keys before you run the $(App_Name) to launch and access the enclave."
@echo "To sign the enclaves use the following commands:"
@echo " $(SGX_ENCLAVE_SIGNER) sign -key <key1> -enclave Enclave1.so -out <$(Enclave_Name_1)> -config Enclave1/Enclave1.config.xml"
@echo " $(SGX_ENCLAVE_SIGNER) sign -key <key2> -enclave Enclave2.so -out <$(Enclave_Name_2)> -config Enclave2/Enclave2.config.xml"
@echo " $(SGX_ENCLAVE_SIGNER) sign -key <key3> -enclave Enclave3.so -out <$(Enclave_Name_3)> -config Enclave3/Enclave3.config.xml"
@echo "You can also sign the enclaves using an external signing tool. See User's Guide for more details."
@echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW."
else
all: $(Trust_Lib_Name) $(UnTrustLib_Name) $(Enclave_Name_1) $(Enclave_Name_2) $(Enclave_Name_3) $(App_Name)
endif
######## Library Objects ########
LocalAttestationCode/LocalAttestationCode_t.c LocalAttestationCode/LocalAttestationCode_t.h : $(SGX_EDGER8R) LocalAttestationCode/LocalAttestationCode.edl
@cd LocalAttestationCode && $(SGX_EDGER8R) --trusted ../LocalAttestationCode/LocalAttestationCode.edl --search-path $(SGX_SDK)/include
@echo "GEN => $@"
LocalAttestationCode/LocalAttestationCode_t.o: LocalAttestationCode/LocalAttestationCode_t.c
@$(CC) $(TrustLib_Compile_Flags) -c $< -o $@
@echo "CC <= $<"
LocalAttestationCode/%.o: LocalAttestationCode/%.cpp LocalAttestationCode/LocalAttestationCode_t.h
@$(CXX) $(TrustLib_Compile_Flags) -c $< -o $@
@echo "CC <= $<"
$(Trust_Lib_Name): LocalAttestationCode/LocalAttestationCode_t.o $(TrustLib_Cpp_Objects)
@$(AR) rcs $@ $^
@echo "GEN => $@"
Untrusted_LocalAttestation/%.o: Untrusted_LocalAttestation/%.cpp
@$(CXX) $(UnTrustLib_Compile_Flags) -c $< -o $@
@echo "CC <= $<"
$(UnTrustLib_Name): $(UnTrustLib_Cpp_Objects)
@$(AR) rcs $@ $^
@echo "GEN => $@"
######## App Objects ########
Enclave1/Enclave1_u.c Enclave1/Enclave1_u.h: $(SGX_EDGER8R) Enclave1/Enclave1.edl
@cd Enclave1 && $(SGX_EDGER8R) --use-prefix --untrusted ../Enclave1/Enclave1.edl --search-path $(SGX_SDK)/include
@echo "GEN => $@"
App/Enclave1_u.o: Enclave1/Enclave1_u.c
@$(CC) $(App_Compile_Flags) -c $< -o $@
@echo "CC <= $<"
Enclave2/Enclave2_u.c Enclave2/Enclave2_u.h: $(SGX_EDGER8R) Enclave2/Enclave2.edl
@cd Enclave2 && $(SGX_EDGER8R) --use-prefix --untrusted ../Enclave2/Enclave2.edl --search-path $(SGX_SDK)/include
@echo "GEN => $@"
App/Enclave2_u.o: Enclave2/Enclave2_u.c
@$(CC) $(App_Compile_Flags) -c $< -o $@
@echo "CC <= $<"
Enclave3/Enclave3_u.c Enclave3/Enclave3_u.h: $(SGX_EDGER8R) Enclave3/Enclave3.edl
@cd Enclave3 && $(SGX_EDGER8R) --use-prefix --untrusted ../Enclave3/Enclave3.edl --search-path $(SGX_SDK)/include
@echo "GEN => $@"
App/Enclave3_u.o: Enclave3/Enclave3_u.c
@$(CC) $(App_Compile_Flags) -c $< -o $@
@echo "CC <= $<"
App/%.o: App/%.cpp Enclave1/Enclave1_u.h Enclave2/Enclave2_u.h Enclave3/Enclave3_u.h
@$(CXX) $(App_Compile_Flags) -c $< -o $@
@echo "CXX <= $<"
$(App_Name): App/Enclave1_u.o App/Enclave2_u.o App/Enclave3_u.o $(App_Cpp_Objects) $(UnTrustLib_Name)
@$(CXX) $^ -o $@ $(App_Link_Flags)
@echo "LINK => $@"
######## Enclave Objects ########
Enclave1/Enclave1_t.c Enclave1/Enclave1_t.h: $(SGX_EDGER8R) Enclave1/Enclave1.edl
@cd Enclave1 && $(SGX_EDGER8R) --use-prefix --trusted ../Enclave1/Enclave1.edl --search-path $(SGX_SDK)/include
@echo "GEN => $@"
Enclave1/Enclave1_t.o: Enclave1/Enclave1_t.c
@$(CC) $(Enclave_Compile_Flags) -c $< -o $@
@echo "CC <= $<"
Enclave1/%.o: Enclave1/%.cpp Enclave1/Enclave1_t.h
@$(CXX) -std=c++03 -nostdinc++ $(Enclave_Compile_Flags) -c $< -o $@
@echo "CXX <= $<"
Enclave1.so: Enclave1/Enclave1_t.o $(Enclave_Cpp_Objects_1) $(Trust_Lib_Name)
@$(CXX) Enclave1/Enclave1_t.o $(Enclave_Cpp_Objects_1) -o $@ $(Enclave_Link_Flags)
@echo "LINK => $@"
$(Enclave_Name_1): Enclave1.so
@$(SGX_ENCLAVE_SIGNER) sign -key Enclave1/Enclave1_private.pem -enclave Enclave1.so -out $@ -config Enclave1/Enclave1.config.xml
@echo "SIGN => $@"
Enclave2/Enclave2_t.c: $(SGX_EDGER8R) Enclave2/Enclave2.edl
@cd Enclave2 && $(SGX_EDGER8R) --use-prefix --trusted ../Enclave2/Enclave2.edl --search-path $(SGX_SDK)/include
@echo "GEN => $@"
Enclave2/Enclave2_t.o: Enclave2/Enclave2_t.c
@$(CC) $(Enclave_Compile_Flags) -c $< -o $@
@echo "CC <= $<"
Enclave2/%.o: Enclave2/%.cpp
@$(CXX) -std=c++03 -nostdinc++ $(Enclave_Compile_Flags) -c $< -o $@
@echo "CXX <= $<"
Enclave2.so: Enclave2/Enclave2_t.o $(Enclave_Cpp_Objects_2) $(Trust_Lib_Name)
@$(CXX) Enclave2/Enclave2_t.o $(Enclave_Cpp_Objects_2) -o $@ $(Enclave_Link_Flags)
@echo "LINK => $@"
$(Enclave_Name_2): Enclave2.so
@$(SGX_ENCLAVE_SIGNER) sign -key Enclave2/Enclave2_private.pem -enclave Enclave2.so -out $@ -config Enclave2/Enclave2.config.xml
@echo "SIGN => $@"
Enclave3/Enclave3_t.c: $(SGX_EDGER8R) Enclave3/Enclave3.edl
@cd Enclave3 && $(SGX_EDGER8R) --use-prefix --trusted ../Enclave3/Enclave3.edl --search-path $(SGX_SDK)/include
@echo "GEN => $@"
Enclave3/Enclave3_t.o: Enclave3/Enclave3_t.c
@$(CC) $(Enclave_Compile_Flags) -c $< -o $@
@echo "CC <= $<"
Enclave3/%.o: Enclave3/%.cpp
@$(CXX) -std=c++03 -nostdinc++ $(Enclave_Compile_Flags) -c $< -o $@
@echo "CXX <= $<"
Enclave3.so: Enclave3/Enclave3_t.o $(Enclave_Cpp_Objects_3) $(Trust_Lib_Name)
@$(CXX) Enclave3/Enclave3_t.o $(Enclave_Cpp_Objects_3) -o $@ $(Enclave_Link_Flags)
@echo "LINK => $@"
$(Enclave_Name_3): Enclave3.so
@$(SGX_ENCLAVE_SIGNER) sign -key Enclave3/Enclave3_private.pem -enclave Enclave3.so -out $@ -config Enclave3/Enclave3.config.xml
@echo "SIGN => $@"
######## Clean ########
.PHONY: clean
clean:
@rm -rf $(App_Name) *.so *.a App/*.o Enclave1/*.o Enclave1/*_t.* Enclave1/*_u.* Enclave2/*.o Enclave2/*_t.* Enclave2/*_u.* Enclave3/*.o Enclave3/*_t.* Enclave3/*_u.* LocalAttestationCode/*.o Untrusted_LocalAttestation/*.o LocalAttestationCode/*_t.*

27
SampleCode/LocalAttestation/README.txt Normal file
View File

@ -0,0 +1,27 @@
---------------------------
Purpose of LocalAttestation
---------------------------
The project demonstrates:
- How to establish a protected channel
- Secret message exchange using enclave to enclave function calls
------------------------------------
How to Build/Execute the Sample Code
------------------------------------
1. Install Intel(R) SGX SDK for Linux* OS
2. Build the project with the prepared Makefile:
a. Hardware Mode, Debug build:
$ make SGX_MODE=HW SGX_DEBUG=1
b. Hardware Mode, Pre-release build:
$ make SGX_MODE=HW SGX_PRERELEASE=1
c. Hardware Mode, Release build:
$ make SGX_MODE=HW
d. Simulation Mode, Debug build:
$ make SGX_DEBUG=1
e. Simulation Mode, Pre-release build:
$ make SGX_PRERELEASE=1
f. Simulation Mode, Release build:
$ make
3. Execute the binary directly:
$ ./app

184
SampleCode/LocalAttestation/Untrusted_LocalAttestation/UntrustedEnclaveMessageExchange.cpp Normal file
View File

@ -0,0 +1,184 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include "sgx_eid.h"
#include "error_codes.h"
#include "datatypes.h"
#include "sgx_urts.h"
#include "UntrustedEnclaveMessageExchange.h"
#include "sgx_dh.h"
#include <map>
std::map<sgx_enclave_id_t, uint32_t>g_enclave_id_map;
//Makes an sgx_ecall to the destination enclave to get session id and message1
ATTESTATION_STATUS session_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id)
{
uint32_t status = 0;
sgx_status_t ret = SGX_SUCCESS;
uint32_t temp_enclave_no;
std::map<sgx_enclave_id_t, uint32_t>::iterator it = g_enclave_id_map.find(dest_enclave_id);
if(it != g_enclave_id_map.end())
{
temp_enclave_no = it->second;
}
else
{
return INVALID_SESSION;
}
switch(temp_enclave_no)
{
case 1:
ret = Enclave1_session_request(dest_enclave_id, &status, src_enclave_id, dh_msg1, session_id);
break;
case 2:
ret = Enclave2_session_request(dest_enclave_id, &status, src_enclave_id, dh_msg1, session_id);
break;
case 3:
ret = Enclave3_session_request(dest_enclave_id, &status, src_enclave_id, dh_msg1, session_id);
break;
}
if (ret == SGX_SUCCESS)
return (ATTESTATION_STATUS)status;
else
return INVALID_SESSION;
}
//Makes an sgx_ecall to the destination enclave sends message2 from the source enclave and gets message 3 from the destination enclave
ATTESTATION_STATUS exchange_report_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t session_id)
{
uint32_t status = 0;
sgx_status_t ret = SGX_SUCCESS;
uint32_t temp_enclave_no;
std::map<sgx_enclave_id_t, uint32_t>::iterator it = g_enclave_id_map.find(dest_enclave_id);
if(it != g_enclave_id_map.end())
{
temp_enclave_no = it->second;
}
else
{
return INVALID_SESSION;
}
switch(temp_enclave_no)
{
case 1:
ret = Enclave1_exchange_report(dest_enclave_id, &status, src_enclave_id, dh_msg2, dh_msg3, session_id);
break;
case 2:
ret = Enclave2_exchange_report(dest_enclave_id, &status, src_enclave_id, dh_msg2, dh_msg3, session_id);
break;
case 3:
ret = Enclave3_exchange_report(dest_enclave_id, &status, src_enclave_id, dh_msg2, dh_msg3, session_id);
break;
}
if (ret == SGX_SUCCESS)
return (ATTESTATION_STATUS)status;
else
return INVALID_SESSION;
}
//Make an sgx_ecall to the destination enclave function that generates the actual response
ATTESTATION_STATUS send_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id,secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size)
{
uint32_t status = 0;
sgx_status_t ret = SGX_SUCCESS;
uint32_t temp_enclave_no;
std::map<sgx_enclave_id_t, uint32_t>::iterator it = g_enclave_id_map.find(dest_enclave_id);
if(it != g_enclave_id_map.end())
{
temp_enclave_no = it->second;
}
else
{
return INVALID_SESSION;
}
switch(temp_enclave_no)
{
case 1:
ret = Enclave1_generate_response(dest_enclave_id, &status, src_enclave_id, req_message, req_message_size, max_payload_size, resp_message, resp_message_size);
break;
case 2:
ret = Enclave2_generate_response(dest_enclave_id, &status, src_enclave_id, req_message, req_message_size, max_payload_size, resp_message, resp_message_size);
break;
case 3:
ret = Enclave3_generate_response(dest_enclave_id, &status, src_enclave_id, req_message, req_message_size, max_payload_size, resp_message, resp_message_size);
break;
}
if (ret == SGX_SUCCESS)
return (ATTESTATION_STATUS)status;
else
return INVALID_SESSION;
}
//Make an sgx_ecall to the destination enclave to close the session
ATTESTATION_STATUS end_session_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id)
{
uint32_t status = 0;
sgx_status_t ret = SGX_SUCCESS;
uint32_t temp_enclave_no;
std::map<sgx_enclave_id_t, uint32_t>::iterator it = g_enclave_id_map.find(dest_enclave_id);
if(it != g_enclave_id_map.end())
{
temp_enclave_no = it->second;
}
else
{
return INVALID_SESSION;
}
switch(temp_enclave_no)
{
case 1:
ret = Enclave1_end_session(dest_enclave_id, &status, src_enclave_id);
break;
case 2:
ret = Enclave2_end_session(dest_enclave_id, &status, src_enclave_id);
break;
case 3:
ret = Enclave3_end_session(dest_enclave_id, &status, src_enclave_id);
break;
}
if (ret == SGX_SUCCESS)
return (ATTESTATION_STATUS)status;
else
return INVALID_SESSION;
}

73
SampleCode/LocalAttestation/Untrusted_LocalAttestation/UntrustedEnclaveMessageExchange.h Normal file
View File

@ -0,0 +1,73 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include "sgx_eid.h"
#include "error_codes.h"
#include "datatypes.h"
#include "sgx_urts.h"
#include "dh_session_protocol.h"
#include "sgx_dh.h"
#include <cstddef>
#ifndef ULOCALATTESTATION_H_
#define ULOCALATTESTATION_H_
#ifdef __cplusplus
extern "C" {
#endif
sgx_status_t Enclave1_session_request(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id);
sgx_status_t Enclave1_exchange_report(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id);
sgx_status_t Enclave1_generate_response(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size);
sgx_status_t Enclave1_end_session(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id);
sgx_status_t Enclave2_session_request(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id);
sgx_status_t Enclave2_exchange_report(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id);
sgx_status_t Enclave2_generate_response(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size);
sgx_status_t Enclave2_end_session(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id);
sgx_status_t Enclave3_session_request(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id);
sgx_status_t Enclave3_exchange_report(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id);
sgx_status_t Enclave3_generate_response(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size);
sgx_status_t Enclave3_end_session(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id);
uint32_t session_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id);
uint32_t exchange_report_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id);
uint32_t send_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size);
uint32_t end_session_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
#ifdef __cplusplus
}
#endif
#endif

219
SampleCode/PowerTransition/.cproject Normal file
View File

@ -0,0 +1,219 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<?fileVersion 4.0.0?><cproject storage_type_id="org.eclipse.cdt.core.XmlProjectDescriptionStorage">
<storageModule moduleId="org.eclipse.cdt.core.settings">
<cconfiguration id="com.intel.sgx.configuration.Sim.Debug">
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.Sim.Debug" moduleId="org.eclipse.cdt.core.settings" name="SGX Debug Sim Mode">
<externalSettings/>
<extensions>
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
</extensions>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.Sim.Debug" name="SGX Debug Sim Mode" parent="com.intel.sgx.configuration.Sim.Debug">
<folderInfo id="com.intel.sgx.configuration.Sim.Debug.292452237" name="/" resourcePath="">
<toolChain id="com.intel.sgx.toolChain.Sim.Debug.1618485184" name="SGX GCC" superClass="com.intel.sgx.toolChain.Sim.Debug">
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.1039454044" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
<builder arguments="SGX_DEBUG=1 SGX_MODE=SIM -f Makefile" command="make" id="com.intel.sgx.builder2.1591862020" keepEnvironmentInBuildfile="false" name="Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder2"/>
<tool id="com.intel.sgx.compiler.1853780321" name="SGX GCC Compiler" superClass="com.intel.sgx.compiler">
<option id="com.intel.sgx.option.includePath.1427419865" superClass="com.intel.sgx.option.includePath" valueType="includePath">
<listOptionValue builtIn="false" value="/opt/intel/sgxsdk/include"/>
</option>
<inputType id="com.intel.sgx.inputType.1817588305" superClass="com.intel.sgx.inputType"/>
</tool>
</toolChain>
</folderInfo>
</configuration>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
</cconfiguration>
<cconfiguration id="com.intel.sgx.configuration.HW.Debug">
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.HW.Debug" moduleId="org.eclipse.cdt.core.settings" name="SGX Debug HW Mode">
<externalSettings/>
<extensions>
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
</extensions>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.HW.Debug" name="SGX Debug HW Mode" parent="com.intel.sgx.configuration.HW.Debug">
<folderInfo id="com.intel.sgx.configuration.HW.Debug.971320034" name="/" resourcePath="">
<toolChain id="com.intel.sgx.toolChain.HW.Debug.1761600540" name="SGX GCC" superClass="com.intel.sgx.toolChain.HW.Debug">
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.131147161" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
<builder arguments="SGX_DEBUG=1 SGX_MODE=HW -f Makefile" command="make" id="com.intel.sgx.builder1.1502087524" keepEnvironmentInBuildfile="false" name="Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder1"/>
<tool id="com.intel.sgx.compiler.1085280084" name="SGX GCC Compiler" superClass="com.intel.sgx.compiler">
<option id="com.intel.sgx.option.includePath.57165741" superClass="com.intel.sgx.option.includePath" valueType="includePath">
<listOptionValue builtIn="false" value="/opt/intel/sgxsdk/include"/>
</option>
<inputType id="com.intel.sgx.inputType.79844751" superClass="com.intel.sgx.inputType"/>
</tool>
</toolChain>
</folderInfo>
</configuration>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
</cconfiguration>
<cconfiguration id="com.intel.sgx.configuration.Sim.Release">
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.Sim.Release" moduleId="org.eclipse.cdt.core.settings" name="SGX Release Sim Mode">
<externalSettings/>
<extensions>
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
</extensions>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.Sim.Release" name="SGX Release Sim Mode" parent="com.intel.sgx.configuration.Sim.Release">
<folderInfo id="com.intel.sgx.configuration.Sim.Release.151408355" name="/" resourcePath="">
<toolChain id="com.intel.sgx.toolChain.Sim.Release.1055083183" name="SGX GCC" superClass="com.intel.sgx.toolChain.Sim.Release">
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.471419902" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
<builder arguments="SGX_DEBUG=0 SGX_MODE=SIM -f Makefile" command="make" id="com.intel.sgx.builder3.1151273037" keepEnvironmentInBuildfile="false" name="Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder3"/>
<tool id="com.intel.sgx.compiler.1302347316" name="SGX GCC Compiler" superClass="com.intel.sgx.compiler">
<option id="com.intel.sgx.option.includePath.1645761127" superClass="com.intel.sgx.option.includePath" valueType="includePath">
<listOptionValue builtIn="false" value="/opt/intel/sgxsdk/include"/>
</option>
<inputType id="com.intel.sgx.inputType.640775034" superClass="com.intel.sgx.inputType"/>
</tool>
</toolChain>
</folderInfo>
</configuration>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
</cconfiguration>
<cconfiguration id="com.intel.sgx.configuration.HW.Prerelease">
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.HW.Prerelease" moduleId="org.eclipse.cdt.core.settings" name="SGX Pre-release Release HW Mode">
<externalSettings/>
<extensions>
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
</extensions>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.HW.Prerelease" name="SGX Pre-release Release HW Mode" parent="com.intel.sgx.configuration.HW.Prerelease">
<folderInfo id="com.intel.sgx.configuration.HW.Prerelease.1418650208" name="/" resourcePath="">
<toolChain id="com.intel.sgx.toolChain.HW.Prerelease.1668578385" name="SGX GCC" superClass="com.intel.sgx.toolChain.HW.Prerelease">
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.977258758" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
<builder arguments="SGX_PRERELEASE=1 SGX_MODE=HW -f Makefile" command="make" id="com.intel.sgx.builder5.1888300852" keepEnvironmentInBuildfile="false" name="Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder5"/>
<tool id="com.intel.sgx.compiler.2113538546" name="SGX GCC Compiler" superClass="com.intel.sgx.compiler">
<option id="com.intel.sgx.option.includePath.904888562" superClass="com.intel.sgx.option.includePath" valueType="includePath">
<listOptionValue builtIn="false" value="/opt/intel/sgxsdk/include"/>
</option>
<inputType id="com.intel.sgx.inputType.283498732" superClass="com.intel.sgx.inputType"/>
</tool>
</toolChain>
</folderInfo>
</configuration>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
</cconfiguration>
<cconfiguration id="com.intel.sgx.configuration.HW.Release">
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.HW.Release" moduleId="org.eclipse.cdt.core.settings" name="SGX Release HW Mode">
<externalSettings/>
<extensions>
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
</extensions>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.HW.Release" name="SGX Release HW Mode" parent="com.intel.sgx.configuration.HW.Release">
<folderInfo id="com.intel.sgx.configuration.HW.Release.1657582763" name="/" resourcePath="">
<toolChain id="com.intel.sgx.toolChain.HW.Release.465410401" name="SGX GCC" superClass="com.intel.sgx.toolChain.HW.Release">
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.828352216" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
<builder arguments="SGX_DEBUG=0 SGX_MODE=HW -f Makefile" command="make" id="com.intel.sgx.builder6.714105790" keepEnvironmentInBuildfile="false" name="Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder6"/>
<tool id="com.intel.sgx.compiler.595797282" name="SGX GCC Compiler" superClass="com.intel.sgx.compiler">
<option id="com.intel.sgx.option.includePath.1385078253" superClass="com.intel.sgx.option.includePath" valueType="includePath">
<listOptionValue builtIn="false" value="/opt/intel/sgxsdk/include"/>
</option>
<inputType id="com.intel.sgx.inputType.463677873" superClass="com.intel.sgx.inputType"/>
</tool>
</toolChain>
</folderInfo>
</configuration>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
</cconfiguration>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<project id="SimpleEnclave.null.1312290154" name="SimpleEnclave"/>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.LanguageSettingsProviders"/>
<storageModule moduleId="refreshScope" versionNumber="2">
<configuration configurationName="SGX Debug HW Mode">
<resource resourceType="PROJECT" workspacePath="/SimpleEnclave"/>
</configuration>
<configuration configurationName="SGX Debug Sim Mode">
<resource resourceType="PROJECT" workspacePath="/SimpleEnclave"/>
</configuration>
<configuration configurationName="Debug">
<resource resourceType="PROJECT" workspacePath="/SimpleEnclave"/>
</configuration>
<configuration configurationName="Release">
<resource resourceType="PROJECT" workspacePath="/SimpleEnclave"/>
</configuration>
<configuration configurationName="SGX Release HW Mode">
<resource resourceType="PROJECT" workspacePath="/SimpleEnclave"/>
</configuration>
</storageModule>
<storageModule moduleId="scannerConfiguration">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
<scannerConfigBuildInfo instanceId="cdt.managedbuild.config.gnu.exe.release.680828348;cdt.managedbuild.config.gnu.exe.release.680828348.;cdt.managedbuild.tool.gnu.c.compiler.exe.release.2137539087;cdt.managedbuild.tool.gnu.c.compiler.input.762444756">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="com.intel.sgx.SGXtoolChain.977521771;com.intel.sgx.SGXtoolChain.977521771.100429378;com.intel.sgx.compiler.787445976;com.intel.sgx.inputType.1814458059">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.Sim.Release;com.intel.sgx.configuration.Sim.Release.151408355;com.intel.sgx.compiler.1302347316;com.intel.sgx.inputType.640775034">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="cdt.managedbuild.config.gnu.exe.debug.1377487595;cdt.managedbuild.config.gnu.exe.debug.1377487595.;cdt.managedbuild.tool.gnu.c.compiler.exe.debug.1972419354;cdt.managedbuild.tool.gnu.c.compiler.input.1480710981">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.HW.Release;com.intel.sgx.configuration.HW.Release.1657582763;com.intel.sgx.compiler.595797282;com.intel.sgx.inputType.463677873">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.Sim.Debug;com.intel.sgx.configuration.Sim.Debug.292452237;com.intel.sgx.compiler.1853780321;com.intel.sgx.inputType.1817588305">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.HW.Debug;com.intel.sgx.configuration.HW.Debug.971320034;com.intel.sgx.compiler.1085280084;com.intel.sgx.inputType.79844751">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.HW.Prerelease;com.intel.sgx.configuration.HW.Prerelease.1418650208;com.intel.sgx.compiler.2113538546;com.intel.sgx.inputType.283498732">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
</scannerConfigBuildInfo>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.internal.ui.text.commentOwnerProjectMappings"/>
</cproject>

28
SampleCode/PowerTransition/.project Normal file
View File

@ -0,0 +1,28 @@
<?xml version="1.0" encoding="UTF-8"?>
<projectDescription>
<name>SimpleEnclave</name>
<comment></comment>
<projects>
</projects>
<buildSpec>
<buildCommand>
<name>org.eclipse.cdt.managedbuilder.core.genmakebuilder</name>
<triggers>clean,full,incremental,</triggers>
<arguments>
</arguments>
</buildCommand>
<buildCommand>
<name>org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder</name>
<triggers>full,incremental,</triggers>
<arguments>
</arguments>
</buildCommand>
</buildSpec>
<natures>
<nature>org.eclipse.cdt.core.cnature</nature>
<nature>org.eclipse.cdt.managedbuilder.core.managedBuildNature</nature>
<nature>org.eclipse.cdt.managedbuilder.core.ScannerConfigNature</nature>
<nature>org.eclipse.cdt.core.ccnature</nature>
<nature>com.intel.sgx.sgxnature</nature>
</natures>
</projectDescription>

319
SampleCode/PowerTransition/App/App.cpp Normal file
View File

@ -0,0 +1,319 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
// App.cpp : Define the entry point for the console application.
//
#include <string.h>
#include <assert.h>
#include <fstream>
#include <thread>
#include <iostream>
#include "Enclave_u.h"
#include "sgx_urts.h"
#include "sgx_tseal.h"
#include "rwlock.h"
#include "ErrorSupport.h"
#define ENCLAVE_NAME "libenclave.signed.so"
#define TOKEN_NAME "Enclave.token"
#define THREAD_NUM 3
// Global data
sgx_enclave_id_t global_eid = 0;
sgx_launch_token_t token = {0};
rwlock_t lock_eid;
struct sealed_buf_t sealed_buf;
using namespace std;
// Ocall function
void print(const char *str)
{
cout<<str;
}
// load_and_initialize_enclave():
// To load and initialize the enclave
sgx_status_t load_and_initialize_enclave(sgx_enclave_id_t *eid, struct sealed_buf_t *sealed_buf)
{
sgx_status_t ret = SGX_SUCCESS;
int retval = 0;
int updated = 0;
for( ; ; )
{
// Step 1: check whether the loading and initialization operations are caused by power transition.
// If the loading and initialization operations are caused by power transition, we need to call sgx_destory_enclave() first.
if(*eid != 0)
{
sgx_destroy_enclave(*eid);
}
// Step 2: load the enclave
// Debug: set the 2nd parameter to 1 which indicates the enclave are launched in debug mode
ret = sgx_create_enclave(ENCLAVE_NAME, SGX_DEBUG_FLAG, &token, &updated, eid, NULL);
if(ret != SGX_SUCCESS)
return ret;
// Save the launch token if updated
if(updated == 1)
{
ofstream ofs(TOKEN_NAME, std::ios::binary|std::ios::out);
if(!ofs.good())
{
cout<< "Warning: Failed to save the launch token to \"" <<TOKEN_NAME <<"\""<<endl;
}
else
ofs << token;
}
// Step 3: enter the enclave to initialize the enclave
// If power transition occurs when the process is inside the enclave, SGX_ERROR_ENCLAVE_LOST will be returned after the system resumes.
// Then we can load and intialize the enclave again or just return this error code and exit to handle the power transition.
// In this sample, we choose to load and intialize the enclave again.
ret = initialize_enclave(*eid, &retval, sealed_buf);
if(ret == SGX_ERROR_ENCLAVE_LOST)
{
cout<<"Power transition occured in initialize_enclave()" <<endl;
continue; // Try to load and initialize the enclave again
}
else
{
// No power transilation occurs.
// If the initialization operation returns failure, change the return value.
if(ret == SGX_SUCCESS && retval != 0)
{
ret = SGX_ERROR_UNEXPECTED;
sgx_destroy_enclave(*eid);
}
break;
}
}
return ret;
}
bool increase_and_seal_data_in_enclave()
{
size_t thread_id = std::hash<std::thread::id>()(std::this_thread::get_id());
sgx_status_t ret = SGX_SUCCESS;
int retval = 0;
sgx_enclave_id_t current_eid = 0;
// Enter the enclave to increase and seal the secret data for 100 times.
for(unsigned int i = 0; i< 50000; i++)
{
for( ; ; )
{
// If power transition occurs, all the data inside the enclave will be lost when the system resumes.
// Therefore, if there are some secret data which need to be backed up for recover,
// users can choose to seal the secret data inside the enclave and back up the sealed data.
// Enter the enclave to increase the secret data and back up the sealed data
rdlock(&lock_eid);
current_eid = global_eid;
rdunlock(&lock_eid);
ret = increase_and_seal_data(current_eid, &retval, thread_id, &sealed_buf);
if(ret == SGX_ERROR_ENCLAVE_LOST)
{
// SGX_ERROR_ENCLAVE_LOST indicates the power transition occurs before the system resumes.
// Lock here is to make sure there is only one thread to load and initialize the enclave at the same time
wtlock(&lock_eid);
// The loading and initialization operations happen in current thread only if there is no other thread reloads and initializes the enclave before
if(current_eid == global_eid)
{
cout <<"power transition occured in increase_and_seal_data()." << endl;
// Use the backup sealed data to reload and initialize the enclave.
if((ret = load_and_initialize_enclave(&current_eid, &sealed_buf)) != SGX_SUCCESS)
{
ret_error_support(ret);
wtunlock(&lock_eid);
return false;
}
else
{
// Update the global_eid after initializing the enclave successfully
global_eid = current_eid;
}
}
else
{
// The enclave has been reloaded by another thread.
// Update the current EID and do increase_and_seal_data() again.
current_eid = global_eid;
}
wtunlock(&lock_eid);
}
else
{
// No power transition occurs
break;
}
}
if(ret != SGX_SUCCESS)
{
ret_error_support(ret);
return false;
}
else if(retval != 0)
{
return false;
}
}
return true;
}
void thread_func()
{
if(increase_and_seal_data_in_enclave() != true)
{
abort();
}
}
bool set_global_data()
{
// Initialize the read/write lock.
init_rwlock(&lock_eid);
// Get the saved launch token.
// If error occures, zero the token.
ifstream ifs(TOKEN_NAME, std::ios::binary | std::ios::in);
if(!ifs.good())
{
memset(token, 0, sizeof(sgx_launch_token_t));
}
else
{
ifs.read(reinterpret_cast<char *>(&token), sizeof(sgx_launch_token_t));
if(ifs.fail())
{
memset(&token, 0, sizeof(sgx_launch_token_t));
}
}
// Allocate memory to save the sealed data.
uint32_t sealed_len = sizeof(sgx_sealed_data_t) + sizeof(uint32_t);
for(int i = 0; i < BUF_NUM; i++)
{
sealed_buf.sealed_buf_ptr[i] = (uint8_t *)malloc(sealed_len);
if(sealed_buf.sealed_buf_ptr[i] == NULL)
{
cout << "Out of memory" << endl;
return false;
}
memset(sealed_buf.sealed_buf_ptr[i], 0, sealed_len);
}
sealed_buf.index = 0; // index indicates which buffer contains current sealed data and which contains the backup sealed data
return true;
}
void release_source()
{
for(int i = 0; i < BUF_NUM; i++)
{
if(sealed_buf.sealed_buf_ptr[i] != NULL)
{
free(sealed_buf.sealed_buf_ptr[i]);
sealed_buf.sealed_buf_ptr[i] = NULL;
}
}
fini_rwlock(&lock_eid);
return;
}
int main(int argc, char* argv[])
{
(void)argc, (void)argv;
// Initialize the global data
if(!set_global_data())
{
release_source();
cout << "Enter a character before exit ..." << endl;
getchar();
return -1;
}
// Load and initialize the signed enclave
// sealed_buf == NULL indicates it is the first time to initialize the enclave.
sgx_status_t ret = load_and_initialize_enclave(&global_eid , NULL);
if(ret != SGX_SUCCESS)
{
ret_error_support(ret);
release_source();
cout << "Enter a character before exit ..." << endl;
getchar();
return -1;
}
cout << "****************************************************************" << endl;
cout << "Demonstrating Power transition needs your cooperation." << endl
<< "Please take the following actions:" << endl
<< " 1. Enter a character;" << endl
<< " 2. Manually put the OS into a sleep or hibernate state;" << endl
<< " 3. Resume the OS from that state;" << endl
<< "Then you will see the application continues." << endl;
cout << "****************************************************************" << endl;
cout << "Now enter a character ...";
getchar();
// Create multiple threads to calculate the sum
thread trd[THREAD_NUM];
for (int i = 0; i< THREAD_NUM; i++)
{
trd[i] = thread(thread_func);
}
for (int i = 0; i < THREAD_NUM; i++)
{
trd[i].join();
}
// Release resources
release_source();
// Destroy the enclave
sgx_destroy_enclave(global_eid);
cout << "Enter a character before exit ..." << endl;
getchar();
return 0;
}

89
SampleCode/PowerTransition/App/ErrorSupport.cpp Normal file
View File

@ -0,0 +1,89 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include <iostream>
#include "ErrorSupport.h"
typedef struct _sgx_errlist_t {
sgx_status_t err;
const char * msg;
} sgx_errlist_t;
static sgx_errlist_t sgx_errlist[] = {
{SGX_ERROR_UNEXPECTED, "Unexpected error occurred."},
{SGX_ERROR_INVALID_PARAMETER, "Invalid parameter."},
{SGX_ERROR_OUT_OF_MEMORY, "Out of memory."},
{SGX_ERROR_ENCLAVE_LOST, "Power transition occurred."},
{SGX_ERROR_INVALID_ENCLAVE, "Invalid enclave image."},
{SGX_ERROR_INVALID_ENCLAVE_ID, "Invalid enclave identification."},
{SGX_ERROR_INVALID_SIGNATURE, "Invalid enclave signature."},
{SGX_ERROR_OUT_OF_EPC, "Out of EPC memory."},
{SGX_ERROR_NO_DEVICE, "Invalid SGX device."},
{SGX_ERROR_MEMORY_MAP_CONFLICT, "Memory map conflicted."},
{SGX_ERROR_INVALID_METADATA, "Invalid encalve metadata."},
{SGX_ERROR_DEVICE_BUSY, "SGX device is busy."},
{SGX_ERROR_INVALID_VERSION, "Enclave metadata version is invalid."},
{SGX_ERROR_ENCLAVE_FILE_ACCESS, "Can't open enclave file."},
{SGX_ERROR_INVALID_FUNCTION, "Invalid function name."},
{SGX_ERROR_OUT_OF_TCS, "Out of TCS."},
{SGX_ERROR_ENCLAVE_CRASHED, "The enclave is crashed."},
{SGX_ERROR_MAC_MISMATCH, "Report varification error occurred."},
{SGX_ERROR_INVALID_ATTRIBUTE, "The enclave is not authorized."},
{SGX_ERROR_INVALID_CPUSVN, "Invalid CPUSVN."},
{SGX_ERROR_INVALID_ISVSVN, "Invalid ISVSVN."},
{SGX_ERROR_INVALID_KEYNAME, "The requested key name is invalid."},
{SGX_ERROR_SERVICE_UNAVAILABLE, "AESM service is not responsive."},
{SGX_ERROR_SERVICE_TIMEOUT, "Request to AESM is time out."},
{SGX_ERROR_SERVICE_INVALID_PRIVILEGE, "Error occurred while getting launch token."},
};
void ret_error_support(sgx_status_t ret)
{
size_t idx = 0;
size_t ttl = sizeof sgx_errlist/sizeof sgx_errlist[0];
for (idx = 0; idx < ttl; idx++) {
if(ret == sgx_errlist[idx].err) {
std::cout << "Error: "<< sgx_errlist[idx].msg << std::endl;
break;
}
}
if (idx == ttl)
std::cout << "Error: Unexpected error occurred." <<std::endl;
return;
}

49
SampleCode/PowerTransition/App/ErrorSupport.h Normal file
View File

@ -0,0 +1,49 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef _ERROR_SUPPORT_H
#define _ERROR_SUPPORT_H
#include "sgx_error.h"
#ifdef __cplusplus
extern "C" {
#endif
void ret_error_support(sgx_status_t ret);
#ifdef __cplusplus
}
#endif
#endif

84
SampleCode/PowerTransition/App/rwlock.cpp Normal file
View File

@ -0,0 +1,84 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
// rwlock.cpp: wrappers of Slim Reader/Writer (SRW) Locks
#include "rwlock.h"
#include <stdlib.h>
void wtlock(prwlock_t lock)
{
int ret = pthread_rwlock_wrlock(lock);
if(0 != ret)
abort();
}
void wtunlock(prwlock_t lock)
{
int ret = pthread_rwlock_unlock(lock);
if(0 != ret)
abort();
}
void rdlock(prwlock_t lock)
{
int ret = pthread_rwlock_rdlock(lock);
if(0 != ret)
abort();
}
void rdunlock(prwlock_t lock)
{
int ret = pthread_rwlock_unlock(lock);
if(0 != ret)
abort();
}
void init_rwlock(prwlock_t lock)
{
//use the default attribute.
int ret = pthread_rwlock_init(lock, NULL);
if(0 != ret)
abort();
}
void fini_rwlock(prwlock_t lock)
{
int ret = pthread_rwlock_destroy(lock);
if(0 != ret)
abort();
}

57
SampleCode/PowerTransition/App/rwlock.h Normal file
View File

@ -0,0 +1,57 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef _RWLOCK_H
#define _RWLOCK_H
#include <pthread.h>
typedef pthread_rwlock_t rwlock_t;
typedef pthread_rwlock_t* prwlock_t;
#ifdef __cplusplus
extern "C" {
#endif
void wtlock(prwlock_t lock);
void rdlock(prwlock_t lock);
void rdunlock(prwlock_t lock);
void wtunlock(prwlock_t lock);
void init_rwlock(prwlock_t lock);
void fini_rwlock(prwlock_t lock);
#ifdef __cplusplus
}
#endif
#endif

48
SampleCode/PowerTransition/Common/types.h Normal file
View File

@ -0,0 +1,48 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef _TYPES_H_
#define _TYPES_H_
#define BUF_NUM 2
#define MOD2(x) ((x) % BUF_NUM)
struct sealed_buf_t
{
unsigned int index;
void * sealed_buf_ptr[BUF_NUM];
};
#endif

11
SampleCode/PowerTransition/Enclave/Enclave.config.xml Normal file
View File

@ -0,0 +1,11 @@
<EnclaveConfiguration>
<ProdID>0</ProdID>
<ISVSVN>0</ISVSVN>
<StackMaxSize>0x40000</StackMaxSize>
<HeapMaxSize>0x100000</HeapMaxSize>
<TCSNum>3</TCSNum>
<TCSPolicy>1</TCSPolicy>
<DisableDebug>0</DisableDebug>
<MiscSelect>0</MiscSelect>
<MiscMask>0xFFFFFFFF</MiscMask>
</EnclaveConfiguration>

164
SampleCode/PowerTransition/Enclave/Enclave.cpp Normal file
View File

@ -0,0 +1,164 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include "string.h"
#include "stdlib.h"
#include "stdio.h"
#include "sgx_trts.h"
#include "sgx_thread.h"
#include "sgx_tseal.h"
#include "Enclave_t.h"
uint32_t g_secret;
sgx_thread_mutex_t g_mutex = SGX_THREAD_MUTEX_INITIALIZER;
static inline void free_allocated_memory(void *pointer)
{
if(pointer != NULL)
{
free(pointer);
pointer = NULL;
}
}
int initialize_enclave(struct sealed_buf_t *sealed_buf)
{
// sealed_buf == NULL indicates it is the first time to initialize the enclave
if(sealed_buf == NULL)
{
sgx_thread_mutex_lock(&g_mutex);
g_secret = 0;
sgx_thread_mutex_unlock(&g_mutex);
return 0;
}
// It is not the first time to initialize the enclave
// Reinitialize the enclave to recover the secret data from the input backup sealed data.
uint32_t len = sizeof(sgx_sealed_data_t) + sizeof(uint32_t);
//Check the sealed_buf length and check the outside pointers deeply
if(sealed_buf->sealed_buf_ptr[MOD2(sealed_buf->index)] == NULL ||
sealed_buf->sealed_buf_ptr[MOD2(sealed_buf->index + 1)] == NULL ||
!sgx_is_outside_enclave(sealed_buf->sealed_buf_ptr[MOD2(sealed_buf->index)], len) ||
!sgx_is_outside_enclave(sealed_buf->sealed_buf_ptr[MOD2(sealed_buf->index + 1)], len))
{
print("Incorrect input parameter(s).\n");
return -1;
}
// Retrieve the secret from current backup sealed data
uint32_t unsealed_data = 0;
uint32_t unsealed_data_length = sizeof(g_secret);
uint8_t *plain_text = NULL;
uint32_t plain_text_length = 0;
uint8_t *temp_sealed_buf = (uint8_t *)malloc(len);
if(temp_sealed_buf == NULL)
{
print("Out of memory.\n");
return -1;
}
sgx_thread_mutex_lock(&g_mutex);
memcpy(temp_sealed_buf, sealed_buf->sealed_buf_ptr[MOD2(sealed_buf->index)], len);
// Unseal current sealed buf
sgx_status_t ret = sgx_unseal_data((sgx_sealed_data_t *)temp_sealed_buf, plain_text, &plain_text_length, (uint8_t *)&unsealed_data, &unsealed_data_length);
if(ret == SGX_SUCCESS)
{
g_secret = unsealed_data;
sgx_thread_mutex_unlock(&g_mutex);
free_allocated_memory(temp_sealed_buf);
return 0;
}
else
{
sgx_thread_mutex_unlock(&g_mutex);
print("Failed to reinitialize the enclave.\n");
free_allocated_memory(temp_sealed_buf);
return -1;
}
}
int increase_and_seal_data(size_t tid, struct sealed_buf_t* sealed_buf)
{
uint32_t sealed_len = sizeof(sgx_sealed_data_t) + sizeof(g_secret);
// Check the sealed_buf length and check the outside pointers deeply
if(sealed_buf->sealed_buf_ptr[MOD2(sealed_buf->index)] == NULL ||
sealed_buf->sealed_buf_ptr[MOD2(sealed_buf->index + 1)] == NULL ||
!sgx_is_outside_enclave(sealed_buf->sealed_buf_ptr[MOD2(sealed_buf->index)], sealed_len) ||
!sgx_is_outside_enclave(sealed_buf->sealed_buf_ptr[MOD2(sealed_buf->index + 1)], sealed_len))
{
print("Incorrect input parameter(s).\n");
return -1;
}
char string_buf[BUFSIZ] = {'\0'};
uint32_t temp_secret = 0;
uint8_t *plain_text = NULL;
uint32_t plain_text_length = 0;
uint8_t *temp_sealed_buf = (uint8_t *)malloc(sealed_len);
if(temp_sealed_buf == NULL)
{
print("Out of memory.\n");
return -1;
}
memset(temp_sealed_buf, 0, sealed_len);
sgx_thread_mutex_lock(&g_mutex);
// Increase and seal the secret data
temp_secret = ++g_secret;
sgx_status_t ret = sgx_seal_data(plain_text_length, plain_text, sizeof(g_secret), (uint8_t *)&g_secret, sealed_len, (sgx_sealed_data_t *)temp_sealed_buf);
if(ret != SGX_SUCCESS)
{
sgx_thread_mutex_unlock(&g_mutex);
print("Failed to seal data\n");
free_allocated_memory(temp_sealed_buf);
return -1;
}
// Backup the sealed data to outside buffer
memcpy(sealed_buf->sealed_buf_ptr[MOD2(sealed_buf->index + 1)], temp_sealed_buf, sealed_len);
sealed_buf->index++;
sgx_thread_mutex_unlock(&g_mutex);
free_allocated_memory(temp_sealed_buf);
// Ocall to print the unsealed secret data outside.
// In theory, the secret data(s) SHOULD NOT be transferred outside the enclave as clear text(s).
// So please DO NOT print any secret outside. Here printing the secret data to outside is only for demo.
snprintf(string_buf, BUFSIZ, "Thread %#x>: %d\n", (unsigned int)tid, temp_secret);
print(string_buf);
return 0;
}

47
SampleCode/PowerTransition/Enclave/Enclave.edl Normal file
View File

@ -0,0 +1,47 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
enclave {
// Import the Ocalls for trusted mutex
from "sgx_tstdc.edl" import *;
include "types.h"
trusted {
public int initialize_enclave([in]struct sealed_buf_t* sealed_buf);
public int increase_and_seal_data(size_t tid, [in, out]struct sealed_buf_t* sealed_buf);
};
untrusted {
void print([in, string] const char *string);
};
};

9
SampleCode/PowerTransition/Enclave/Enclave.lds Normal file
View File

@ -0,0 +1,9 @@
libenclave.so
{
global:
g_global_data_sim;
g_global_data;
enclave_entry;
local:
*;
};

39
SampleCode/PowerTransition/Enclave/Enclave_private.pem Normal file
View File

@ -0,0 +1,39 @@
-----BEGIN RSA PRIVATE KEY-----
MIIG4gIBAAKCAYEAroOogvsj/fZDZY8XFdkl6dJmky0lRvnWMmpeH41Bla6U1qLZ
AmZuyIF+mQC/cgojIsrBMzBxb1kKqzATF4+XwPwgKz7fmiddmHyYz2WDJfAjIveJ
ZjdMjM4+EytGlkkJ52T8V8ds0/L2qKexJ+NBLxkeQLfV8n1mIk7zX7jguwbCG1Pr
nEMdJ3Sew20vnje+RsngAzdPChoJpVsWi/K7cettX/tbnre1DL02GXc5qJoQYk7b
3zkmhz31TgFrd9VVtmUGyFXAysuSAb3EN+5VnHGr0xKkeg8utErea2FNtNIgua8H
ONfm9Eiyaav1SVKzPHlyqLtcdxH3I8Wg7yqMsaprZ1n5A1v/levxnL8+It02KseD
5HqV4rf/cImSlCt3lpRg8U5E1pyFQ2IVEC/XTDMiI3c+AR+w2jSRB3Bwn9zJtFlW
KHG3m1xGI4ck+Lci1JvWWLXQagQSPtZTsubxTQNx1gsgZhgv1JHVZMdbVlAbbRMC
1nSuJNl7KPAS/VfzAgEDAoIBgHRXxaynbVP5gkO0ug6Qw/E27wzIw4SmjsxG6Wpe
K7kfDeRskKxESdsA/xCrKkwGwhcx1iIgS5+Qscd1Yg+1D9X9asd/P7waPmWoZd+Z
AhlKwhdPsO7PiF3e1AzHhGQwsUTt/Y/aSI1MpHBvy2/s1h9mFCslOUxTmWw0oj/Q
ldIEgWeNR72CE2+jFIJIyml6ftnb6qzPiga8Bm48ubKh0kvySOqnkmnPzgh+JBD6
JnBmtZbfPT97bwTT+N6rnPqOOApvfHPf15kWI8yDbprG1l4OCUaIUH1AszxLd826
5IPM+8gINLRDP1MA6azECPjTyHXhtnSIBZCyWSVkc05vYmNXYUNiXWMajcxW9M02
wKzFELO8NCEAkaTPxwo4SCyIjUxiK1LbQ9h8PSy4c1+gGP4LAMR8xqP4QKg6zdu9
osUGG/xRe/uufgTBFkcjqBHtK5L5VI0jeNIUAgW/6iNbYXjBMJ0GfauLs+g1VsOm
WfdgXzsb9DYdMa0OXXHypmV4GwKBwQDUwQj8RKJ6c8cT4vcWCoJvJF00+RFL+P3i
Gx2DLERxRrDa8AVGfqaCjsR+3vLgG8V/py+z+dxZYSqeB80Qeo6PDITcRKoeAYh9
xlT3LJOS+k1cJcEmlbbO2IjLkTmzSwa80fWexKu8/Xv6vv15gpqYl1ngYoqJM3pd
vzmTIOi7MKSZ0WmEQavrZj8zK4endE3v0eAEeQ55j1GImbypSf7Idh7wOXtjZ7WD
Dg6yWDrri+AP/L3gClMj8wsAxMV4ZR8CgcEA0fzDHkFa6raVOxWnObmRoDhAtE0a
cjUj976NM5yyfdf2MrKy4/RhdTiPZ6b08/lBC/+xRfV3xKVGzacm6QjqjZrUpgHC
0LKiZaMtccCJjLtPwQd0jGQEnKfMFaPsnhOc5y8qVkCzVOSthY5qhz0XNotHHFmJ
gffVgB0iqrMTvSL7IA2yqqpOqNRlhaYhNl8TiFP3gIeMtVa9rZy31JPgT2uJ+kfo
gV7sdTPEjPWZd7OshGxWpT6QfVDj/T9T7L6tAoHBAI3WBf2DFvxNL2KXT2QHAZ9t
k3imC4f7U+wSE6zILaDZyzygA4RUbwG0gv8/TJVn2P/Eynf76DuWHGlaiLWnCbSz
Az2DHBQBBaku409zDQym3j1ugMRjzzSQWzJg0SIyBH3hTmnYcn3+Uqcp/lEBvGW6
O+rsXFt3pukqJmIV8HzLGGaLm62BHUeZf3dyWm+i3p/hQAL7Xvu04QW70xuGqdr5
afV7p5eaeQIJXyGQJ0eylV/90+qxjMKiB1XYg6WYvwKBwQCL/ddpgOdHJGN8uRom
e7Zq0Csi3hGheMKlKbN3vcxT5U7MdyHtTZZOJbTvxKNNUNYH/8uD+PqDGNneb29G
BfGzvI3EASyLIcGZF3OhKwZd0jUrWk2y7Vhob91jwp2+t73vdMbkKyI4mHOuXvGv
fg95si9oO7EBT+Oqvhccd2J+F1IVXncccYnF4u5ZGWt5lLewN/pVr7MjjykeaHqN
t+rfnQam2psA6fL4zS2zTmZPzR2tnY8Y1GBTi0Ko1OKd1HMCgcAb5cB/7/AQlhP9
yQa04PLH9ygQkKKptZp7dy5WcWRx0K/hAHRoi2aw1wZqfm7VBNu2SLcs90kCCCxp
6C5sfJi6b8NpNbIPC+sc9wsFr7pGo9SFzQ78UlcWYK2Gu2FxlMjonhka5hvo4zvg
WxlpXKEkaFt3gLd92m/dMqBrHfafH7VwOJY2zT3WIpjwuk0ZzmRg5p0pG/svVQEH
NZmwRwlopysbR69B/n1nefJ84UO50fLh5s5Zr3gBRwbWNZyzhXk=
-----END RSA PRIVATE KEY-----

212
SampleCode/PowerTransition/Makefile Normal file
View File

@ -0,0 +1,212 @@
#
# Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
#
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
# * Neither the name of Intel Corporation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
#
####### SGX SDK Settings ########
SGX_SDK ?= /opt/intel/sgxsdk
SGX_MODE ?= SIM
SGX_ARCH ?= x64
ifeq ($(shell getconf LONG_BIT), 32)
SGX_ARCH := x86
else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32)
SGX_ARCH := x86
endif
ifeq ($(SGX_ARCH), x86)
SGX_COMMON_CFLAGS := -m32
SGX_LIBRARY_PATH := $(SGX_SDK)/lib
SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign
SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r
else
SGX_COMMON_CFLAGS := -m64
SGX_LIBRARY_PATH := $(SGX_SDK)/lib64
SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign
SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r
endif
ifeq ($(SGX_DEBUG), 1)
ifeq ($(SGX_PRERELEASE), 1)
$(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!)
endif
endif
ifeq ($(SGX_DEBUG), 1)
SGX_COMMON_CFLAGS += -O0 -g
else
SGX_COMMON_CFLAGS += -O2
endif
######## App Settings ########
ifneq ($(SGX_MODE), HW)
Urts_Library_Name := sgx_urts_sim
else
Urts_Library_Name := sgx_urts
endif
App_Cpp_Files := $(wildcard App/*.cpp)
App_Include_Paths := -I$(SGX_SDK)/include -I./Common
App_Compile_CFlags := -fPIC -Wno-attributes $(App_Include_Paths)
# Three configuration modes - Debug, prerelease, release
# Debug - Macro DEBUG enabled.
# Prerelease - Macro NDEBUG and EDEBUG enabled.
# Release - Macro NDEBUG enabled.
ifeq ($(SGX_DEBUG), 1)
App_Compile_CFlags += -DDEBUG -UNDEBUG -UEDEBUG
else ifeq ($(SGX_PRERELEASE), 1)
App_Compile_CFlags += -DNDEBUG -DEDEBUG -UDEBUG
else
App_Compile_CFlags += -DNDEBUG -UEDEBUG -UDEBUG
endif
App_Compile_CXXFlags := -std=c++0x $(App_Compile_CFlags)
App_Link_Flags := -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -lpthread
ifneq ($(SGX_MODE), HW)
App_Link_Flags += -lsgx_uae_service_sim
else
App_Link_Flags += -lsgx_uae_service
endif
Gen_Untrusted_Source := App/Enclave_u.c
Gen_Untrusted_Object := App/Enclave_u.o
App_Objects := $(Gen_Untrusted_Object) $(App_Cpp_Files:.cpp=.o)
App_Name := app
######## Enclave Settings ########
ifneq ($(SGX_MODE), HW)
Trts_Library_Name := sgx_trts_sim
Service_Library_Name := sgx_tservice_sim
else
Trts_Library_Name := sgx_trts
Service_Library_Name := sgx_tservice
endif
Crypto_Library_Name := sgx_tcrypto
Enclave_Cpp_Files := $(wildcard Enclave/*.cpp)
Enclave_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/stlport -I./Common
Enclave_Compile_CFlags := -nostdinc -ffreestanding -fvisibility=hidden -fpie \
$(Enclave_Include_Paths)
Enclave_Compile_CXXFlags := -nostdinc++ -std=c++03 $(Enclave_Compile_CFlags)
Enclave_Link_Flags := -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \
-Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
-Wl,--start-group -lsgx_tstdc -lsgx_tstdcxx -l$(Crypto_Library_Name) -l$(Service_Library_Name) -Wl,--end-group \
-Wl,--version-script=Enclave/Enclave.lds -Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
-Wl,-pie,-eenclave_entry -Wl,--export-dynamic -Wl,--defsym,__ImageBase=0
Enclave_Cpp_Objects := $(Enclave_Cpp_Files:.cpp=.o)
Gen_Trusted_Source := Enclave/Enclave_t.c
Gen_Trusted_Object := Enclave/Enclave_t.o
Enclave_Objects := $(Gen_Trusted_Object) $(Enclave_Cpp_Files:.cpp=.o)
Enclave_Name := libenclave.so
Signed_Enclave_Name := libenclave.signed.so
Enclave_Config_File := Enclave/Enclave.config.xml
ifeq ($(SGX_MODE), HW)
ifneq ($(SGX_DEBUG), 1)
ifneq ($(SGX_PRERELEASE), 1)
Build_Mode = HW_RELEASE
endif
endif
endif
ifeq ($(Build_Mode), HW_RELEASE)
all: $(App_Name) $(Enclave_Name)
@echo "The project has been built in release hardware mode."
@echo "Please sign the $(Enclave_Name) first with your signing key before you run the $(App_Name) to launch and access the enclave."
@echo "To sign the enclave use the command:"
@echo " $(SGX_ENCLAVE_SIGNER) sign -key <your key> -enclave $(Enclave_Name) -out <$(Signed_Enclave_Name)> -config $(Enclave_Config_File)"
@echo "You can also sign the enclave using an external signing tool. See User's Guide for more details."
@echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW."
else
all: $(App_Name) $(Signed_Enclave_Name)
@echo "Build $(App_Name) [$(SGX_MODE)|$(SGX_ARCH)] Success!"
@echo "Please RUN the project with command:"
@echo " $(App_Name)"
endif
######## App Objects ########
$(Gen_Untrusted_Source): $(SGX_EDGER8R) Enclave/Enclave.edl
@cd App && $(SGX_EDGER8R) --untrusted ../Enclave/Enclave.edl --search-path $(SGX_SDK)/include
@echo "GEN => $@"
$(Gen_Untrusted_Object): $(Gen_Untrusted_Source)
@$(CC) $(SGX_COMMON_CFLAGS) $(App_Compile_CFlags) -c $< -o $@
@echo "CC <= $<"
App/%.o: App/%.cpp
@$(CXX) $(SGX_COMMON_CFLAGS) $(App_Compile_CXXFlags) -c $< -o $@
@echo "CXX <= $<"
$(App_Name): $(App_Objects)
@$(CXX) $(SGX_COMMON_CFLAGS) $^ -o $@ $(App_Link_Flags)
@echo "LINK => $@"
######## Enclave Objects ########
$(Gen_Trusted_Source): $(SGX_EDGER8R) Enclave/Enclave.edl
@cd Enclave && $(SGX_EDGER8R) --trusted Enclave.edl --search-path $(SGX_SDK)/include
@echo "GEN => $@"
$(Gen_Trusted_Object): $(Gen_Trusted_Source)
@$(CC) $(SGX_COMMON_CFLAGS) $(Enclave_Compile_CFlags) -c $< -o $@
@echo "CC <= $<"
Enclave/%.o: Enclave/%.cpp
@$(CXX) $(SGX_COMMON_CFLAGS) $(Enclave_Compile_CXXFlags) -c $< -o $@
@echo "CXX <= $<"
$(Enclave_Name): $(Enclave_Objects)
@$(CXX) $(SGX_COMMON_CFLAGS) $(Enclave_Objects) -o $@ $(Enclave_Link_Flags)
@echo "LINK => $@"
$(Signed_Enclave_Name): $(Enclave_Name)
@$(SGX_ENCLAVE_SIGNER) sign -key Enclave/Enclave_private.pem -enclave $(Enclave_Name) -out $@ -config $(Enclave_Config_File)
@echo "SIGN => $@"
######### clean up ########
.PHONY: clean
clean:
@rm -f $(App_Name) $(App_Objects) $(Enclave_Name) $(Enclave_Objects) App/Enclave_u.* Enclave/Enclave_t.* $(Signed_Enclave_Name)

26
SampleCode/PowerTransition/README.txt Normal file
View File

@ -0,0 +1,26 @@
--------------------------
Purpose of PowerTransition
--------------------------
The project demonstrates one method about power transition handling for Intel(R)
Software Guard Extensions projects development.
------------------------------------
How to Build/Execute the Sample Code
------------------------------------
1. Install Intel(R) SGX SDK for Linux* OS
2. Build the project with the prepared Makefile:
a. Hardware Mode, Debug build:
$ make SGX_MODE=HW SGX_DEBUG=1
b. Hardware Mode, Pre-release build:
$ make SGX_MODE=HW SGX_PRERELEASE=1
c. Hardware Mode, Release build:
$ make SGX_MODE=HW
d. Simulation Mode, Debug build:
$ make SGX_DEBUG=1
e. Simulation Mode, Pre-release build:
$ make SGX_PRERELEASE=1
f. Simulation Mode, Release build:
$ make
3. Execute the binary directly:
$ ./app

219
SampleCode/RemoteAttestation/.cproject Normal file
View File

@ -0,0 +1,219 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<?fileVersion 4.0.0?><cproject storage_type_id="org.eclipse.cdt.core.XmlProjectDescriptionStorage">
<storageModule moduleId="org.eclipse.cdt.core.settings">
<cconfiguration id="com.intel.sgx.configuration.Sim.Debug">
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.Sim.Debug" moduleId="org.eclipse.cdt.core.settings" name="SGX Debug Sim Mode">
<externalSettings/>
<extensions>
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
</extensions>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.Sim.Debug" name="SGX Debug Sim Mode" parent="com.intel.sgx.configuration.Sim.Debug">
<folderInfo id="com.intel.sgx.configuration.Sim.Debug.292452237" name="/" resourcePath="">
<toolChain id="com.intel.sgx.toolChain.Sim.Debug.1618485184" name="SGX GCC" superClass="com.intel.sgx.toolChain.Sim.Debug">
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.1039454044" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
<builder arguments="SGX_DEBUG=1 SGX_MODE=SIM -f Makefile" command="make" id="com.intel.sgx.builder2.1591862020" keepEnvironmentInBuildfile="false" name="Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder2"/>
<tool id="com.intel.sgx.compiler.1853780321" name="SGX GCC Compiler" superClass="com.intel.sgx.compiler">
<option id="com.intel.sgx.option.includePath.1427419865" superClass="com.intel.sgx.option.includePath" valueType="includePath">
<listOptionValue builtIn="false" value="/opt/intel/sgxsdk/include"/>
</option>
<inputType id="com.intel.sgx.inputType.1817588305" superClass="com.intel.sgx.inputType"/>
</tool>
</toolChain>
</folderInfo>
</configuration>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
</cconfiguration>
<cconfiguration id="com.intel.sgx.configuration.HW.Debug">
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.HW.Debug" moduleId="org.eclipse.cdt.core.settings" name="SGX Debug HW Mode">
<externalSettings/>
<extensions>
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
</extensions>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.HW.Debug" name="SGX Debug HW Mode" parent="com.intel.sgx.configuration.HW.Debug">
<folderInfo id="com.intel.sgx.configuration.HW.Debug.971320034" name="/" resourcePath="">
<toolChain id="com.intel.sgx.toolChain.HW.Debug.1761600540" name="SGX GCC" superClass="com.intel.sgx.toolChain.HW.Debug">
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.131147161" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
<builder arguments="SGX_DEBUG=1 SGX_MODE=HW -f Makefile" command="make" id="com.intel.sgx.builder1.1502087524" keepEnvironmentInBuildfile="false" name="Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder1"/>
<tool id="com.intel.sgx.compiler.1085280084" name="SGX GCC Compiler" superClass="com.intel.sgx.compiler">
<option id="com.intel.sgx.option.includePath.57165741" superClass="com.intel.sgx.option.includePath" valueType="includePath">
<listOptionValue builtIn="false" value="/opt/intel/sgxsdk/include"/>
</option>
<inputType id="com.intel.sgx.inputType.79844751" superClass="com.intel.sgx.inputType"/>
</tool>
</toolChain>
</folderInfo>
</configuration>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
</cconfiguration>
<cconfiguration id="com.intel.sgx.configuration.Sim.Release">
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.Sim.Release" moduleId="org.eclipse.cdt.core.settings" name="SGX Release Sim Mode">
<externalSettings/>
<extensions>
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
</extensions>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.Sim.Release" name="SGX Release Sim Mode" parent="com.intel.sgx.configuration.Sim.Release">
<folderInfo id="com.intel.sgx.configuration.Sim.Release.151408355" name="/" resourcePath="">
<toolChain id="com.intel.sgx.toolChain.Sim.Release.1055083183" name="SGX GCC" superClass="com.intel.sgx.toolChain.Sim.Release">
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.471419902" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
<builder arguments="SGX_DEBUG=0 SGX_MODE=SIM -f Makefile" command="make" id="com.intel.sgx.builder3.1151273037" keepEnvironmentInBuildfile="false" name="Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder3"/>
<tool id="com.intel.sgx.compiler.1302347316" name="SGX GCC Compiler" superClass="com.intel.sgx.compiler">
<option id="com.intel.sgx.option.includePath.1645761127" superClass="com.intel.sgx.option.includePath" valueType="includePath">
<listOptionValue builtIn="false" value="/opt/intel/sgxsdk/include"/>
</option>
<inputType id="com.intel.sgx.inputType.640775034" superClass="com.intel.sgx.inputType"/>
</tool>
</toolChain>
</folderInfo>
</configuration>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
</cconfiguration>
<cconfiguration id="com.intel.sgx.configuration.HW.Prerelease">
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.HW.Prerelease" moduleId="org.eclipse.cdt.core.settings" name="SGX Pre-release Release HW Mode">
<externalSettings/>
<extensions>
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
</extensions>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.HW.Prerelease" name="SGX Pre-release Release HW Mode" parent="com.intel.sgx.configuration.HW.Prerelease">
<folderInfo id="com.intel.sgx.configuration.HW.Prerelease.1418650208" name="/" resourcePath="">
<toolChain id="com.intel.sgx.toolChain.HW.Prerelease.1668578385" name="SGX GCC" superClass="com.intel.sgx.toolChain.HW.Prerelease">
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.977258758" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
<builder arguments="SGX_PRERELEASE=1 SGX_MODE=HW -f Makefile" command="make" id="com.intel.sgx.builder5.1888300852" keepEnvironmentInBuildfile="false" name="Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder5"/>
<tool id="com.intel.sgx.compiler.2113538546" name="SGX GCC Compiler" superClass="com.intel.sgx.compiler">
<option id="com.intel.sgx.option.includePath.904888562" superClass="com.intel.sgx.option.includePath" valueType="includePath">
<listOptionValue builtIn="false" value="/opt/intel/sgxsdk/include"/>
</option>
<inputType id="com.intel.sgx.inputType.283498732" superClass="com.intel.sgx.inputType"/>
</tool>
</toolChain>
</folderInfo>
</configuration>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
</cconfiguration>
<cconfiguration id="com.intel.sgx.configuration.HW.Release">
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.HW.Release" moduleId="org.eclipse.cdt.core.settings" name="SGX Release HW Mode">
<externalSettings/>
<extensions>
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
</extensions>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.HW.Release" name="SGX Release HW Mode" parent="com.intel.sgx.configuration.HW.Release">
<folderInfo id="com.intel.sgx.configuration.HW.Release.1657582763" name="/" resourcePath="">
<toolChain id="com.intel.sgx.toolChain.HW.Release.465410401" name="SGX GCC" superClass="com.intel.sgx.toolChain.HW.Release">
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.828352216" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
<builder arguments="SGX_DEBUG=0 SGX_MODE=HW -f Makefile" command="make" id="com.intel.sgx.builder6.714105790" keepEnvironmentInBuildfile="false" name="Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder6"/>
<tool id="com.intel.sgx.compiler.595797282" name="SGX GCC Compiler" superClass="com.intel.sgx.compiler">
<option id="com.intel.sgx.option.includePath.1385078253" superClass="com.intel.sgx.option.includePath" valueType="includePath">
<listOptionValue builtIn="false" value="/opt/intel/sgxsdk/include"/>
</option>
<inputType id="com.intel.sgx.inputType.463677873" superClass="com.intel.sgx.inputType"/>
</tool>
</toolChain>
</folderInfo>
</configuration>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
</cconfiguration>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<project id="SimpleEnclave.null.1312290154" name="SimpleEnclave"/>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.LanguageSettingsProviders"/>
<storageModule moduleId="refreshScope" versionNumber="2">
<configuration configurationName="SGX Debug HW Mode">
<resource resourceType="PROJECT" workspacePath="/SimpleEnclave"/>
</configuration>
<configuration configurationName="SGX Debug Sim Mode">
<resource resourceType="PROJECT" workspacePath="/SimpleEnclave"/>
</configuration>
<configuration configurationName="Debug">
<resource resourceType="PROJECT" workspacePath="/SimpleEnclave"/>
</configuration>
<configuration configurationName="Release">
<resource resourceType="PROJECT" workspacePath="/SimpleEnclave"/>
</configuration>
<configuration configurationName="SGX Release HW Mode">
<resource resourceType="PROJECT" workspacePath="/SimpleEnclave"/>
</configuration>
</storageModule>
<storageModule moduleId="scannerConfiguration">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
<scannerConfigBuildInfo instanceId="cdt.managedbuild.config.gnu.exe.release.680828348;cdt.managedbuild.config.gnu.exe.release.680828348.;cdt.managedbuild.tool.gnu.c.compiler.exe.release.2137539087;cdt.managedbuild.tool.gnu.c.compiler.input.762444756">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="com.intel.sgx.SGXtoolChain.977521771;com.intel.sgx.SGXtoolChain.977521771.100429378;com.intel.sgx.compiler.787445976;com.intel.sgx.inputType.1814458059">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.Sim.Release;com.intel.sgx.configuration.Sim.Release.151408355;com.intel.sgx.compiler.1302347316;com.intel.sgx.inputType.640775034">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="cdt.managedbuild.config.gnu.exe.debug.1377487595;cdt.managedbuild.config.gnu.exe.debug.1377487595.;cdt.managedbuild.tool.gnu.c.compiler.exe.debug.1972419354;cdt.managedbuild.tool.gnu.c.compiler.input.1480710981">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.HW.Release;com.intel.sgx.configuration.HW.Release.1657582763;com.intel.sgx.compiler.595797282;com.intel.sgx.inputType.463677873">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.Sim.Debug;com.intel.sgx.configuration.Sim.Debug.292452237;com.intel.sgx.compiler.1853780321;com.intel.sgx.inputType.1817588305">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.HW.Debug;com.intel.sgx.configuration.HW.Debug.971320034;com.intel.sgx.compiler.1085280084;com.intel.sgx.inputType.79844751">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.HW.Prerelease;com.intel.sgx.configuration.HW.Prerelease.1418650208;com.intel.sgx.compiler.2113538546;com.intel.sgx.inputType.283498732">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
</scannerConfigBuildInfo>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.internal.ui.text.commentOwnerProjectMappings"/>
</cproject>

28
SampleCode/RemoteAttestation/.project Normal file
View File

@ -0,0 +1,28 @@
<?xml version="1.0" encoding="UTF-8"?>
<projectDescription>
<name>SimpleEnclave</name>
<comment></comment>
<projects>
</projects>
<buildSpec>
<buildCommand>
<name>org.eclipse.cdt.managedbuilder.core.genmakebuilder</name>
<triggers>clean,full,incremental,</triggers>
<arguments>
</arguments>
</buildCommand>
<buildCommand>
<name>org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder</name>
<triggers>full,incremental,</triggers>
<arguments>
</arguments>
</buildCommand>
</buildSpec>
<natures>
<nature>org.eclipse.cdt.core.cnature</nature>
<nature>org.eclipse.cdt.managedbuilder.core.managedBuildNature</nature>
<nature>org.eclipse.cdt.managedbuilder.core.ScannerConfigNature</nature>
<nature>org.eclipse.cdt.core.ccnature</nature>
<nature>com.intel.sgx.sgxnature</nature>
</natures>
</projectDescription>

230
SampleCode/RemoteAttestation/Makefile Normal file
View File

@ -0,0 +1,230 @@
#
# Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
#
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
# * Neither the name of Intel Corporation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
#
######## SGX SDK Settings ########
SGX_SDK ?= /opt/intel/sgxsdk
SGX_MODE ?= SIM
SGX_ARCH ?= x64
ifeq ($(shell getconf LONG_BIT), 32)
SGX_ARCH := x86
else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32)
SGX_ARCH := x86
endif
ifeq ($(SGX_ARCH), x86)
SGX_COMMON_CFLAGS := -m32
SGX_LIBRARY_PATH := $(SGX_SDK)/lib
SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign
SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r
else
SGX_COMMON_CFLAGS := -m64
SGX_LIBRARY_PATH := $(SGX_SDK)/lib64
SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign
SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r
endif
ifeq ($(SGX_DEBUG), 1)
ifeq ($(SGX_PRERELEASE), 1)
$(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!)
endif
endif
ifeq ($(SGX_DEBUG), 1)
SGX_COMMON_CFLAGS += -O0 -g
else
SGX_COMMON_CFLAGS += -O2
endif
######## App Settings ########
ifneq ($(SGX_MODE), HW)
Urts_Library_Name := sgx_urts_sim
else
Urts_Library_Name := sgx_urts
endif
App_Cpp_Files := isv_app/isv_app.cpp
App_Include_Paths := -Iservice_provider -I$(SGX_SDK)/include
App_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths)
# Three configuration modes - Debug, prerelease, release
# Debug - Macro DEBUG enabled.
# Prerelease - Macro NDEBUG and EDEBUG enabled.
# Release - Macro NDEBUG enabled.
ifeq ($(SGX_DEBUG), 1)
App_C_Flags += -DDEBUG -UNDEBUG -UEDEBUG
else ifeq ($(SGX_PRERELEASE), 1)
App_C_Flags += -DNDEBUG -DEDEBUG -UDEBUG
else
App_C_Flags += -DNDEBUG -UEDEBUG -UDEBUG
endif
App_Cpp_Flags := $(App_C_Flags) -std=c++11
App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -L. -lsgx_ukey_exchange -lpthread -lservice_provider -Wl,-rpath=$(CURDIR)/sample_libcrypto -Wl,-rpath=$(CURDIR)
ifneq ($(SGX_MODE), HW)
App_Link_Flags += -lsgx_uae_service_sim
else
App_Link_Flags += -lsgx_uae_service
endif
App_Cpp_Objects := $(App_Cpp_Files:.cpp=.o)
App_Name := app
######## Service Provider Settings ########
ServiceProvider_Cpp_Files := service_provider/ecp.cpp service_provider/network_ra.cpp service_provider/service_provider.cpp service_provider/ias_ra.cpp
ServiceProvider_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/stlport -Isample_libcrypto
ServiceProvider_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes -I$(SGX_SDK)/include -Isample_libcrypto
ServiceProvider_Cpp_Flags := $(ServiceProvider_C_Flags) -std=c++11
ServiceProvider_Link_Flags := -shared $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -lsample_libcrypto -Lsample_libcrypto
ServiceProvider_Cpp_Objects := $(ServiceProvider_Cpp_Files:.cpp=.o)
######## Enclave Settings ########
ifneq ($(SGX_MODE), HW)
Trts_Library_Name := sgx_trts_sim
Service_Library_Name := sgx_tservice_sim
else
Trts_Library_Name := sgx_trts
Service_Library_Name := sgx_tservice
endif
Crypto_Library_Name := sgx_tcrypto
Enclave_Cpp_Files := isv_enclave/isv_enclave.cpp
Enclave_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/stlport
Enclave_C_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector $(Enclave_Include_Paths)
Enclave_Cpp_Flags := $(Enclave_C_Flags) -std=c++03 -nostdinc++
Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \
-Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
-Wl,--start-group -lsgx_tstdc -lsgx_tstdcxx -lsgx_tkey_exchange -l$(Crypto_Library_Name) -l$(Service_Library_Name) -Wl,--end-group \
-Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
-Wl,-pie,-eenclave_entry -Wl,--export-dynamic \
-Wl,--defsym,__ImageBase=0 \
-Wl,--version-script=isv_enclave/isv_enclave.lds
Enclave_Cpp_Objects := $(Enclave_Cpp_Files:.cpp=.o)
Enclave_Name := isv_enclave.so
Signed_Enclave_Name := isv_enclave.signed.so
Enclave_Config_File := isv_enclave/isv_enclave.config.xml
ifeq ($(SGX_MODE), HW)
ifneq ($(SGX_DEBUG), 1)
ifneq ($(SGX_PRERELEASE), 1)
Build_Mode = HW_RELEASE
endif
endif
endif
.PHONY: all run
ifeq ($(Build_Mode), HW_RELEASE)
all: libservice_provider.so $(App_Name) $(Enclave_Name)
@echo "The project has been built in release hardware mode."
@echo "Please sign the $(Enclave_Name) first with your signing key before you run the $(App_Name) to launch and access the enclave."
@echo "To sign the enclave use the command:"
@echo " $(SGX_ENCLAVE_SIGNER) sign -key <your key> -enclave $(Enclave_Name) -out <$(Signed_Enclave_Name)> -config $(Enclave_Config_File)"
@echo "You can also sign the enclave using an external signing tool. See User's Guide for more details."
@echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW."
else
all: libservice_provider.so $(App_Name) $(Signed_Enclave_Name)
endif
run: all
ifneq ($(Build_Mode), HW_RELEASE)
@$(CURDIR)/$(App_Name)
@echo "RUN => $(App_Name) [$(SGX_MODE)|$(SGX_ARCH), OK]"
endif
######## App Objects ########
isv_app/isv_enclave_u.c: $(SGX_EDGER8R) isv_enclave/isv_enclave.edl
@cd isv_app && $(SGX_EDGER8R) --untrusted ../isv_enclave/isv_enclave.edl --search-path ../isv_enclave --search-path $(SGX_SDK)/include
@echo "GEN => $@"
isv_app/isv_enclave_u.o: isv_app/isv_enclave_u.c
@$(CC) $(App_C_Flags) -c $< -o $@
@echo "CC <= $<"
isv_app/%.o: isv_app/%.cpp
@$(CXX) $(App_Cpp_Flags) -c $< -o $@
@echo "CXX <= $<"
$(App_Name): isv_app/isv_enclave_u.o $(App_Cpp_Objects)
@$(CXX) $^ -o $@ $(App_Link_Flags)
@echo "LINK => $@"
######## Service Provider Objects ########
service_provider/%.o: service_provider/%.cpp
@$(CXX) $(ServiceProvider_Cpp_Flags) -c $< -o $@
@echo "CXX <= $<"
libservice_provider.so: $(ServiceProvider_Cpp_Objects)
@$(CXX) $^ -o $@ $(ServiceProvider_Link_Flags)
@echo "LINK => $@"
######## Enclave Objects ########
isv_enclave/isv_enclave_t.c: $(SGX_EDGER8R) isv_enclave/isv_enclave.edl
@cd isv_enclave && $(SGX_EDGER8R) --trusted ../isv_enclave/isv_enclave.edl --search-path ../isv_enclave --search-path $(SGX_SDK)/include
@echo "GEN => $@"
isv_enclave/isv_enclave_t.o: isv_enclave/isv_enclave_t.c
@$(CC) $(Enclave_C_Flags) -c $< -o $@
@echo "CC <= $<"
isv_enclave/%.o: isv_enclave/%.cpp
@$(CXX) $(Enclave_Cpp_Flags) -c $< -o $@
@echo "CXX <= $<"
$(Enclave_Name): isv_enclave/isv_enclave_t.o $(Enclave_Cpp_Objects)
@$(CXX) $^ -o $@ $(Enclave_Link_Flags)
@echo "LINK => $@"
$(Signed_Enclave_Name): $(Enclave_Name)
@$(SGX_ENCLAVE_SIGNER) sign -key isv_enclave/isv_enclave_private.pem -enclave $(Enclave_Name) -out $@ -config $(Enclave_Config_File)
@echo "SIGN => $@"
.PHONY: clean
clean:
@rm -f $(App_Name) $(Enclave_Name) $(Signed_Enclave_Name) $(App_Cpp_Objects) isv_app/isv_enclave_u.* $(Enclave_Cpp_Objects) isv_enclave/isv_enclave_t.* libservice_provider.* $(ServiceProvider_Cpp_Objects)

27
SampleCode/RemoteAttestation/README.txt Normal file
View File

@ -0,0 +1,27 @@
----------------------------
Purpose of RemoteAttestation
----------------------------
The project demonstrates:
- How an application enclave can attest to a remote party
- How an application enclave and the remote party can establish a secure session
------------------------------------
How to Build/Execute the Sample Code
------------------------------------
1. Install Intel(R) SGX SDK for Linux* OS
2. Build the project with the prepared Makefile:
a. Hardware Mode, Debug build:
$ make SGX_MODE=HW SGX_DEBUG=1
b. Hardware Mode, Pre-release build:
$ make SGX_MODE=HW SGX_PRERELEASE=1
c. Hardware Mode, Release build:
$ make SGX_MODE=HW
d. Simulation Mode, Debug build:
$ make SGX_DEBUG=1
e. Simulation Mode, Pre-release build:
$ make SGX_PRERELEASE=1
f. Simulation Mode, Release build:
$ make
3. Execute the binary directly:
$ ./app

644
SampleCode/RemoteAttestation/isv_app/isv_app.cpp Normal file
View File

@ -0,0 +1,644 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include <stdio.h>
#include <limits.h>
// Needed for definition of remote attestation messages.
#include "remote_attestation_result.h"
#include "isv_enclave_u.h"
// Needed to call untrusted key exchange library APIs, i.e. sgx_ra_proc_msg2.
#include "sgx_ukey_exchange.h"
// Needed to get service provider's information, in your real project, you will
// need to talk to real server.
#include "network_ra.h"
// Needed to create enclave and do ecall.
#include "sgx_urts.h"
#include "service_provider.h"
#ifndef SAFE_FREE
#define SAFE_FREE(ptr) {if (NULL != (ptr)) {free(ptr); (ptr) = NULL;}}
#endif
// In addition to generating and sending messages, this application
// can use pre-generated messages to verify the generation of
// messages and the information flow.
#include "sample_messages.h"
#define ENCLAVE_PATH "isv_enclave.signed.so"
uint8_t* msg1_samples[] = { msg1_sample1, msg1_sample2 };
uint8_t* msg2_samples[] = { msg2_sample1, msg2_sample2 };
uint8_t* msg3_samples[MSG3_BODY_SIZE] = { msg3_sample1, msg3_sample2 };
uint8_t* attestation_msg_samples[] =
{ attestation_msg_sample1, attestation_msg_sample2};
// Some utility functions to output some of the data structures passed between
// the ISV app and the remote attestation service provider.
void PRINT_BYTE_ARRAY(
FILE *file, void *mem, uint32_t len)
{
if(!mem || !len)
{
fprintf(file, "\n( null )\n");
return;
}
uint8_t *array = (uint8_t *)mem;
fprintf(file, "%u bytes:\n{\n", len);
uint32_t i = 0;
for(i = 0; i < len - 1; i++)
{
fprintf(file, "0x%x, ", array[i]);
if(i % 8 == 7) fprintf(file, "\n");
}
fprintf(file, "0x%x ", array[i]);
fprintf(file, "\n}\n");
}
void PRINT_ATTESTATION_SERVICE_RESPONSE(
FILE *file,
ra_samp_response_header_t *response)
{
if(!response)
{
fprintf(file, "\t\n( null )\n");
return;
}
fprintf(file, "RESPONSE TYPE: 0x%x\n", response->type);
fprintf(file, "RESPONSE STATUS: 0x%x 0x%x\n", response->status[0],
response->status[1]);
fprintf(file, "RESPONSE BODY SIZE: %u\n", response->size);
if(response->type == TYPE_RA_MSG2)
{
sgx_ra_msg2_t* p_msg2_body = (sgx_ra_msg2_t*)(response->body);
fprintf(file, "MSG2 gb - ");
PRINT_BYTE_ARRAY(file, &(p_msg2_body->g_b), sizeof(p_msg2_body->g_b));
fprintf(file, "MSG2 spid - ");
PRINT_BYTE_ARRAY(file, &(p_msg2_body->spid), sizeof(p_msg2_body->spid));
fprintf(file, "MSG2 sign_gb_ga - ");
PRINT_BYTE_ARRAY(file, &(p_msg2_body->sign_gb_ga),
sizeof(p_msg2_body->sign_gb_ga));
fprintf(file, "MSG2 mac - ");
PRINT_BYTE_ARRAY(file, &(p_msg2_body->mac), sizeof(p_msg2_body->mac));
fprintf(file, "MSG2 sig_rl - ");
PRINT_BYTE_ARRAY(file, &(p_msg2_body->sig_rl),
p_msg2_body->sig_rl_size);
}
else if(response->type == TYPE_RA_ATT_RESULT)
{
sample_ra_att_result_msg_t *p_att_result =
(sample_ra_att_result_msg_t *)(response->body);
fprintf(file, "ATTESTATION RESULT MSG platform_info_blob - ");
PRINT_BYTE_ARRAY(file, &(p_att_result->platform_info_blob),
sizeof(p_att_result->platform_info_blob));
fprintf(file, "ATTESTATION RESULT MSG mac - ");
PRINT_BYTE_ARRAY(file, &(p_att_result->mac), sizeof(p_att_result->mac));
fprintf(file, "ATTESTATION RESULT MSG secret.payload_tag - %u bytes\n",
p_att_result->secret.payload_size);
fprintf(file, "ATTESTATION RESULT MSG secret.payload - ");
PRINT_BYTE_ARRAY(file, p_att_result->secret.payload,
p_att_result->secret.payload_size);
}
else
{
fprintf(file, "\nERROR in printing out the response. "
"Response of type not supported %d\n", response->type);
}
}
// This sample code doesn't have any recovery/retry mechanisms for the remote
// attestation. Since the enclave can be lost due S3 transitions, apps
// susceptible to S3 transtions should have logic to restart attestation in
// these scenenarios.
#define _T(x) x
int main(int argc, char* argv[])
{
int ret = 0;
ra_samp_request_header_t *p_msg1_full = NULL;
ra_samp_response_header_t *p_msg2_full = NULL;
sgx_ra_msg3_t *p_msg3 = NULL;
ra_samp_response_header_t* p_att_result_msg_full = NULL;
sgx_enclave_id_t enclave_id = 0;
int enclave_lost_retry_time = 1;
int busy_retry_time = 2;
sgx_ra_context_t context = INT_MAX;
sgx_status_t status = SGX_SUCCESS;
ra_samp_request_header_t* p_msg3_full = NULL;
int32_t verify_index = -1;
int32_t verification_samples = sizeof(msg1_samples)/sizeof(msg1_samples[0]);
FILE* OUTPUT = stdout;
#define VERIFICATION_INDEX_IS_VALID() (verify_index > 0 && \
verify_index <= verification_samples)
#define GET_VERIFICATION_ARRAY_INDEX() (verify_index-1)
if(argc > 1)
{
verify_index = atoi(argv[1]);
if( VERIFICATION_INDEX_IS_VALID())
{
fprintf(OUTPUT, "\nVerifying precomputed attestation messages "
"using precomputed values# %d\n", verify_index);
}
else
{
fprintf(OUTPUT, "\nValid invocations are:\n");
fprintf(OUTPUT, "\n\tisv_app\n");
fprintf(OUTPUT, "\n\tisv_app <verification index>\n");
fprintf(OUTPUT, "\nValid indices are [1 - %d]\n",
verification_samples);
fprintf(OUTPUT, "\nUsing a verification index uses precomputed "
"messages to assist debugging the remote attestation "
"service provider.\n");
return -1;
}
}
// Remote attestaton will be initiated the ISV server challenges the ISV
// app or if the ISV app detects it doesn't have the credentials
// (shared secret) from a previous attestation required for secure
// communication with the server.
{
// ISV application creates the ISV enclave.
int launch_token_update = 0;
sgx_launch_token_t launch_token = {0};
memset(&launch_token, 0, sizeof(sgx_launch_token_t));
do
{
ret = sgx_create_enclave(_T(ENCLAVE_PATH),
SGX_DEBUG_FLAG,
&launch_token,
&launch_token_update,
&enclave_id, NULL);
if(SGX_SUCCESS != ret)
{
ret = -1;
fprintf(OUTPUT, "\nError, call sgx_create_enclave fail [%s].",
__FUNCTION__);
return ret;
}
fprintf(OUTPUT, "\nCall sgx_create_enclave success.");
ret = enclave_init_ra(enclave_id,
&status,
false,
&context);
//Ideally, this check would be around the full attestation flow.
} while (SGX_ERROR_ENCLAVE_LOST == ret && enclave_lost_retry_time--);
if(SGX_SUCCESS != ret || status)
{
ret = -1;
fprintf(OUTPUT, "\nError, call enclave_init_ra fail [%s].",
__FUNCTION__);
goto CLEANUP;
}
fprintf(OUTPUT, "\nCall enclave_init_ra success.");
// isv application call uke sgx_ra_get_msg1
p_msg1_full = (ra_samp_request_header_t*)
malloc(sizeof(ra_samp_request_header_t)
+ sizeof(sgx_ra_msg1_t));
if(NULL == p_msg1_full)
{
ret = -1;
goto CLEANUP;
}
p_msg1_full->type = TYPE_RA_MSG1;
p_msg1_full->size = sizeof(sgx_ra_msg1_t);
do
{
ret = sgx_ra_get_msg1(context, enclave_id, sgx_ra_get_ga,
(sgx_ra_msg1_t*)((uint8_t*)p_msg1_full
+ sizeof(ra_samp_request_header_t)));
} while (SGX_ERROR_BUSY == ret && busy_retry_time--);
if(SGX_SUCCESS != ret)
{
ret = -1;
fprintf(OUTPUT, "\nError, call sgx_ra_get_msg1 fail [%s].",
__FUNCTION__);
goto CLEANUP;
}
else
{
fprintf(OUTPUT, "\nCall sgx_ra_get_msg1 success.\n");
fprintf(OUTPUT, "\nMSG1 body generated -\n");
PRINT_BYTE_ARRAY(OUTPUT, p_msg1_full->body, p_msg1_full->size);
}
if(VERIFICATION_INDEX_IS_VALID())
{
memcpy_s(p_msg1_full->body, p_msg1_full->size,
msg1_samples[GET_VERIFICATION_ARRAY_INDEX()],
p_msg1_full->size);
fprintf(OUTPUT, "\nInstead of using the recently generated MSG1, "
"we will use the following precomputed MSG1 -\n");
PRINT_BYTE_ARRAY(OUTPUT, p_msg1_full->body, p_msg1_full->size);
}
// The ISV application sends msg1 to the SP to get msg2,
// msg2 needs to be freed when no longer needed.
// The ISV decides whether to use linkable or unlinkable signatures.
fprintf(OUTPUT, "\nSending msg1 to remote attestation service provider."
"Expecting msg2 back.\n");
ret = ra_network_send_receive("http://SampleServiceProvider.intel.com/",
p_msg1_full,
&p_msg2_full);
if(ret != 0 || !p_msg2_full)
{
fprintf(OUTPUT, "\nError, ra_network_send_receive for msg1 failed "
"[%s].", __FUNCTION__);
if(VERIFICATION_INDEX_IS_VALID())
{
fprintf(OUTPUT, "\nBecause we are in verification mode we will "
"ignore this error.\n");
fprintf(OUTPUT, "\nInstead, we will pretend we received the "
"following MSG2 - \n");
SAFE_FREE(p_msg2_full);
ra_samp_response_header_t* precomputed_msg2 =
(ra_samp_response_header_t*)msg2_samples[
GET_VERIFICATION_ARRAY_INDEX()];
const size_t msg2_full_size = sizeof(ra_samp_response_header_t)
+ precomputed_msg2->size;
p_msg2_full =
(ra_samp_response_header_t*)malloc(msg2_full_size);
if(NULL == p_msg2_full)
{
ret = -1;
goto CLEANUP;
}
memcpy_s(p_msg2_full, msg2_full_size, precomputed_msg2,
msg2_full_size);
PRINT_BYTE_ARRAY(OUTPUT, p_msg2_full,
sizeof(ra_samp_response_header_t)
+ p_msg2_full->size);
}
else
{
goto CLEANUP;
}
}
else
{
// Successfully sent msg1 and received a msg2 back.
// Time now to check msg2.
if(TYPE_RA_MSG2 != p_msg2_full->type)
{
fprintf(OUTPUT, "\nError, didn't get MSG2 in response to MSG1. "
"[%s].", __FUNCTION__);
if(VERIFICATION_INDEX_IS_VALID())
{
fprintf(OUTPUT, "\nBecause we are in verification mode we "
"will ignore this error.");
}
else
{
goto CLEANUP;
}
}
fprintf(OUTPUT, "\nSent MSG1 to remote attestation service "
"provider. Received the following MSG2:\n");
PRINT_BYTE_ARRAY(OUTPUT, p_msg2_full,
sizeof(ra_samp_response_header_t)
+ p_msg2_full->size);
fprintf(OUTPUT, "\nA more descriptive representation of MSG2:\n");
PRINT_ATTESTATION_SERVICE_RESPONSE(OUTPUT, p_msg2_full);
if( VERIFICATION_INDEX_IS_VALID() )
{
// The response should match the precomputed MSG2:
ra_samp_response_header_t* precomputed_msg2 =
(ra_samp_response_header_t *)
msg2_samples[GET_VERIFICATION_ARRAY_INDEX()];
if(memcmp( precomputed_msg2, p_msg2_full,
sizeof(ra_samp_response_header_t) + p_msg2_full->size))
{
fprintf(OUTPUT, "\nVerification ERROR. Our precomputed "
"value for MSG2 does NOT match.\n");
fprintf(OUTPUT, "\nPrecomputed value for MSG2:\n");
PRINT_BYTE_ARRAY(OUTPUT, precomputed_msg2,
sizeof(ra_samp_response_header_t)
+ precomputed_msg2->size);
fprintf(OUTPUT, "\nA more descriptive representation "
"of precomputed value for MSG2:\n");
PRINT_ATTESTATION_SERVICE_RESPONSE(OUTPUT,
precomputed_msg2);
}
else
{
fprintf(OUTPUT, "\nVerification COMPLETE. Remote "
"attestation service provider generated a "
"matching MSG2.\n");
}
}
}
sgx_ra_msg2_t* p_msg2_body = (sgx_ra_msg2_t*)((uint8_t*)p_msg2_full
+ sizeof(ra_samp_response_header_t));
uint32_t msg3_size = 0;
if( VERIFICATION_INDEX_IS_VALID())
{
// We cannot generate a valid MSG3 using the precomputed messages
// we have been using. We will use the precomputed msg3 instead.
msg3_size = MSG3_BODY_SIZE;
p_msg3 = (sgx_ra_msg3_t*)malloc(msg3_size);
if(NULL == p_msg3)
{
ret = -1;
goto CLEANUP;
}
memcpy_s(p_msg3, msg3_size,
msg3_samples[GET_VERIFICATION_ARRAY_INDEX()], msg3_size);
fprintf(OUTPUT, "\nBecause MSG1 was a precomputed value, the MSG3 "
"we use will also be. PRECOMPUTED MSG3 - \n");
}
else
{
busy_retry_time = 2;
// The ISV app now calls uKE sgx_ra_proc_msg2,
// The ISV app is responsible for freeing the returned p_msg3!!
do
{
ret = sgx_ra_proc_msg2(context,
enclave_id,
sgx_ra_proc_msg2_trusted,
sgx_ra_get_msg3_trusted,
p_msg2_body,
p_msg2_full->size,
&p_msg3,
&msg3_size);
} while (SGX_ERROR_BUSY == ret && busy_retry_time--);
if(!p_msg3)
{
fprintf(OUTPUT, "\nError, call sgx_ra_proc_msg2 fail. "
"p_msg3 = 0x%p [%s].", p_msg3, __FUNCTION__);
ret = -1;
goto CLEANUP;
}
if(SGX_SUCCESS != (sgx_status_t)ret)
{
fprintf(OUTPUT, "\nError, call sgx_ra_proc_msg2 fail. "
"ret = 0x%08x [%s].", ret, __FUNCTION__);
ret = -1;
goto CLEANUP;
}
else
{
fprintf(OUTPUT, "\nCall sgx_ra_proc_msg2 success.\n");
fprintf(OUTPUT, "\nMSG3 - \n");
}
}
PRINT_BYTE_ARRAY(OUTPUT, p_msg3, msg3_size);
p_msg3_full = (ra_samp_request_header_t*)malloc(
sizeof(ra_samp_request_header_t) + msg3_size);
if(NULL == p_msg3_full)
{
ret = -1;
goto CLEANUP;
}
p_msg3_full->type = TYPE_RA_MSG3;
p_msg3_full->size = msg3_size;
if(memcpy_s(p_msg3_full->body, msg3_size, p_msg3, msg3_size))
{
fprintf(OUTPUT,"\nError: INTERNAL ERROR - memcpy failed in [%s].",
__FUNCTION__);
ret = -1;
goto CLEANUP;
}
// The ISV application sends msg3 to the SP to get the attestation
// result message, attestation result message needs to be freed when
// no longer needed. The ISV service provider decides whether to use
// linkable or unlinkable signatures. The format of the attestation
// result is up to the service provider. This format is used for
// demonstration. Note that the attestation result message makes use
// of both the MK for the MAC and the SK for the secret. These keys are
// established from the SIGMA secure channel binding.
ret = ra_network_send_receive("http://SampleServiceProvider.intel.com/",
p_msg3_full,
&p_att_result_msg_full);
if(ret || !p_att_result_msg_full)
{
ret = -1;
fprintf(OUTPUT, "\nError, sending msg3 failed [%s].", __FUNCTION__);
goto CLEANUP;
}
sample_ra_att_result_msg_t * p_att_result_msg_body =
(sample_ra_att_result_msg_t *)((uint8_t*)p_att_result_msg_full
+ sizeof(ra_samp_response_header_t));
if(TYPE_RA_ATT_RESULT != p_att_result_msg_full->type)
{
ret = -1;
fprintf(OUTPUT, "\nError. Sent MSG3 successfully, but the message "
"received was NOT of type att_msg_result. Type = "
"%d. [%s].", p_att_result_msg_full->type,
__FUNCTION__);
goto CLEANUP;
}
else
{
fprintf(OUTPUT, "\nSent MSG3 successfully. Received an attestation "
"result message back\n.");
if( VERIFICATION_INDEX_IS_VALID() )
{
if(memcmp(p_att_result_msg_full->body,
attestation_msg_samples[GET_VERIFICATION_ARRAY_INDEX()],
p_att_result_msg_full->size) )
{
fprintf(OUTPUT, "\nSent MSG3 successfully. Received an "
"attestation result message back that did "
"NOT match the expected value.\n");
fprintf(OUTPUT, "\nEXPECTED ATTESTATION RESULT -");
PRINT_BYTE_ARRAY(OUTPUT,
attestation_msg_samples[GET_VERIFICATION_ARRAY_INDEX()],
p_att_result_msg_full->size);
}
}
}
fprintf(OUTPUT, "\nATTESTATION RESULT RECEIVED - ");
PRINT_BYTE_ARRAY(OUTPUT, p_att_result_msg_full->body,
p_att_result_msg_full->size);
if( VERIFICATION_INDEX_IS_VALID() )
{
fprintf(OUTPUT, "\nBecause we used precomputed values for the "
"messages, the attestation result message will "
"not pass further verification tests, so we will "
"skip them.\n");
goto CLEANUP;
}
// Check the MAC using MK on the attestation result message.
// The format of the attestation result message is ISV specific.
// This is a simple form for demonstration. In a real product,
// the ISV may want to communicate more information.
ret = verify_att_result_mac(enclave_id,
&status,
context,
(uint8_t*)&p_att_result_msg_body->platform_info_blob,
sizeof(ias_platform_info_blob_t),
(uint8_t*)&p_att_result_msg_body->mac,
sizeof(sgx_mac_t));
if((SGX_SUCCESS != ret) ||
(SGX_SUCCESS != status))
{
ret = -1;
fprintf(OUTPUT, "\nError: INTEGRITY FAILED - attestation result "
"message MK based cmac failed in [%s].",
__FUNCTION__);
goto CLEANUP;
}
bool attestation_passed = true;
// Check the attestation result for pass or fail.
// @TODO: Check the status. This is ISV defined.
if(0 != p_att_result_msg_full->status[0]
|| 0 != p_att_result_msg_full->status[1])
{
fprintf(OUTPUT, "\nError, attestation result message MK based cmac "
"failed in [%s].", __FUNCTION__);
attestation_passed = false;
}
// the SGX blob analysis API. The ISV will take action based on the
// update_info. (upgrade PSW or uCode), the second param should be 1 if
// the attestation failed, otherwise should be 0.
// sgx_update_info_bit_t update_info;
// ret = sgx_report_attestation_status(
// &p_att_result_msg_body->platform_info_blob,
// attestation_passed ? 0 : 1, &update_info);
// Get the shared secret sent by the server using SK (if attestation
// passed)
if(attestation_passed)
{
ret = put_secret_data(enclave_id,
&status,
context,
p_att_result_msg_body->secret.payload,
p_att_result_msg_body->secret.payload_size,
p_att_result_msg_body->secret.payload_tag);
if((SGX_SUCCESS != ret) || (SGX_SUCCESS != status))
{
fprintf(OUTPUT, "\nError, attestation result message secret "
"using SK based AESGCM failed in [%s]. ret = "
"0x%0x. status = 0x%0x", __FUNCTION__, ret,
status);
goto CLEANUP;
}
}
fprintf(OUTPUT, "\nSecret successfully received from server.");
fprintf(OUTPUT, "\nRemote attestation success!");
}
CLEANUP:
// Clean-up
// Need to close the RA key state.
if(INT_MAX != context)
{
int ret_save = ret;
ret = enclave_ra_close(enclave_id, &status, context);
if(SGX_SUCCESS != ret || status)
{
ret = -1;
fprintf(OUTPUT, "\nError, call enclave_ra_close fail [%s].",
__FUNCTION__);
}
else
{
// enclave_ra_close was successful, let's restore the value that
// led us to this point in the code.
ret = ret_save;
}
fprintf(OUTPUT, "\nCall enclave_ra_close success.");
}
sgx_destroy_enclave(enclave_id);
ra_free_network_response_buffer(p_msg2_full);
ra_free_network_response_buffer(p_att_result_msg_full);
// p_msg3 is malloc'd by the untrused KE library. App needs to free.
SAFE_FREE(p_msg3);
SAFE_FREE(p_msg3_full);
SAFE_FREE(p_msg1_full);
printf("\nEnter a character before exit ...\n");
getchar();
return ret;
}

537
SampleCode/RemoteAttestation/isv_app/sample_messages.h Normal file
View File

@ -0,0 +1,537 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
//This file contains samples of messages sent between the sample ISV application
//and the sample service provider. It is intended to be used so that authors
//of other service providers can verify that the messages generated by their
//remote attestation service matches.
#include <stdint.h>
uint8_t msg1_sample1[] =
{
0xe8, 0xcf, 0xf, 0x97, 0x8a, 0xf4, 0x24, 0x8a,
0xf5, 0x5b, 0x56, 0xf0, 0xac, 0x7f, 0x78, 0x39,
0x71, 0x10, 0xb8, 0xdc, 0x88, 0xd, 0x50, 0xf0,
0x39, 0x85, 0x37, 0xfe, 0xad, 0x1f, 0xc7, 0x59,
0xc7, 0x23, 0x81, 0xfd, 0x4a, 0x2, 0x48, 0xdf,
0xd3, 0x74, 0xda, 0x45, 0x48, 0x62, 0xc8, 0xb6,
0x73, 0x43, 0x26, 0x42, 0x8f, 0x1f, 0x89, 0x17,
0xe7, 0xa9, 0x2a, 0xf5, 0x27, 0xb3, 0xcc, 0x4d,
0x3, 0x1, 0x0, 0x0
};
uint8_t msg1_sample2[] =
{
0xa8, 0x56, 0x72, 0xc1, 0x14, 0x41, 0xa, 0x2f,
0xdc, 0xb0, 0xa8, 0xa1, 0x3a, 0x51, 0x40, 0xf9,
0x12, 0x9f, 0x11, 0x86, 0xe9, 0x1a, 0xf1, 0x16,
0xbc, 0xd4, 0x6, 0x2f, 0x47, 0x2c, 0xc3, 0x37,
0x8e, 0x65, 0x7, 0x29, 0x85, 0xb0, 0x8, 0x61,
0x6b, 0x6d, 0xc7, 0x22, 0x7d, 0x22, 0x61, 0x7f,
0x40, 0x43, 0x40, 0x5a, 0x7a, 0xf4, 0x94, 0x0,
0x60, 0x36, 0xf6, 0xa4, 0x22, 0x22, 0x41, 0x82,
0x3, 0x1, 0x0, 0x0
};
uint8_t msg2_sample1[] =
{
0x2, 0x0, 0x0, 0xa8, 0x0, 0x0, 0x0, 0x0,
0x6a, 0x83, 0xdc, 0x84, 0xd4, 0x4c, 0x8a, 0xbb,
0x5e, 0x42, 0xaf, 0xee, 0x8d, 0xe9, 0xf4, 0x57,
0x71, 0xfd, 0x73, 0x66, 0xd7, 0xfa, 0xad, 0xfa,
0xf2, 0x17, 0x14, 0xdd, 0x5a, 0xb9, 0x9e, 0x97,
0x79, 0xa7, 0x38, 0x72, 0xf2, 0xb8, 0xd6, 0xbe,
0x18, 0x91, 0x7f, 0xf7, 0xb5, 0xd3, 0xe5, 0x64,
0x9b, 0x12, 0x18, 0xaf, 0x39, 0x29, 0x6c, 0x24,
0x19, 0x38, 0x29, 0xb, 0xc6, 0xac, 0xc, 0x62,
0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x20,
0x58, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x1, 0x0, 0x1, 0x0, 0x6a, 0x83, 0xdc, 0x84,
0xd4, 0x4c, 0x8a, 0xbb, 0x5e, 0x42, 0xaf, 0xee,
0x8d, 0xe9, 0xf4, 0x57, 0x71, 0xfd, 0x73, 0x66,
0xd7, 0xfa, 0xad, 0xfa, 0xf2, 0x17, 0x14, 0xdd,
0x5a, 0xb9, 0x9e, 0x97, 0x6, 0x10, 0x58, 0x61,
0xa5, 0xbf, 0x7d, 0x2e, 0xab, 0xcc, 0x1a, 0x3e,
0x4f, 0x44, 0x15, 0xe7, 0x91, 0xca, 0x64, 0x2b,
0x42, 0xb7, 0x53, 0xd9, 0x71, 0x37, 0xf1, 0x9b,
0x31, 0xb5, 0xa5, 0x6b, 0xf8, 0xfa, 0x64, 0xfe,
0x7a, 0x9e, 0xdc, 0xf4, 0xf0, 0x59, 0xbd, 0x78,
0x27, 0xc2, 0x55, 0xb9, 0x0, 0x0, 0x0, 0x0
};
uint8_t msg2_sample2[] =
{
0x2, 0x0, 0x0, 0xa8, 0x0, 0x0, 0x0, 0x0,
0x6a, 0x83, 0xdc, 0x84, 0xd4, 0x4c, 0x8a, 0xbb,
0x5e, 0x42, 0xaf, 0xee, 0x8d, 0xe9, 0xf4, 0x57,
0x71, 0xfd, 0x73, 0x66, 0xd7, 0xfa, 0xad, 0xfa,
0xf2, 0x17, 0x14, 0xdd, 0x5a, 0xb9, 0x9e, 0x97,
0x79, 0xa7, 0x38, 0x72, 0xf2, 0xb8, 0xd6, 0xbe,
0x18, 0x91, 0x7f, 0xf7, 0xb5, 0xd3, 0xe5, 0x64,
0x9b, 0x12, 0x18, 0xaf, 0x39, 0x29, 0x6c, 0x24,
0x19, 0x38, 0x29, 0xb, 0xc6, 0xac, 0xc, 0x62,
0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x20,
0x58, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x1, 0x0, 0x1, 0x0, 0x6a, 0x83, 0xdc, 0x84,
0xd4, 0x4c, 0x8a, 0xbb, 0x5e, 0x42, 0xaf, 0xee,
0x8d, 0xe9, 0xf4, 0x57, 0x71, 0xfd, 0x73, 0x66,
0xd7, 0xfa, 0xad, 0xfa, 0xf2, 0x17, 0x14, 0xdd,
0x5a, 0xb9, 0x9e, 0x97, 0x75, 0x39, 0x23, 0x1b,
0xc2, 0x5a, 0xd4, 0xfa, 0x41, 0xe9, 0xd4, 0x42,
0x72, 0x8a, 0x75, 0x4b, 0x48, 0x5a, 0xfb, 0xc0,
0x90, 0x42, 0xef, 0x9c, 0xed, 0xcb, 0xc1, 0x45,
0x2d, 0xfe, 0x86, 0xbc, 0xee, 0x3, 0xa8, 0x97,
0x68, 0xf0, 0xb4, 0xf, 0xa, 0x5b, 0x5f, 0xc1,
0xe4, 0xf9, 0xa9, 0xa6, 0x0, 0x0, 0x0, 0x0
};
#define MSG3_BODY_SIZE 1452
uint8_t msg3_sample1[MSG3_BODY_SIZE] =
{
0x57, 0x19, 0x8, 0xa1, 0x3b, 0xd0, 0x37, 0xa8,
0x4a, 0x32, 0xf1, 0x31, 0xc1, 0x14, 0xff, 0xdf,
0xe8, 0xcf, 0xf, 0x97, 0x8a, 0xf4, 0x24, 0x8a,
0xf5, 0x5b, 0x56, 0xf0, 0xac, 0x7f, 0x78, 0x39,
0x71, 0x10, 0xb8, 0xdc, 0x88, 0xd, 0x50, 0xf0,
0x39, 0x85, 0x37, 0xfe, 0xad, 0x1f, 0xc7, 0x59,
0xc7, 0x23, 0x81, 0xfd, 0x4a, 0x2, 0x48, 0xdf,
0xd3, 0x74, 0xda, 0x45, 0x48, 0x62, 0xc8, 0xb6,
0x73, 0x43, 0x26, 0x42, 0x8f, 0x1f, 0x89, 0x17,
0xe7, 0xa9, 0x2a, 0xf5, 0x27, 0xb3, 0xcc, 0x4d,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x2, 0x0, 0x1, 0x0, 0x3, 0x1, 0x0, 0x0,
0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0,
0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x20,
0x58, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x2, 0x2, 0xff, 0xff, 0xff, 0x1, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0xe2, 0x55, 0x5d, 0xc6, 0xe6, 0x69, 0x53, 0xc0,
0x8d, 0x52, 0x5b, 0xc0, 0x2a, 0x2c, 0x5c, 0x2f,
0xc, 0x8c, 0xfe, 0x5b, 0x1, 0xae, 0x89, 0xff,
0x2, 0x2f, 0x97, 0xea, 0x9b, 0x45, 0xb6, 0x2e,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x60, 0x27, 0x7a, 0xd2, 0xfd, 0xfc, 0x57, 0xe9,
0x80, 0xe8, 0x76, 0xe7, 0xf8, 0x78, 0xac, 0x19,
0x9, 0x88, 0xe, 0xa5, 0x38, 0x7, 0x95, 0xa7,
0xe8, 0xea, 0x98, 0xb1, 0x57, 0x84, 0x1f, 0x85,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x2a, 0xe, 0x9, 0x4c, 0xe2, 0xd9, 0x44, 0x73,
0x36, 0x42, 0xfa, 0xe0, 0x44, 0x5b, 0x7b, 0x1f,
0xc2, 0x85, 0x16, 0xca, 0xf1, 0xc5, 0xcd, 0xd2,
0xf, 0xe4, 0xdf, 0xf, 0x31, 0xca, 0x36, 0x28,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0xa8, 0x2, 0x0, 0x0, 0x68, 0xe3, 0x1d, 0x2,
0xd1, 0x6, 0x2a, 0x16, 0xab, 0x1c, 0xfd, 0x43,
0x5c, 0x1f, 0x34, 0x5, 0x15, 0xc4, 0x84, 0xdd,
0xee, 0x73, 0x79, 0xe7, 0x2e, 0xc8, 0x95, 0x77,
0x6b, 0xca, 0xff, 0xb9, 0xf4, 0xf8, 0x5a, 0x42,
0x9d, 0x32, 0x73, 0x62, 0xab, 0x49, 0x8, 0xa4,
0xc3, 0x5c, 0x5a, 0x66, 0x38, 0x76, 0xcd, 0x58,
0x5b, 0x85, 0xbf, 0xf0, 0x52, 0x12, 0xd2, 0xc8,
0xd, 0xf8, 0x6d, 0x91, 0xb8, 0xcf, 0x3f, 0x1d,
0xe0, 0x1d, 0x63, 0xb2, 0x58, 0xa7, 0xbc, 0x8,
0x97, 0xbb, 0xcc, 0x19, 0x31, 0xdb, 0x47, 0xf3,
0x8e, 0x54, 0x7d, 0x36, 0x6e, 0x6, 0xd3, 0x20,
0xca, 0x5e, 0x8a, 0x5, 0x30, 0x50, 0x56, 0xe9,
0x91, 0x9, 0x35, 0x13, 0x69, 0xd, 0x24, 0x71,
0x55, 0xca, 0xe8, 0xef, 0x4d, 0x1c, 0xe6, 0x1f,
0x51, 0xeb, 0x12, 0x32, 0x97, 0xa2, 0xbb, 0x1e,
0xf2, 0x26, 0xc5, 0xe9, 0x3f, 0xda, 0x79, 0xc3,
0x89, 0x28, 0x9, 0x6c, 0x59, 0x9e, 0x2d, 0x60,
0x5f, 0x35, 0x33, 0x76, 0xfe, 0xf5, 0xba, 0x73,
0xc5, 0xb6, 0x44, 0x9d, 0xb9, 0x3a, 0x90, 0x8,
0x5e, 0xba, 0x33, 0x3d, 0xe5, 0xff, 0xc0, 0x5b,
0xbb, 0x7b, 0xbc, 0x39, 0x52, 0x6f, 0x54, 0x8b,
0xb5, 0x44, 0xf7, 0x75, 0xc5, 0x28, 0xa7, 0x51,
0xd, 0x69, 0x2b, 0x3a, 0xfd, 0xc0, 0x7c, 0x6f,
0xf, 0xcf, 0x76, 0x32, 0xea, 0x38, 0xd2, 0x8d,
0xbe, 0x9c, 0xef, 0x3b, 0x56, 0xdc, 0x8e, 0x29,
0x40, 0x87, 0x4, 0xe6, 0x15, 0xa1, 0x12, 0x9f,
0x21, 0x12, 0xe8, 0xd8, 0x5, 0x26, 0x22, 0x23,
0x12, 0x57, 0xd1, 0xb6, 0x3, 0x59, 0xfa, 0xa6,
0xfe, 0x24, 0xe1, 0x84, 0xfb, 0x63, 0xf3, 0x3d,
0xf1, 0xe2, 0x70, 0x2c, 0x94, 0xf1, 0xa4, 0xdc,
0x70, 0x31, 0xda, 0x9e, 0xb9, 0xf7, 0xc6, 0xba,
0xd3, 0x4e, 0x5c, 0x63, 0xf1, 0x78, 0xcc, 0x38,
0xc2, 0x1a, 0xd6, 0x2, 0x34, 0x23, 0x1a, 0x4b,
0x1, 0x4e, 0xf4, 0xe6, 0xe, 0x6b, 0xfa, 0x27,
0x8d, 0xe3, 0x67, 0x5d, 0xec, 0x79, 0x13, 0x66,
0x46, 0xbb, 0xd0, 0x8e, 0xc8, 0x21, 0x6f, 0x37,
0x5c, 0x5e, 0x5d, 0xed, 0x8e, 0x2d, 0x8d, 0x94,
0x68, 0x1, 0x0, 0x0, 0x84, 0xd5, 0x35, 0x93,
0x3a, 0xb1, 0x19, 0x8e, 0xb6, 0xb0, 0x5f, 0x4f,
0x66, 0x8a, 0xb3, 0xe0, 0x12, 0xbb, 0x7, 0xe0,
0xa3, 0x6b, 0x54, 0xd5, 0xf6, 0xc8, 0x2, 0xdd,
0x33, 0x78, 0x3c, 0x4f, 0xdc, 0xa3, 0x3e, 0x5c,
0x99, 0xb8, 0x2f, 0x3f, 0xdf, 0xf0, 0xf0, 0x63,
0x24, 0x6f, 0xc2, 0x17, 0xeb, 0x45, 0xd5, 0x79,
0xaa, 0xb5, 0x46, 0x4b, 0x77, 0x6d, 0x3d, 0xbf,
0xe8, 0xca, 0xaf, 0x4d, 0xb5, 0x5d, 0xee, 0x9e,
0xf5, 0x73, 0x8d, 0x1, 0xff, 0x84, 0x1e, 0xc9,
0x78, 0x2e, 0xde, 0x3, 0x97, 0x36, 0x1c, 0x47,
0xc, 0x46, 0x5, 0xfc, 0x8b, 0xf5, 0xd5, 0x13,
0xa3, 0x8, 0xd4, 0x29, 0x83, 0xfb, 0x4b, 0x3e,
0xf1, 0x3d, 0xe8, 0x54, 0x28, 0x2f, 0x3d, 0x9c,
0x8b, 0x91, 0xcc, 0xf0, 0x45, 0x40, 0x3, 0xb,
0xaa, 0x41, 0x38, 0x2f, 0xad, 0xc3, 0x1d, 0x61,
0x15, 0x20, 0x9, 0xea, 0xfd, 0xdb, 0xf9, 0x17,
0x84, 0x19, 0xae, 0xf3, 0x4b, 0x4d, 0x8e, 0xa2,
0x3e, 0x9c, 0xb3, 0x70, 0x4d, 0x38, 0x1, 0x5,
0xb7, 0xc, 0xb2, 0xf6, 0x84, 0xbe, 0xbc, 0xd5,
0xd1, 0x8a, 0x22, 0xfc, 0x82, 0xb4, 0x3b, 0x96,
0x8f, 0xc0, 0x49, 0xaa, 0xf0, 0x52, 0x25, 0xda,
0x39, 0xc2, 0x4c, 0xbc, 0xe2, 0x47, 0xe3, 0xc,
0x59, 0xad, 0x40, 0x42, 0x17, 0x30, 0x4d, 0x1c,
0x34, 0xd3, 0xdb, 0xa7, 0xc5, 0x9c, 0xef, 0x83,
0xd, 0xb8, 0x9a, 0xa9, 0x29, 0x1b, 0x11, 0x32,
0x74, 0x53, 0x17, 0x34, 0xd6, 0xa2, 0x14, 0x6,
0x8b, 0xae, 0x8c, 0xb4, 0xcb, 0x20, 0xec, 0xb3,
0x2f, 0xe, 0xf3, 0x8f, 0xc3, 0x84, 0xe3, 0xb8,
0x46, 0x51, 0xea, 0xa6, 0x1c, 0x27, 0x31, 0x1e,
0x69, 0xb, 0xc7, 0x47, 0xad, 0x7d, 0xde, 0x3f,
0x13, 0x2b, 0x5e, 0x2a, 0x24, 0x37, 0x85, 0xa4,
0x8d, 0x45, 0x39, 0xeb, 0x95, 0x47, 0xb8, 0x57,
0x5d, 0x88, 0xeb, 0x56, 0xb0, 0xa8, 0x58, 0xd,
0x9e, 0x1b, 0x80, 0x3a, 0x74, 0x86, 0x3a, 0x58,
0xfc, 0xa6, 0xa, 0xc5, 0x66, 0x5f, 0xc7, 0xa9,
0xd5, 0xc, 0x37, 0xd1, 0x23, 0xff, 0xfd, 0x1d,
0x38, 0x1c, 0x98, 0xd1, 0xa9, 0x24, 0x3b, 0x23,
0xa2, 0x1a, 0xee, 0x8, 0x31, 0x4f, 0xd5, 0xaa,
0x1d, 0x67, 0xe7, 0x77, 0x5c, 0x46, 0xcc, 0xb,
0x18, 0xf6, 0xdd, 0x86, 0xf4, 0xcc, 0xb4, 0xd5,
0xcd, 0xe6, 0xae, 0xb3, 0xf0, 0x24, 0x15, 0x71,
0xb3, 0x65, 0xff, 0xfa, 0xe5, 0x1a, 0x6d, 0xc3,
0x6f, 0x43, 0x73, 0xe0, 0xe8, 0xa9, 0x6f, 0x68,
0xf8, 0x4, 0xf2, 0x73, 0x1, 0x36, 0xeb, 0x83,
0xa5, 0xf2, 0x6e, 0x4e, 0x36, 0xa5, 0x63, 0xab,
0x7d, 0xa1, 0xd2, 0x24, 0x17, 0xb7, 0x3b, 0x96,
0x4b, 0xbe, 0x4c, 0xcb
};
uint8_t msg3_sample2[MSG3_BODY_SIZE] =
{
0x4f, 0x85, 0xd3, 0x93, 0xc, 0x44, 0x9c, 0xdd,
0x3e, 0x81, 0xbd, 0xb6, 0xa2, 0x44, 0x16, 0x5f,
0xa8, 0x56, 0x72, 0xc1, 0x14, 0x41, 0xa, 0x2f,
0xdc, 0xb0, 0xa8, 0xa1, 0x3a, 0x51, 0x40, 0xf9,
0x12, 0x9f, 0x11, 0x86, 0xe9, 0x1a, 0xf1, 0x16,
0xbc, 0xd4, 0x6, 0x2f, 0x47, 0x2c, 0xc3, 0x37,
0x8e, 0x65, 0x7, 0x29, 0x85, 0xb0, 0x8, 0x61,
0x6b, 0x6d, 0xc7, 0x22, 0x7d, 0x22, 0x61, 0x7f,
0x40, 0x43, 0x40, 0x5a, 0x7a, 0xf4, 0x94, 0x0,
0x60, 0x36, 0xf6, 0xa4, 0x22, 0x22, 0x41, 0x82,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x2, 0x0, 0x1, 0x0, 0x3, 0x1, 0x0, 0x0,
0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0,
0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x20,
0x58, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x2, 0x2, 0xff, 0xff, 0xff, 0x1, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0xe2, 0x55, 0x5d, 0xc6, 0xe6, 0x69, 0x53, 0xc0,
0x8d, 0x52, 0x5b, 0xc0, 0x2a, 0x2c, 0x5c, 0x2f,
0xc, 0x8c, 0xfe, 0x5b, 0x1, 0xae, 0x89, 0xff,
0x2, 0x2f, 0x97, 0xea, 0x9b, 0x45, 0xb6, 0x2e,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x60, 0x27, 0x7a, 0xd2, 0xfd, 0xfc, 0x57, 0xe9,
0x80, 0xe8, 0x76, 0xe7, 0xf8, 0x78, 0xac, 0x19,
0x9, 0x88, 0xe, 0xa5, 0x38, 0x7, 0x95, 0xa7,
0xe8, 0xea, 0x98, 0xb1, 0x57, 0x84, 0x1f, 0x85,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0xdd, 0xda, 0x3e, 0x6b, 0x72, 0xa2, 0xd7, 0x31,
0x31, 0x32, 0xbd, 0xf3, 0xf4, 0xc0, 0xe3, 0xaa,
0x16, 0x19, 0x72, 0x47, 0x92, 0xe7, 0x8f, 0xf8,
0x40, 0x2b, 0xa7, 0xc0, 0xb9, 0x77, 0xb1, 0x1c,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0xa8, 0x2, 0x0, 0x0, 0x2e, 0x23, 0x7d, 0xe8,
0x5d, 0xcd, 0x6d, 0x88, 0x6f, 0xad, 0xd3, 0x4c,
0x7e, 0xed, 0xff, 0xa2, 0xea, 0x1c, 0xd5, 0xc8,
0x54, 0xbb, 0x93, 0xc8, 0x1b, 0xbe, 0xbe, 0x51,
0x6b, 0x8d, 0xb7, 0x90, 0x7f, 0x87, 0x9f, 0x9b,
0x66, 0x4f, 0xeb, 0xf4, 0x34, 0xbb, 0x90, 0x5d,
0xc5, 0x20, 0x7b, 0xd2, 0x5a, 0x92, 0x42, 0x80,
0x2f, 0x3f, 0xc2, 0x64, 0x7e, 0x77, 0xa, 0x49,
0xdb, 0xde, 0x77, 0x88, 0xd7, 0xce, 0xdb, 0x2e,
0x44, 0x50, 0x26, 0xd8, 0x7a, 0xe, 0x1c, 0x7f,
0x63, 0x36, 0x62, 0xa8, 0xa7, 0x2e, 0x60, 0x56,
0xf4, 0xbc, 0xb5, 0xca, 0xc3, 0x81, 0x9e, 0x84,
0xb8, 0xc, 0xef, 0x7a, 0x18, 0x4a, 0x5b, 0x3,
0x0, 0xe3, 0x8c, 0x3f, 0x2e, 0xf9, 0x9a, 0xf7,
0x72, 0xe1, 0xa0, 0x5e, 0x6a, 0x4c, 0x68, 0xea,
0x67, 0xfc, 0xe8, 0x21, 0x27, 0x90, 0xae, 0xbf,
0x51, 0xa4, 0xc9, 0xae, 0x3d, 0x3b, 0x5c, 0x53,
0x7e, 0x25, 0xa4, 0x6f, 0x78, 0x99, 0x35, 0x2e,
0x48, 0x50, 0xf9, 0xf0, 0x63, 0x90, 0x19, 0x6a,
0xc, 0x3d, 0x48, 0x2a, 0x5f, 0x6f, 0xb, 0xd7,
0x26, 0x64, 0xb5, 0xe0, 0x60, 0x36, 0x69, 0x40,
0x9c, 0x21, 0x29, 0xe0, 0xca, 0xae, 0xd1, 0x7a,
0x4, 0xb8, 0x8d, 0x96, 0x74, 0xa3, 0x7, 0xa4,
0x41, 0x9e, 0xf7, 0x9, 0xbe, 0x8f, 0xe8, 0x65,
0xd9, 0x26, 0x16, 0xa1, 0xef, 0x1b, 0xf4, 0xb7,
0xd5, 0xfe, 0xd6, 0x7d, 0xa6, 0x6c, 0x50, 0x8c,
0x90, 0x34, 0x1f, 0x17, 0x8c, 0x14, 0x38, 0x6d,
0xd7, 0x83, 0x1a, 0x1e, 0xcf, 0xf5, 0xb, 0xdb,
0x26, 0x8f, 0x23, 0xf9, 0x4f, 0x41, 0x73, 0xac,
0x9d, 0xfa, 0x77, 0x3, 0x6a, 0x32, 0xbb, 0x37,
0x93, 0x47, 0x38, 0x93, 0x39, 0xd2, 0x51, 0x46,
0xaf, 0xfd, 0x71, 0xda, 0x89, 0xc7, 0x44, 0xb0,
0xf3, 0x95, 0x74, 0x3b, 0xbc, 0x7d, 0x86, 0xc1,
0x6e, 0x49, 0xd8, 0x52, 0xc, 0xc1, 0x88, 0x72,
0x5, 0x5c, 0x92, 0x12, 0x22, 0x95, 0xc5, 0x12,
0xf5, 0xfa, 0x11, 0x8d, 0x50, 0x42, 0x33, 0x4,
0x41, 0x17, 0x90, 0xc8, 0xb3, 0x1d, 0x2e, 0xe5,
0x13, 0xf5, 0xd6, 0xb1, 0xc5, 0xd4, 0x6d, 0xe1,
0x68, 0x1, 0x0, 0x0, 0xc4, 0x15, 0xbf, 0x91,
0xf1, 0xad, 0xb1, 0x9f, 0x9b, 0x6b, 0x8d, 0xa2,
0xdf, 0x7d, 0x6, 0xf8, 0xba, 0x73, 0xb7, 0xb,
0x72, 0xcc, 0x34, 0x4d, 0x52, 0x3b, 0x76, 0xfd,
0x8e, 0x3a, 0x67, 0xcc, 0x36, 0xb, 0xa9, 0xc2,
0x90, 0x37, 0x77, 0x75, 0x90, 0xb8, 0x97, 0x44,
0xed, 0xb4, 0x61, 0xe8, 0x11, 0xe9, 0x2, 0x50,
0xde, 0x98, 0x99, 0x3e, 0xf6, 0x5c, 0x71, 0x92,
0x49, 0xcb, 0x0, 0x72, 0xe0, 0x55, 0xa9, 0x6e,
0xc7, 0x2, 0xf4, 0x2b, 0x3c, 0xe3, 0x42, 0x7e,
0x8b, 0xf, 0x26, 0xd9, 0x42, 0x21, 0xd5, 0x74,
0xe3, 0x35, 0xb3, 0xb8, 0xfe, 0x25, 0x1d, 0x47,
0x5b, 0x35, 0x8d, 0xfd, 0x18, 0x77, 0x29, 0xd9,
0x69, 0x2b, 0x67, 0x54, 0x8c, 0xf5, 0xd7, 0x84,
0x36, 0xf3, 0x96, 0xca, 0xb9, 0x42, 0xad, 0xd6,
0xba, 0x8d, 0x2f, 0xfc, 0x21, 0xfe, 0xa7, 0xea,
0x59, 0x94, 0xfe, 0x95, 0x1f, 0x1e, 0xb9, 0xca,
0x5e, 0x4d, 0xf1, 0x2, 0x68, 0x91, 0xf7, 0xa1,
0xea, 0x11, 0x90, 0x95, 0x1c, 0xf7, 0x85, 0xd4,
0x70, 0xf9, 0x49, 0xae, 0x5e, 0xa5, 0x62, 0x3d,
0x35, 0xc5, 0xdf, 0xc1, 0x7f, 0xc7, 0x39, 0x5a,
0x3b, 0x89, 0x8c, 0x80, 0x71, 0xe7, 0xbc, 0xbf,
0x4e, 0x72, 0x6d, 0xd7, 0xe0, 0xa2, 0xb0, 0x7d,
0xca, 0x89, 0x22, 0x6, 0xb2, 0xb4, 0x3c, 0xa2,
0xed, 0x51, 0xf, 0xa2, 0xf7, 0xc9, 0x89, 0xf0,
0x27, 0x2f, 0xf6, 0x41, 0x4e, 0xa, 0x2b, 0x67,
0x49, 0x44, 0x8e, 0x40, 0xc6, 0xb8, 0xad, 0xb8,
0x40, 0xb, 0xba, 0x73, 0x2e, 0x1d, 0x4, 0xc9,
0x28, 0x62, 0x6b, 0x3d, 0xe6, 0x5f, 0x1c, 0xdd,
0xae, 0x27, 0x6d, 0x3c, 0x2d, 0xf6, 0x42, 0x3b,
0x91, 0x1, 0x37, 0x47, 0x76, 0x5, 0xbc, 0x7,
0x8c, 0x6, 0x81, 0x77, 0x70, 0x9d, 0x8a, 0x75,
0x34, 0x1, 0x68, 0x1a, 0x38, 0x13, 0x11, 0x74,
0xf2, 0x70, 0x4f, 0x9b, 0x86, 0x15, 0xc6, 0xbc,
0x6b, 0x1a, 0x56, 0x3f, 0x4f, 0xfa, 0xd4, 0x17,
0x97, 0xbb, 0x4b, 0x91, 0x3b, 0x54, 0xf7, 0x8e,
0x53, 0xf5, 0x2, 0x21, 0x3b, 0x66, 0xf9, 0xe5,
0x79, 0xff, 0xeb, 0x5c, 0x66, 0x1b, 0x34, 0xf4,
0x41, 0xd1, 0x9a, 0xdb, 0x1f, 0x3e, 0xe3, 0x8a,
0x90, 0x98, 0x9e, 0x73, 0xb9, 0xa8, 0x20, 0xfe,
0xe7, 0xe3, 0x9f, 0x83, 0xd3, 0x95, 0x5f, 0xa,
0x40, 0x53, 0x6a, 0xd3, 0x72, 0x32, 0xde, 0xf1,
0xf, 0x98, 0x2b, 0x7d, 0x6e, 0x76, 0xbd, 0x31,
0x84, 0x99, 0x1c, 0xdc, 0xac, 0x78, 0x44, 0xbf,
0x29, 0xdd, 0x2e, 0xe3, 0x39, 0x9d, 0x38, 0x83,
0xa, 0x3e, 0x83, 0xb6, 0x74, 0x44, 0x4d, 0x78,
0x55, 0xb2, 0xe0, 0x74, 0x25, 0x61, 0x67, 0xc0,
0xe8, 0x1e, 0x5e, 0xd8
};
uint8_t attestation_msg_sample1[] =
{
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x97, 0x9e, 0xb9, 0x5a, 0xdd, 0x14, 0x17,
0xf2, 0xfa, 0xad, 0xfa, 0xd7, 0x66, 0x73, 0xfd,
0x71, 0x57, 0xf4, 0xe9, 0x8d, 0xee, 0xaf, 0x42,
0x5e, 0xbb, 0x8a, 0x4c, 0xd4, 0x84, 0xdc, 0x83,
0x6a, 0x8, 0x70, 0xd, 0xf2, 0x42, 0x8b, 0x2b,
0xee, 0x42, 0xb0, 0x85, 0xe5, 0xbf, 0x99, 0xc5,
0x22, 0xf8, 0x37, 0xf7, 0xee, 0xb6, 0x2c, 0xd5,
0x8c, 0x37, 0xa2, 0xd2, 0x51, 0xed, 0x45, 0xf9,
0x65, 0xf2, 0x25, 0x8a, 0xf9, 0x9, 0x2d, 0xdb,
0xdc, 0x4a, 0x73, 0xbd, 0x15, 0x49, 0x2, 0x10,
0xd, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x54, 0x1c, 0xdd, 0x52, 0x93, 0xd8, 0xd4,
0x28, 0x9d, 0x24, 0x7d, 0x4b, 0xe5, 0xcc, 0xe8,
0xc0
};
uint8_t attestation_msg_sample2[] =
{
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x97, 0x9e, 0xb9, 0x5a, 0xdd, 0x14, 0x17,
0xf2, 0xfa, 0xad, 0xfa, 0xd7, 0x66, 0x73, 0xfd,
0x71, 0x57, 0xf4, 0xe9, 0x8d, 0xee, 0xaf, 0x42,
0x5e, 0xbb, 0x8a, 0x4c, 0xd4, 0x84, 0xdc, 0x83,
0x6a, 0x8, 0x70, 0xd, 0xf2, 0x42, 0x8b, 0x2b,
0xee, 0x42, 0xb0, 0x85, 0xe5, 0xbf, 0x99, 0xc5,
0x22, 0xf8, 0x37, 0xf7, 0xee, 0xb6, 0x2c, 0xd5,
0x8c, 0x37, 0xa2, 0xd2, 0x51, 0xed, 0x45, 0xf9,
0x65, 0x82, 0x12, 0xa8, 0x53, 0x84, 0x65, 0x62,
0x33, 0xc0, 0x6, 0x86, 0x9f, 0x82, 0xbb, 0x6d,
0xd6, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
0x0, 0xb1, 0x60, 0x31, 0x45, 0xd1, 0xa9, 0x23,
0x7b, 0x85, 0x3f, 0x8, 0x3f, 0x48, 0x6d, 0x2d,
0xad
};

11
SampleCode/RemoteAttestation/isv_enclave/isv_enclave.config.xml Normal file
View File

@ -0,0 +1,11 @@
<EnclaveConfiguration>
<ProdID>0</ProdID>
<ISVSVN>0</ISVSVN>
<StackMaxSize>0x40000</StackMaxSize>
<HeapMaxSize>0x100000</HeapMaxSize>
<TCSNum>1</TCSNum>
<TCSPolicy>1</TCSPolicy>
<DisableDebug>0</DisableDebug>
<MiscSelect>0</MiscSelect>
<MiscMask>0xFFFFFFFF</MiscMask>
</EnclaveConfiguration>

265
SampleCode/RemoteAttestation/isv_enclave/isv_enclave.cpp Normal file
View File

@ -0,0 +1,265 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include "isv_enclave_t.h"
#include "sgx_tkey_exchange.h"
#include "sgx_tcrypto.h"
#include "string.h"
// This is the public EC key of the SP. The corresponding private EC key is
// used by the SP to sign data used in the remote attestation SIGMA protocol
// to sign channel binding data in MSG2. A successful verification of the
// signature confirms the identity of the SP to the ISV app in remote
// attestation secure channel binding. The public EC key should be hardcoded in
// the enclave or delivered in a trustworthy manner. The use of a spoofed public
// EC key in the remote attestation with secure channel binding session may lead
// to a security compromise. Every different SP the enlcave communicates to
// must have a unique SP public key. Delivery of the SP public key is
// determined by the ISV. The TKE SIGMA protocl expects an Elliptical Curve key
// based on NIST P-256
static const sgx_ec256_public_t g_sp_pub_key = {
{
0x72, 0x12, 0x8a, 0x7a, 0x17, 0x52, 0x6e, 0xbf,
0x85, 0xd0, 0x3a, 0x62, 0x37, 0x30, 0xae, 0xad,
0x3e, 0x3d, 0xaa, 0xee, 0x9c, 0x60, 0x73, 0x1d,
0xb0, 0x5b, 0xe8, 0x62, 0x1c, 0x4b, 0xeb, 0x38
},
{
0xd4, 0x81, 0x40, 0xd9, 0x50, 0xe2, 0x57, 0x7b,
0x26, 0xee, 0xb7, 0x41, 0xe7, 0xc6, 0x14, 0xe2,
0x24, 0xb7, 0xbd, 0xc9, 0x03, 0xf2, 0x9a, 0x28,
0xa8, 0x3c, 0xc8, 0x10, 0x11, 0x14, 0x5e, 0x06
}
};
// Used to store the secret passed by the SP in the sample code. The
// size is forced to be 8 bytes. Expected value is
// 0x01,0x02,0x03,0x04,0x0x5,0x0x6,0x0x7
uint8_t g_secret[8] = {0};
// This ecall is a wrapper of sgx_ra_init to create the trusted
// KE exchange key context needed for the remote attestation
// SIGMA API's. Input pointers aren't checked since the trusted stubs
// copy them into EPC memory.
//
// @param b_pse Indicates whether the ISV app is using the
// platform services.
// @param p_context Pointer to the location where the returned
// key context is to be copied.
//
// @return Any error return from the create PSE session if b_pse
// is true.
// @return Any error returned from the trusted key exchange API
// for creating a key context.
sgx_status_t enclave_init_ra(
int b_pse,
sgx_ra_context_t *p_context)
{
// isv enclave call to trusted key exchange library.
sgx_status_t ret;
if(b_pse)
{
int busy_retry_times = 2;
do{
ret = sgx_create_pse_session();
}while (ret == SGX_ERROR_BUSY && busy_retry_times--);
if (ret != SGX_SUCCESS)
return ret;
}
ret = sgx_ra_init(&g_sp_pub_key, b_pse, p_context);
if(b_pse)
{
sgx_close_pse_session();
return ret;
}
return ret;
}
// Closes the tKE key context used during the SIGMA key
// exchange.
//
// @param context The trusted KE library key context.
//
// @return Return value from the key context close API
sgx_status_t SGXAPI enclave_ra_close(
sgx_ra_context_t context)
{
sgx_status_t ret;
ret = sgx_ra_close(context);
return ret;
}
// Verify the mac sent in att_result_msg from the SP using the
// MK key. Input pointers aren't checked since the trusted stubs
// copy them into EPC memory.
//
//
// @param context The trusted KE library key context.
// @param p_message Pointer to the message used to produce MAC
// @param message_size Size in bytes of the message.
// @param p_mac Pointer to the MAC to compare to.
// @param mac_size Size in bytes of the MAC
//
// @return SGX_ERROR_INVALID_PARAMETER - MAC size is incorrect.
// @return Any error produced by tKE API to get SK key.
// @return Any error produced by the AESCMAC function.
// @return SGX_ERROR_MAC_MISMATCH - MAC compare fails.
sgx_status_t verify_att_result_mac(sgx_ra_context_t context,
uint8_t* p_message,
size_t message_size,
uint8_t* p_mac,
size_t mac_size)
{
sgx_status_t ret;
sgx_ec_key_128bit_t mk_key;
if(mac_size != sizeof(sgx_mac_t))
{
ret = SGX_ERROR_INVALID_PARAMETER;
return ret;
}
if(message_size > UINT32_MAX)
{
ret = SGX_ERROR_INVALID_PARAMETER;
return ret;
}
do {
uint8_t mac[SGX_CMAC_MAC_SIZE] = {0};
ret = sgx_ra_get_keys(context, SGX_RA_KEY_MK, &mk_key);
if(SGX_SUCCESS != ret)
{
break;
}
ret = sgx_rijndael128_cmac_msg(&mk_key,
p_message,
(uint32_t)message_size,
&mac);
if(SGX_SUCCESS != ret)
{
break;
}
if(0 == consttime_memequal(p_mac, mac, sizeof(mac)))
{
ret = SGX_ERROR_MAC_MISMATCH;
break;
}
}
while(0);
return ret;
}
// Generate a secret information for the SP encrypted with SK.
// Input pointers aren't checked since the trusted stubs copy
// them into EPC memory.
//
// @param context The trusted KE library key context.
// @param p_secret Message containing the secret.
// @param secret_size Size in bytes of the secret message.
// @param p_gcm_mac The pointer the the AESGCM MAC for the
// message.
//
// @return SGX_ERROR_INVALID_PARAMETER - secret size if
// incorrect.
// @return Any error produced by tKE API to get SK key.
// @return Any error produced by the AESGCM function.
// @return SGX_ERROR_UNEXPECTED - the secret doesn't match the
// expected value.
sgx_status_t put_secret_data(
sgx_ra_context_t context,
uint8_t *p_secret,
uint32_t secret_size,
uint8_t *p_gcm_mac)
{
sgx_status_t ret = SGX_SUCCESS;
sgx_ec_key_128bit_t sk_key;
do {
if(secret_size != 8)
{
ret = SGX_ERROR_INVALID_PARAMETER;
break;
}
ret = sgx_ra_get_keys(context, SGX_RA_KEY_SK, &sk_key);
if(SGX_SUCCESS != ret)
{
break;
}
uint8_t aes_gcm_iv[12] = {0};
ret = sgx_rijndael128GCM_decrypt(&sk_key,
p_secret,
secret_size,
&g_secret[0],
&aes_gcm_iv[0],
12,
NULL,
0,
(const sgx_aes_gcm_128bit_tag_t *)
(p_gcm_mac));
uint32_t i;
bool secret_match = true;
for(i=0;i<secret_size;i++)
{
if(g_secret[i] != i)
{
secret_match = false;
}
}
if(!secret_match)
{
ret = SGX_ERROR_UNEXPECTED;
}
// Once the server has the shared secret, it should be sealed to
// persistent storage for future use. This will prevents having to
// perform remote attestation until the secret goes stale. Once the
// enclave is created again, the secret can be unsealed.
} while(0);
return ret;
}

53
SampleCode/RemoteAttestation/isv_enclave/isv_enclave.edl Normal file
View File

@ -0,0 +1,53 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
enclave {
from "sgx_tkey_exchange.edl" import *;
include "sgx_key_exchange.h"
include "sgx_trts.h"
trusted {
public sgx_status_t enclave_init_ra(int b_pse,
[out] sgx_ra_context_t *p_context);
public sgx_status_t enclave_ra_close(sgx_ra_context_t context);
public sgx_status_t verify_att_result_mac(sgx_ra_context_t context,
[in,size=message_size] uint8_t* message,
size_t message_size,
[in,size=mac_size] uint8_t* mac,
size_t mac_size);
public sgx_status_t put_secret_data(sgx_ra_context_t context,
[in,size=secret_size] uint8_t* p_secret,
uint32_t secret_size,
[in,count=16] uint8_t* gcm_mac);
};
};

9
SampleCode/RemoteAttestation/isv_enclave/isv_enclave.lds Normal file
View File

@ -0,0 +1,9 @@
enclave.so
{
global:
g_global_data_sim;
g_global_data;
enclave_entry;
local:
*;
};

39
SampleCode/RemoteAttestation/isv_enclave/isv_enclave_private.pem Normal file
View File

@ -0,0 +1,39 @@
-----BEGIN RSA PRIVATE KEY-----
MIIG4wIBAAKCAYEA0MvI9NpdP4GEqCvtlJQv00OybzTXzxBhPu/257VYt9cYw/ph
BN1WRyxBBcrZs15xmcvlb3xNmFGWs4w5oUgrFBNgi6g+CUOCsj0cM8xw7P/y3K0H
XaZUf+T3CXCp8NvlkZHzfdWAFA5lGGR9g6kmuk7SojE3h87Zm1KjPU/PvAe+BaMU
trlRr4gPNVnu19Vho60xwuswPxfl/pBFUIk7qWEUR3l2hiqWMeLgf3Ays/WSnkXA
uijwPt5g0hxsgIlyDrI3jKbf0zkFB56jvPwSykfU8aw4Gkbo5qSZxUAKnwH2L8Uf
yM6inBaaYtM79icRwsu45Yt6X0GAt7CSb/1TKBrnm5exmK1sug3YSQ/YuK1FYawU
vIaDD0YfzOndTNVBewA+Hr5xNPvqGJoRKHuGbyu2lI9jrKYpVxQWsmx38wnxF6kE
zX6N4m7KZiLeLpDdBVQtLuOzIdIE4wT3t/ckeqElxO/1Ut9bj765GcTTrYwMKHRw
ukWIH7ZtHtAjj0KzAgEDAoIBgQCLMoX4kZN/q63Fcp5jDXU3gnb0zeU0tZYp9U9F
I5B6j2XX/ECt6OQvctYD3JEiPvZmh+5KUt5li7nNCCZrhXINYkBdGtQGLQHMKL13
3aCd//c9yK+TxDhVQ09boHFLPUO2YUz+jlVitENlmFOtG28m3zcWy3paieZnjGzT
iop9Wn6ubLh50OEfsAojkUnlOOvCc3aB8iAqD+6ptYOLBifGQLgvpk8EHGQhQer/
oCHNTmG+2SsmxfV/Pus2vZ2rBkrUbZU0hwrnvKOIPhnt3Qwtmx9xsC67jF+MpWko
UisJXC27FAGz2gpIGMhBp35HEppwG9hhCuMQdK2g62bvweyr1tC4qOVdQrKvhksN
r6CMjS9eSXvmWdF7lU4oxStN0V56/LICSIsLbggUaxTPKhAVEgfTSqwEJoQuFA3Q
4GmgTydPhcRH1L/lhbWJqZQm7V1Gt+5i5J6iATD32uNQQ2iZi5GsUhr+jZC+WlE5
6lS813cRNiaK52HIk62bG7IXOksCgcEA+6RxZhQ5GaCPYZNsk7TqxqsKopXKoYAr
2R4KWuexJTd+1kcNMk0ETX8OSgpY2cYL2uPFWmdutxPpLfpr8S2u92Da/Wxs70Ti
QSb0426ybTmnS5L7nOnGOHiddXILhW175liAszTeoR7nQ6vpr9YjfcnrXiB8bKIm
akft2DQoxrBPzEe9tA8gfkyDTsSG2j7kncSbvYRtkKcJOmmypotVU6uhRPSrSXCc
J59uBQkg6Bk4CKA1mz8ctG07MluFY0/ZAoHBANRpZlfIFl39gFmuEER7lb80GySO
J190LbqOca3dGOvAMsDgEAi6juJyX7ZNpbHFHj++LvmTtw9+kxhVDBcswS7304kt
7J2EfnGdctEZtXif1wiq30YWAp1tjRpQENKtt9wssmgcwgK39rZNiEHmStHGv3l+
5TnKPKeuFCDnsLvi5lQYoK2wTYvZtsjf+Rnt7H17q90IV54pMjTS8BkGskCkKf2A
IYuaZkqX0T3cM6ovoYYDAU6rWL5rrYPLEwkbawKBwQCnwvZEDXtmawpBDPMNI0cv
HLHBuTHBAB07aVw8mnYYz6nkL14hiK2I/17cBuXmhAfnQoORmknPYptz/Ef2HnSk
6zyo8vNKLewrb03s9Hbze8TdDKe98S7QUGj49rJY86fu5asiIz8WFJotHUZ1OWz+
hpzpav2dwW7xhUk6zXCEdYqIL9PNX2r+3azfLa88Ke2+gxJ+WEkLGgYm8SHEXOON
HRYt+HIw9b1vv56uBhXwENAFwCO81L3Nnid2565CNTsCgcEAjZuZj9q5k/5VkR61
gv0Of3gSGF7E6k1z0bRLyT4QnSrMgJVgBdG0lvbqeYkZIS4UKn7J+7fPX6m3ZY4I
D3MrdKU3sMlIaQL+9mj3NhEjpb/ksHHqLrlXE55eEYq14cklPXMhmr3WrHqkeYkF
gUQx4S8qUP9De9wob8liwJp10pdEOBBrHnWJB+Z52z/7Zp6dqP0dPgWPvsYheIyg
EK8hgG1xU6rBB7xEMbqLfpLNHB/BBAIA3xzl1EfJAodiBhJHAoHAeTS2znDHYayI
TvK86tBAPVORiBVTSdRUONdGF3dipo24hyeyrI5MtiOoMc3sKWXnSTkDQWa3WiPx
qStBmmO/SbGTuz7T6+oOwGeMiYzYBe87Ayn8Y0KYYshFikieJbGusHjUlIGmCVPy
UHrDMYGwFGUGBwW47gBsnZa+YPHtxWCPDe/U80et2Trx0RXJJQPmupAVMSiJWObI
9k5gRU+xDqkHanyD1gkGGwhFTUNX94EJEOdQEWw3hxLnVtePoke/
-----END RSA PRIVATE KEY-----

172
SampleCode/RemoteAttestation/service_provider/ecp.cpp Normal file
View File

@ -0,0 +1,172 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include <stdlib.h>
#include <string.h>
#include "ecp.h"
#include "sample_libcrypto.h"
#define MAC_KEY_SIZE 16
errno_t memcpy_s(
void *dest,
size_t numberOfElements,
const void *src,
size_t count)
{
if(numberOfElements<count)
return -1;
memcpy(dest, src, count);
return 0;
}
bool verify_cmac128(
sample_ec_key_128bit_t mac_key,
const uint8_t *p_data_buf,
uint32_t buf_size,
const uint8_t *p_mac_buf)
{
uint8_t data_mac[SAMPLE_EC_MAC_SIZE];
sample_status_t sample_ret;
sample_ret = sample_rijndael128_cmac_msg((sample_cmac_128bit_key_t*)mac_key,
p_data_buf,
buf_size,
(sample_cmac_128bit_tag_t *)data_mac);
if(sample_ret != SAMPLE_SUCCESS)
return false;
// In real implementation, should use a time safe version of memcmp here,
// in order to avoid side channel attack.
if(!memcmp(p_mac_buf, data_mac, SAMPLE_EC_MAC_SIZE))
return true;
return false;
}
#define EC_DERIVATION_BUFFER_SIZE(label_length) ((label_length) +4)
const char str_SMK[] = "SMK";
const char str_SK[] = "SK";
const char str_MK[] = "MK";
const char str_VK[] = "VK";
// Derive key from shared key and key id.
// key id should be sample_derive_key_type_t.
bool derive_key(
const sample_ec_dh_shared_t *p_shared_key,
uint8_t key_id,
sample_ec_key_128bit_t* derived_key)
{
sample_status_t sample_ret = SAMPLE_SUCCESS;
uint8_t cmac_key[MAC_KEY_SIZE];
sample_ec_key_128bit_t key_derive_key;
memset(&cmac_key, 0, MAC_KEY_SIZE);
sample_ret = sample_rijndael128_cmac_msg(
(sample_cmac_128bit_key_t *)&cmac_key,
(uint8_t*)p_shared_key,
sizeof(sample_ec_dh_shared_t),
(sample_cmac_128bit_tag_t *)&key_derive_key);
if (sample_ret != SAMPLE_SUCCESS)
{
// memset here can be optimized away by compiler, so please use memset_s on
// windows for production code and similar functions on other OSes.
memset(&key_derive_key, 0, sizeof(key_derive_key));
return false;
}
const char *label = NULL;
uint32_t label_length = 0;
switch (key_id)
{
case SAMPLE_DERIVE_KEY_SMK:
label = str_SMK;
label_length = sizeof(str_SMK) -1;
break;
case SAMPLE_DERIVE_KEY_SK:
label = str_SK;
label_length = sizeof(str_SK) -1;
break;
case SAMPLE_DERIVE_KEY_MK:
label = str_MK;
label_length = sizeof(str_MK) -1;
break;
case SAMPLE_DERIVE_KEY_VK:
label = str_VK;
label_length = sizeof(str_VK) -1;
break;
default:
// memset here can be optimized away by compiler, so please use memset_s on
// windows for production code and similar functions on other OSes.
memset(&key_derive_key, 0, sizeof(key_derive_key));
return false;
break;
}
/* derivation_buffer = counter(0x01) || label || 0x00 || output_key_len(0x0080) */
uint32_t derivation_buffer_length = EC_DERIVATION_BUFFER_SIZE(label_length);
uint8_t *p_derivation_buffer = (uint8_t *)malloc(derivation_buffer_length);
if (p_derivation_buffer == NULL)
{
// memset here can be optimized away by compiler, so please use memset_s on
// windows for production code and similar functions on other OSes.
memset(&key_derive_key, 0, sizeof(key_derive_key));
return false;
}
memset(p_derivation_buffer, 0, derivation_buffer_length);
/*counter = 0x01 */
p_derivation_buffer[0] = 0x01;
/*label*/
memcpy(&p_derivation_buffer[1], label, label_length);
/*output_key_len=0x0080*/
uint16_t *key_len = (uint16_t *)(&(p_derivation_buffer[derivation_buffer_length - 2]));
*key_len = 0x0080;
sample_ret = sample_rijndael128_cmac_msg(
(sample_cmac_128bit_key_t *)&key_derive_key,
p_derivation_buffer,
derivation_buffer_length,
(sample_cmac_128bit_tag_t *)derived_key);
free(p_derivation_buffer);
// memset here can be optimized away by compiler, so please use memset_s on
// windows for production code and similar functions on other OSes.
memset(&key_derive_key, 0, sizeof(key_derive_key));
if (sample_ret != SAMPLE_SUCCESS)
{
return false;
}
return true;
}

96
SampleCode/RemoteAttestation/service_provider/ecp.h Normal file
View File

@ -0,0 +1,96 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef _ECP_H
#define _ECP_H
#include <stdint.h>
#include <stdlib.h>
#include "remote_attestation_result.h"
#ifndef SAMPLE_FEBITSIZE
#define SAMPLE_FEBITSIZE 256
#endif
#define SAMPLE_ECP_KEY_SIZE (SAMPLE_FEBITSIZE/8)
typedef struct sample_ec_priv_t
{
uint8_t r[SAMPLE_ECP_KEY_SIZE];
} sample_ec_priv_t;
typedef struct sample_ec_dh_shared_t
{
uint8_t s[SAMPLE_ECP_KEY_SIZE];
}sample_ec_dh_shared_t;
typedef uint8_t sample_ec_key_128bit_t[16];
#define SAMPLE_EC_MAC_SIZE 16
#ifdef __cplusplus
extern "C" {
#endif
#ifndef _ERRNO_T_DEFINED
#define _ERRNO_T_DEFINED
typedef int errno_t;
#endif
errno_t memcpy_s(void *dest, size_t numberOfElements, const void *src,
size_t count);
typedef enum _sample_derive_key_type_t
{
SAMPLE_DERIVE_KEY_SMK = 0,
SAMPLE_DERIVE_KEY_SK,
SAMPLE_DERIVE_KEY_MK,
SAMPLE_DERIVE_KEY_VK,
} sample_derive_key_type_t;
bool derive_key(
const sample_ec_dh_shared_t *p_shared_key,
uint8_t key_id,
sample_ec_key_128bit_t *derived_key);
bool verify_cmac128(
sample_ec_key_128bit_t mac_key,
const uint8_t *p_data_buf,
uint32_t buf_size,
const uint8_t *p_mac_buf);
#ifdef __cplusplus
}
#endif
#endif

258
SampleCode/RemoteAttestation/service_provider/ias_ra.cpp Normal file
View File

@ -0,0 +1,258 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include "service_provider.h"
#include "sample_libcrypto.h"
#include "ecp.h"
#include <stdio.h>
#include <stdlib.h>
#include <stddef.h>
#include <time.h>
#include <string.h>
#include "ias_ra.h"
// @TODO: This whole file is used as simulation of the interfaces to be
// delivered the IAS. Once the interface definitions are made available by the
// IAS, this file should be changed accordingly.
#define UNUSED(expr) do { (void)(expr); } while (0)
#if !defined(SWAP_ENDIAN_DW)
#define SWAP_ENDIAN_DW(dw) ((((dw) & 0x000000ff) << 24) \
| (((dw) & 0x0000ff00) << 8) \
| (((dw) & 0x00ff0000) >> 8) \
| (((dw) & 0xff000000) >> 24))
#endif
#if !defined(SWAP_ENDIAN_32B)
#define SWAP_ENDIAN_32B(ptr) \
{\
unsigned int temp = 0; \
temp = SWAP_ENDIAN_DW(((unsigned int*)(ptr))[0]); \
((unsigned int*)(ptr))[0] = SWAP_ENDIAN_DW(((unsigned int*)(ptr))[7]); \
((unsigned int*)(ptr))[7] = temp; \
temp = SWAP_ENDIAN_DW(((unsigned int*)(ptr))[1]); \
((unsigned int*)(ptr))[1] = SWAP_ENDIAN_DW(((unsigned int*)(ptr))[6]); \
((unsigned int*)(ptr))[6] = temp; \
temp = SWAP_ENDIAN_DW(((unsigned int*)(ptr))[2]); \
((unsigned int*)(ptr))[2] = SWAP_ENDIAN_DW(((unsigned int*)(ptr))[5]); \
((unsigned int*)(ptr))[5] = temp; \
temp = SWAP_ENDIAN_DW(((unsigned int*)(ptr))[3]); \
((unsigned int*)(ptr))[3] = SWAP_ENDIAN_DW(((unsigned int*)(ptr))[4]); \
((unsigned int*)(ptr))[4] = temp; \
}
#endif
// This is the ECDSA NIST P-256 private key used to sign platform_info_blob.
// This private
// key and the public key in SDK untrusted KElibrary should be a temporary key
// pair. For production parts the IAS will sign the platform_info_blob with the
// production private key and the SDK untrusted KE library will have the public
// key for verifcation.
// @TODO: This key will will not be available when the production backend
// is avaialbe. The remote attestation sample will need to change to use the
// real backend. This will likely be an RSA2048 type of key.
static const sample_ec256_private_t g_rk_priv_key =
{{
0x63,0x2c,0xd4,0x02,0x7a,0xdc,0x56,0xa5,
0x59,0x6c,0x44,0x3e,0x43,0xca,0x4e,0x0b,
0x58,0xcd,0x78,0xcb,0x3c,0x7e,0xd5,0xb9,
0xf2,0x91,0x5b,0x39,0x0d,0xb3,0xb5,0xfb
}};
static sample_spid_t g_sim_spid = {"Service X"};
// Simulates the IAS function for verifying the quote produce by
// the ISV enclave. It doesn't decrypt or verify the quote in
// the simulation. Just produces the attestaion verification
// report with the platform info blob.
//
// @param p_isv_quote Pointer to the quote generated by the ISV
// enclave.
// @param pse_manifest Pointer to the PSE manifest if used.
// @param p_attestation_verification_report Pointer the outputed
// verification report.
//
// @return int
int ias_verify_attestation_evidence(
sample_quote_t *p_isv_quote,
uint8_t* pse_manifest,
ias_att_report_t* p_attestation_verification_report)
{
int ret = 0;
sample_ecc_state_handle_t ecc_state = NULL;
//unused parameters
UNUSED(pse_manifest);
if((NULL == p_isv_quote) ||
(NULL == p_attestation_verification_report))
{
return -1;
}
//Decrypt the Quote signature and verify.
p_attestation_verification_report->id = 0x12345678;
p_attestation_verification_report->status = IAS_QUOTE_OK;
p_attestation_verification_report->revocation_reason =
IAS_REVOC_REASON_NONE;
p_attestation_verification_report->info_blob.sample_epid_group_status =
0 << IAS_EPID_GROUP_STATUS_REVOKED_BIT_POS
| 0 << IAS_EPID_GROUP_STATUS_REKEY_AVAILABLE_BIT_POS;
p_attestation_verification_report->info_blob.sample_tcb_evaluation_status =
0 << IAS_TCB_EVAL_STATUS_CPUSVN_OUT_OF_DATE_BIT_POS
| 0 << IAS_TCB_EVAL_STATUS_ISVSVN_OUT_OF_DATE_BIT_POS;
p_attestation_verification_report->info_blob.pse_evaluation_status =
0 << IAS_PSE_EVAL_STATUS_ISVSVN_OUT_OF_DATE_BIT_POS
| 0 << IAS_PSE_EVAL_STATUS_EPID_GROUP_REVOKED_BIT_POS
| 0 << IAS_PSE_EVAL_STATUS_PSDASVN_OUT_OF_DATE_BIT_POS
| 0 << IAS_PSE_EVAL_STATUS_SIGRL_OUT_OF_DATE_BIT_POS
| 0 << IAS_PSE_EVAL_STATUS_PRIVRL_OUT_OF_DATE_BIT_POS;
memset(p_attestation_verification_report->
info_blob.latest_equivalent_tcb_psvn, 0, PSVN_SIZE);
memset(p_attestation_verification_report->info_blob.latest_pse_isvsvn,
0, ISVSVN_SIZE);
memset(p_attestation_verification_report->info_blob.latest_psda_svn,
0, PSDA_SVN_SIZE);
memset(p_attestation_verification_report->info_blob.performance_rekey_gid,
0, GID_SIZE);
// @TODO: Product signing algorithm still TBD. May be RSA2048 signing.
// Generate the Service providers ECCDH key pair.
do {
ret = sample_ecc256_open_context(&ecc_state);
if (SAMPLE_SUCCESS != ret) {
fprintf(stderr, "\nError, cannot get ECC cotext in [%s].",
__FUNCTION__);
ret = -1;
break;
}
// Sign
ret = sample_ecdsa_sign(
(uint8_t *)&p_attestation_verification_report->
info_blob.sample_epid_group_status,
sizeof(ias_platform_info_blob_t) - sizeof(sample_ec_sign256_t),
(sample_ec256_private_t *)&g_rk_priv_key,
(sample_ec256_signature_t *)&p_attestation_verification_report->
info_blob.signature,
ecc_state);
if (SAMPLE_SUCCESS != ret) {
fprintf(stderr, "\nError, sign ga_gb fail in [%s].", __FUNCTION__);
ret = SP_INTERNAL_ERROR;
break;
}
SWAP_ENDIAN_32B(p_attestation_verification_report->
info_blob.signature.x);
SWAP_ENDIAN_32B(p_attestation_verification_report->
info_blob.signature.y);
}while (0);
if (ecc_state) {
sample_ecc256_close_context(ecc_state);
}
p_attestation_verification_report->pse_status = IAS_PSE_OK;
// For now, don't simulate the policy reports.
p_attestation_verification_report->policy_report_size = 0;
return(ret);
}
// Simulates retrieving the SIGRL for upon the SP request. Becaue the IAS
// backend is not ready right now, we will return NULL.
//
// @param gid Group ID for the EPID key.
// @param p_sig_rl_size Pointer to the output value of the full
// SIGRL size in bytes. (including the
// signature).
// @param p_sig_rl Pointer to the output of the SIGRL.
//
// @return int
int ias_get_sigrl(
const sample_epid_group_id_t gid,
uint32_t *p_sig_rl_size,
uint8_t **p_sig_rl)
{
int ret = 0;
UNUSED(gid);
do {
if (NULL == p_sig_rl || NULL == p_sig_rl_size) {
ret = -1;
break;
}
*p_sig_rl_size = 0;
*p_sig_rl = NULL;
// we should try to get sig_rl from IAS, but right now we will just
// skip it until the IAS backend is ready.
break;
}while (0);
return(ret);
}
// Used to simulate the enrollment function of the IAS. It only
// gives back the SPID right now. In production, the enrollment
// occurs out of context from an attestation attempt and only
// occurs once.
//
//
// @param sp_credentials
// @param p_spid
// @param p_authentication_token
//
// @return int
int ias_enroll(
int sp_credentials,
sample_spid_t *p_spid,
int *p_authentication_token)
{
UNUSED(sp_credentials);
UNUSED(p_authentication_token);
if (NULL != p_spid) {
memcpy_s(p_spid, sizeof(sample_spid_t), &g_sim_spid,
sizeof(sample_spid_t));
} else {
return(1);
}
return(0);
}

210
SampleCode/RemoteAttestation/service_provider/ias_ra.h Normal file
View File

@ -0,0 +1,210 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef _IAS_RA_H
#define _IAS_RA_H
#include "ecp.h"
// These status should align with the definition in IAS API spec(rev 0.6)
typedef enum {
IAS_QUOTE_OK,
IAS_QUOTE_SIGNATURE_INVALID,
IAS_QUOTE_GROUP_REVOKED,
IAS_QUOTE_SIGNATURE_REVOKED,
IAS_QUOTE_KEY_REVOKED,
IAS_QUOTE_SIGRL_VERSION_MISMATCH,
IAS_QUOTE_GROUP_OUT_OF_DATE,
} ias_quote_status_t;
// These status should align with the definition in IAS API spec(rev 0.6)
typedef enum {
IAS_PSE_OK,
IAS_PSE_DESC_TYPE_NOT_SUPPORTED,
IAS_PSE_ISVSVN_OUT_OF_DATE,
IAS_PSE_MISCSELECT_INVALID,
IAS_PSE_ATTRIBUTES_INVALID,
IAS_PSE_MRSIGNER_INVALID,
IAS_PS_HW_GID_REVOKED,
IAS_PS_HW_PRIVKEY_RLVER_MISMATCH,
IAS_PS_HW_SIG_RLVER_MISMATCH,
IAS_PS_HW_CA_ID_INVALID,
IAS_PS_HW_SEC_INFO_INVALID,
IAS_PS_HW_PSDA_SVN_OUT_OF_DATE,
} ias_pse_status_t;
// Revocation Reasons from RFC5280
typedef enum {
IAS_REVOC_REASON_NONE,
IAS_REVOC_REASON_KEY_COMPROMISE,
IAS_REVOC_REASON_CA_COMPROMISED,
IAS_REVOC_REASON_SUPERCEDED,
IAS_REVOC_REASON_CESSATION_OF_OPERATION,
IAS_REVOC_REASON_CERTIFICATE_HOLD,
IAS_REVOC_REASON_PRIVILEGE_WITHDRAWN,
IAS_REVOC_REASON_AA_COMPROMISE,
} ias_revoc_reason_t;
// These status should align with the definition in IAS API spec(rev 0.6)
#define IAS_EPID_GROUP_STATUS_REVOKED_BIT_POS 0x00
#define IAS_EPID_GROUP_STATUS_REKEY_AVAILABLE_BIT_POS 0x01
#define IAS_TCB_EVAL_STATUS_CPUSVN_OUT_OF_DATE_BIT_POS 0x00
#define IAS_TCB_EVAL_STATUS_ISVSVN_OUT_OF_DATE_BIT_POS 0x01
#define IAS_PSE_EVAL_STATUS_ISVSVN_OUT_OF_DATE_BIT_POS 0x00
#define IAS_PSE_EVAL_STATUS_EPID_GROUP_REVOKED_BIT_POS 0x01
#define IAS_PSE_EVAL_STATUS_PSDASVN_OUT_OF_DATE_BIT_POS 0x02
#define IAS_PSE_EVAL_STATUS_SIGRL_OUT_OF_DATE_BIT_POS 0x03
#define IAS_PSE_EVAL_STATUS_PRIVRL_OUT_OF_DATE_BIT_POS 0x04
// These status should align with the definition in IAS API spec(rev 0.6)
#define ISVSVN_SIZE 2
#define PSDA_SVN_SIZE 4
#define GID_SIZE 4
#define PSVN_SIZE 18
#define SAMPLE_HASH_SIZE 32 // SHA256
#define SAMPLE_MAC_SIZE 16 // Message Authentication Code
// - 16 bytes
#define SAMPLE_REPORT_DATA_SIZE 64
typedef uint8_t sample_measurement_t[SAMPLE_HASH_SIZE];
typedef uint8_t sample_mac_t[SAMPLE_MAC_SIZE];
typedef uint8_t sample_report_data_t[SAMPLE_REPORT_DATA_SIZE];
typedef uint16_t sample_prod_id_t;
#define SAMPLE_CPUSVN_SIZE 16
typedef uint8_t sample_cpu_svn_t[SAMPLE_CPUSVN_SIZE];
typedef uint16_t sample_isv_svn_t;
typedef struct sample_attributes_t
{
uint64_t flags;
uint64_t xfrm;
} sample_attributes_t;
typedef struct sample_report_body_t {
sample_cpu_svn_t cpu_svn; // ( 0) Security Version of the CPU
uint8_t reserved1[32]; // ( 16)
sample_attributes_t attributes; // ( 48) Any special Capabilities
// the Enclave possess
sample_measurement_t mr_enclave; // ( 64) The value of the enclave's
// ENCLAVE measurement
uint8_t reserved2[32]; // ( 96)
sample_measurement_t mr_signer; // (128) The value of the enclave's
// SIGNER measurement
uint8_t reserved3[32]; // (160)
sample_measurement_t mr_reserved1; // (192)
sample_measurement_t mr_reserved2; // (224)
sample_prod_id_t isv_prod_id; // (256) Product ID of the Enclave
sample_isv_svn_t isv_svn; // (258) Security Version of the
// Enclave
uint8_t reserved4[60]; // (260)
sample_report_data_t report_data; // (320) Data provided by the user
} sample_report_body_t;
#pragma pack(push, 1)
// This is a context data structure used in SP side
// @TODO: Modify at production to use the values specified by the Production
// IAS API
typedef struct _ias_att_report_t
{
uint32_t id;
ias_quote_status_t status;
uint32_t revocation_reason;
ias_platform_info_blob_t info_blob;
ias_pse_status_t pse_status;
uint32_t policy_report_size;
uint8_t policy_report[];// IAS_Q: Why does it specify a
// list of reports?
} ias_att_report_t;
typedef uint8_t sample_epid_group_id_t[4];
typedef struct sample_spid_t
{
uint8_t id[16];
} sample_spid_t;
typedef struct sample_basename_t
{
uint8_t name[32];
} sample_basename_t;
typedef struct sample_quote_nonce_t
{
uint8_t rand[16];
} sample_quote_nonce_t;
#define SAMPLE_QUOTE_UNLINKABLE_SIGNATURE 0
#define SAMPLE_QUOTE_LINKABLE_SIGNATURE 1
typedef struct sample_quote_t {
uint16_t version; // 0
uint16_t sign_type; // 2
sample_epid_group_id_t epid_group_id; // 4
sample_isv_svn_t qe_svn; // 8
uint8_t reserved[6]; // 10
sample_basename_t basename; // 16
sample_report_body_t report_body; // 48
uint32_t signature_len; // 432
uint8_t signature[]; // 436
} sample_quote_t;
#pragma pack(pop)
#ifdef __cplusplus
extern "C" {
#endif
int ias_enroll(int sp_credentials, sample_spid_t* spid,
int* authentication_token);
int ias_get_sigrl(const sample_epid_group_id_t gid, uint32_t* p_sig_rl_size,
uint8_t** p_sig_rl);
int ias_verify_attestation_evidence(sample_quote_t* p_isv_quote,
uint8_t* pse_manifest,
ias_att_report_t* attestation_verification_report);
#ifdef __cplusplus
}
#endif
#endif

123
SampleCode/RemoteAttestation/service_provider/network_ra.cpp Normal file
View File

@ -0,0 +1,123 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include <stdint.h>
#include <stdlib.h>
#include <stdio.h>
#include "network_ra.h"
#include "service_provider.h"
// Used to send requests to the service provider sample. It
// simulates network communication between the ISV app and the
// ISV service provider. This would be modified in a real
// product to use the proper IP communication.
//
// @param server_url String name of the server URL
// @param p_req Pointer to the message to be sent.
// @param p_resp Pointer to a pointer of the response message.
// @return int
int ra_network_send_receive(const char *server_url,
const ra_samp_request_header_t *p_req,
ra_samp_response_header_t **p_resp)
{
int ret = 0;
ra_samp_response_header_t* p_resp_msg;
if((NULL == server_url) ||
(NULL == p_req) ||
(NULL == p_resp))
{
return -1;
}
switch(p_req->type)
{
case TYPE_RA_MSG1:
ret = sp_ra_proc_msg1_req((const sample_ra_msg1_t*)((uint8_t*)p_req
+ sizeof(ra_samp_request_header_t)),
p_req->size,
&p_resp_msg);
if(0 != ret)
{
fprintf(stderr, "\nError, call sp_ra_proc_msg1_req fail [%s].",
__FUNCTION__);
}
else
{
*p_resp = p_resp_msg;
}
break;
case TYPE_RA_MSG3:
ret =sp_ra_proc_msg3_req((const sample_ra_msg3_t*)((uint8_t*)p_req +
sizeof(ra_samp_request_header_t)),
p_req->size,
&p_resp_msg);
if(0 != ret)
{
fprintf(stderr, "\nError, call sp_ra_proc_msg3_req fail [%s].",
__FUNCTION__);
}
else
{
*p_resp = p_resp_msg;
}
break;
default:
ret = -1;
fprintf(stderr, "\nError, unknown ra message type. Type = %d [%s].",
p_req->type, __FUNCTION__);
break;
}
return ret;
}
// Used to free the response messages. In the sample code, the
// response messages are allocated by the SP code.
//
//
// @param resp Pointer to the response buffer to be freed.
void ra_free_network_response_buffer(ra_samp_response_header_t *resp)
{
if(resp!=NULL)
{
free(resp);
}
}

92
SampleCode/RemoteAttestation/service_provider/network_ra.h Normal file
View File

@ -0,0 +1,92 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef _NETWORK_RA_H
#define _NETWORK_RA_H
// Enum for all possible message types between the ISV app and
// the ISV SP. Requests and responses in hte remote attestation
// sample.
typedef enum _ra_msg_type_t
{
TYPE_RA_MSG1 = 1,
TYPE_RA_MSG2,
TYPE_RA_MSG3,
TYPE_RA_ATT_RESULT,
}ra_msg_type_t;
// Enum for all possible message types between the SP and IAS.
// Network communication is not simulated in the remote
// attestation sample. Currently these aren't used.
typedef enum _ias_msg_type_t
{
TYPE_IAS_ENROLL,
TYPE_IAS_GET_SIGRL,
TYPE_IAS_SIGRL,
TYPE_IAS_ATT_EVIDENCE,
TYPE_IAS_ATT_RESULT,
}ias_msg_type_t;
#pragma pack(1)
typedef struct _ra_samp_request_header_t{
uint8_t type; // set to one of ra_msg_type_t
uint32_t size; //size of request body,
uint8_t align[3];
uint8_t body[];
}ra_samp_request_header_t;
typedef struct _ra_samp_response_header_t{
uint8_t type; // set to one of ra_msg_type_t
uint8_t status[2];
uint32_t size; //size of the response body
uint8_t align[1];
uint8_t body[];
}ra_samp_response_header_t;
#pragma pack()
#ifdef __cplusplus
extern "C" {
#endif
int ra_network_send_receive(const char *server_url,
const ra_samp_request_header_t *req,
ra_samp_response_header_t **p_resp);
void ra_free_network_response_buffer(ra_samp_response_header_t *resp);
#ifdef __cplusplus
}
#endif
#endif

105
SampleCode/RemoteAttestation/service_provider/remote_attestation_result.h Normal file
View File

@ -0,0 +1,105 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef _REMOTE_ATTESTATION_RESULT_H_
#define _REMOTE_ATTESTATION_RESULT_H_
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
#define SAMPLE_MAC_SIZE 16 // Message Authentication Code
// - 16 bytes
typedef uint8_t sample_mac_t[SAMPLE_MAC_SIZE];
#ifndef SAMPLE_FEBITSIZE
#define SAMPLE_FEBITSIZE 256
#endif
#define SAMPLE_NISTP256_KEY_SIZE (SAMPLE_FEBITSIZE/ 8 /sizeof(uint32_t))
typedef struct sample_ec_sign256_t
{
uint32_t x[SAMPLE_NISTP256_KEY_SIZE];
uint32_t y[SAMPLE_NISTP256_KEY_SIZE];
} sample_ec_sign256_t;
#pragma pack(push,1)
#define SAMPLE_SP_TAG_SIZE 16
typedef struct sp_aes_gcm_data_t {
uint32_t payload_size; // 0: Size of the payload which is
// encrypted
uint8_t reserved[12]; // 4: Reserved bits
uint8_t payload_tag[SAMPLE_SP_TAG_SIZE];
// 16: AES-GMAC of the plain text,
// payload, and the sizes
uint8_t payload[]; // 32: Ciphertext of the payload
// followed by the plain text
} sp_aes_gcm_data_t;
#define ISVSVN_SIZE 2
#define PSDA_SVN_SIZE 4
#define GID_SIZE 4
#define PSVN_SIZE 18
// @TODO: Modify at production to use the values specified by the Production
// IAS API
typedef struct ias_platform_info_blob_t
{
uint8_t sample_epid_group_status;
uint16_t sample_tcb_evaluation_status;
uint16_t pse_evaluation_status;
uint8_t latest_equivalent_tcb_psvn[PSVN_SIZE];
uint8_t latest_pse_isvsvn[ISVSVN_SIZE];
uint8_t latest_psda_svn[PSDA_SVN_SIZE];
uint8_t performance_rekey_gid[GID_SIZE];
sample_ec_sign256_t signature;
} ias_platform_info_blob_t;
typedef struct sample_ra_att_result_msg_t {
ias_platform_info_blob_t platform_info_blob;
sample_mac_t mac; // mac_smk(attestation_status)
sp_aes_gcm_data_t secret;
} sample_ra_att_result_msg_t;
#pragma pack(pop)
#ifdef __cplusplus
}
#endif
#endif

660
SampleCode/RemoteAttestation/service_provider/service_provider.cpp Normal file
View File

@ -0,0 +1,660 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include "service_provider.h"
#include "sample_libcrypto.h"
#include "ecp.h"
#include <stdio.h>
#include <stdlib.h>
#include <stddef.h>
#include <time.h>
#include <string.h>
#include "ias_ra.h"
#ifndef SAFE_FREE
#define SAFE_FREE(ptr) {if (NULL != (ptr)) {free(ptr); (ptr) = NULL;}}
#endif
// This is the private EC key of SP, the corresponding public EC key is
// hard coded in isv_enclave. It is based on NIST P-256 curve.
static const sample_ec256_private_t g_sp_priv_key = {
{
0x90, 0xe7, 0x6c, 0xbb, 0x2d, 0x52, 0xa1, 0xce,
0x3b, 0x66, 0xde, 0x11, 0x43, 0x9c, 0x87, 0xec,
0x1f, 0x86, 0x6a, 0x3b, 0x65, 0xb6, 0xae, 0xea,
0xad, 0x57, 0x34, 0x53, 0xd1, 0x03, 0x8c, 0x01
}
};
// This is the public EC key of SP, this key is hard coded in isv_enclave.
// It is based on NIST P-256 curve. Not used in the SP code.
static const sample_ec_pub_t g_sp_pub_key = {
{
0x72, 0x12, 0x8a, 0x7a, 0x17, 0x52, 0x6e, 0xbf,
0x85, 0xd0, 0x3a, 0x62, 0x37, 0x30, 0xae, 0xad,
0x3e, 0x3d, 0xaa, 0xee, 0x9c, 0x60, 0x73, 0x1d,
0xb0, 0x5b, 0xe8, 0x62, 0x1c, 0x4b, 0xeb, 0x38
},
{
0xd4, 0x81, 0x40, 0xd9, 0x50, 0xe2, 0x57, 0x7b,
0x26, 0xee, 0xb7, 0x41, 0xe7, 0xc6, 0x14, 0xe2,
0x24, 0xb7, 0xbd, 0xc9, 0x03, 0xf2, 0x9a, 0x28,
0xa8, 0x3c, 0xc8, 0x10, 0x11, 0x14, 0x5e, 0x06
}
};
// This is a context data structure used on SP side
typedef struct _sp_db_item_t
{
sample_ec_pub_t g_a;
sample_ec_pub_t g_b;
sample_ec_key_128bit_t vk_key;// Shared secret key for the REPORT_DATA
sample_ec_key_128bit_t mk_key;// Shared secret key for generating MAC's
sample_ec_key_128bit_t sk_key;// Shared secret key for encryption
sample_ec_key_128bit_t smk_key;// Used only for SIGMA protocol
sample_ec_priv_t b;
sample_ps_sec_prop_desc_t ps_sec_prop;
}sp_db_item_t;
static sp_db_item_t g_sp_db;
static bool g_is_sp_registered = false;
static int g_sp_credentials = 0;
static int g_authentication_token = 0;
uint8_t g_secret[8] = {0,1,2,3,4,5,6,7};
sample_spid_t g_spid;
// Verify message 1 then generate and return message 2 to isv.
int sp_ra_proc_msg1_req(const sample_ra_msg1_t *p_msg1,
uint32_t msg1_size,
ra_samp_response_header_t **pp_msg2)
{
int ret = 0;
ra_samp_response_header_t* p_msg2_full = NULL;
sample_ra_msg2_t *p_msg2 = NULL;
sample_ecc_state_handle_t ecc_state = NULL;
sample_status_t sample_ret = SAMPLE_SUCCESS;
bool derive_ret = false;
if(!p_msg1 ||
!pp_msg2 ||
(msg1_size != sizeof(sample_ra_msg1_t)))
{
return -1;
}
do
{
// Check to see if we have registered with the IAS yet?
if(!g_is_sp_registered)
{
do
{
// @IAS_Q: What are the sp credentials?
// @IAS_Q: What is in the authentication token
// In the product, the SP will establish a mutually
// authenticated SSL channel. The authentication token is
// based on this channel.
// @TODO: Convert this call to a 'network' send/receive
// once the IAS server is a vaialable.
ret = ias_enroll(g_sp_credentials, &g_spid,
&g_authentication_token);
if(0 != ret)
{
ret = SP_IAS_FAILED;
break;
}
// IAS may support registering the Enclave Trust Policy.
// Just leave a place holder here
// @IAS_Q: What needs to be sent to the IAS with the policy
// that identifies the SP?
// ret = ias_register_enclave_policy(g_enclave_policy,
// g_authentication_token);
// if(0 != ret)
// {
// break;
// }
g_is_sp_registered = true;
break;
} while(0);
}
// Get the sig_rl from IAS using GID.
// GID is Base-16 encoded of EPID GID in little-endian format.
// @IAS_Q: Does the SP need to supply any authentication info to the
// IAS? SPID?
// In the product, the SP and IAS will use an established channel for
// communication.
uint8_t* sig_rl;
uint32_t sig_rl_size = 0;
// @TODO: Convert this call to a 'network' send/receive
// once the IAS server is a vaialable.
ret = ias_get_sigrl(p_msg1->gid, &sig_rl_size, &sig_rl);
if(0 != ret)
{
fprintf(stderr, "\nError, ias_get_sigrl [%s].", __FUNCTION__);
ret = SP_IAS_FAILED;
break;
}
// Need to save the client's public ECCDH key to local storage
if (memcpy_s(&g_sp_db.g_a, sizeof(g_sp_db.g_a), &p_msg1->g_a,
sizeof(p_msg1->g_a)))
{
fprintf(stderr, "\nError, cannot do memcpy in [%s].", __FUNCTION__);
ret = SP_INTERNAL_ERROR;
break;
}
// Generate the Service providers ECCDH key pair.
sample_ret = sample_ecc256_open_context(&ecc_state);
if(SAMPLE_SUCCESS != sample_ret)
{
fprintf(stderr, "\nError, cannot get ECC cotext in [%s].",
__FUNCTION__);
ret = -1;
break;
}
sample_ec256_public_t pub_key = {{0},{0}};
sample_ec256_private_t priv_key = {{0}};
sample_ret = sample_ecc256_create_key_pair(&priv_key, &pub_key,
ecc_state);
if(SAMPLE_SUCCESS != sample_ret)
{
fprintf(stderr, "\nError, cannot generate key pair in [%s].",
__FUNCTION__);
ret = SP_INTERNAL_ERROR;
break;
}
// Need to save the SP ECCDH key pair to local storage.
if(memcpy_s(&g_sp_db.b, sizeof(g_sp_db.b), &priv_key,sizeof(priv_key))
|| memcpy_s(&g_sp_db.g_b, sizeof(g_sp_db.g_b),
&pub_key,sizeof(pub_key)))
{
fprintf(stderr, "\nError, cannot do memcpy in [%s].", __FUNCTION__);
ret = SP_INTERNAL_ERROR;
break;
}
// Generate the client/SP shared secret
sample_ec_dh_shared_t dh_key = {{0}};
sample_ret = sample_ecc256_compute_shared_dhkey(&priv_key,
(sample_ec256_public_t *)&p_msg1->g_a,
(sample_ec256_dh_shared_t *)&dh_key,
ecc_state);
if(SAMPLE_SUCCESS != sample_ret)
{
fprintf(stderr, "\nError, compute share key fail in [%s].",
__FUNCTION__);
ret = SP_INTERNAL_ERROR;
break;
}
// smk is only needed for msg2 generation.
derive_ret = derive_key(&dh_key, SAMPLE_DERIVE_KEY_SMK,
&g_sp_db.smk_key);
if(derive_ret != true)
{
fprintf(stderr, "\nError, derive key fail in [%s].", __FUNCTION__);
ret = SP_INTERNAL_ERROR;
break;
}
// The rest of the keys are the shared secrets for future communication.
derive_ret = derive_key(&dh_key, SAMPLE_DERIVE_KEY_MK,
&g_sp_db.mk_key);
if(derive_ret != true)
{
fprintf(stderr, "\nError, derive key fail in [%s].", __FUNCTION__);
ret = SP_INTERNAL_ERROR;
break;
}
derive_ret = derive_key(&dh_key, SAMPLE_DERIVE_KEY_SK,
&g_sp_db.sk_key);
if(derive_ret != true)
{
fprintf(stderr, "\nError, derive key fail in [%s].", __FUNCTION__);
ret = SP_INTERNAL_ERROR;
break;
}
derive_ret = derive_key(&dh_key, SAMPLE_DERIVE_KEY_VK,
&g_sp_db.vk_key);
if(derive_ret != true)
{
fprintf(stderr, "\nError, derive key fail in [%s].", __FUNCTION__);
ret = SP_INTERNAL_ERROR;
break;
}
uint32_t msg2_size = sizeof(sample_ra_msg2_t) + sig_rl_size;
p_msg2_full = (ra_samp_response_header_t*)malloc(msg2_size
+ sizeof(ra_samp_response_header_t));
if(!p_msg2_full)
{
fprintf(stderr, "\nError, out of memory in [%s].", __FUNCTION__);
ret = SP_INTERNAL_ERROR;
break;
}
memset(p_msg2_full, 0, msg2_size + sizeof(ra_samp_response_header_t));
p_msg2_full->type = TYPE_RA_MSG2;
p_msg2_full->size = msg2_size;
// @TODO: Set the status properly based on real protocol communication.
p_msg2_full->status[0] = 0;
p_msg2_full->status[1] = 0;
p_msg2 = (sample_ra_msg2_t *)p_msg2_full->body;
// Assemble MSG2
if(memcpy_s(&p_msg2->g_b, sizeof(p_msg2->g_b), &g_sp_db.g_b,
sizeof(g_sp_db.g_b)) ||
memcpy_s(&p_msg2->spid, sizeof(sample_spid_t),
&g_spid, sizeof(g_spid)))
{
fprintf(stderr,"\nError, memcpy failed in [%s].", __FUNCTION__);
ret = SP_INTERNAL_ERROR;
break;
}
// The service provider is responsible for selecting the proper EPID
// signature type and to understand the implications of the choice!
p_msg2->quote_type = SAMPLE_QUOTE_LINKABLE_SIGNATURE;
p_msg2->kdf_id = SAMPLE_AES_CMAC_KDF_ID;
// Create gb_ga
sample_ec_pub_t gb_ga[2];
if(memcpy_s(&gb_ga[0], sizeof(gb_ga[0]), &g_sp_db.g_b,
sizeof(g_sp_db.g_b))
|| memcpy_s(&gb_ga[1], sizeof(gb_ga[1]), &g_sp_db.g_a,
sizeof(g_sp_db.g_a)))
{
fprintf(stderr,"\nError, memcpy failed in [%s].", __FUNCTION__);
ret = SP_INTERNAL_ERROR;
break;
}
// Sign gb_ga
sample_ret = sample_ecdsa_sign((uint8_t *)&gb_ga, sizeof(gb_ga),
(sample_ec256_private_t *)&g_sp_priv_key,
(sample_ec256_signature_t *)&p_msg2->sign_gb_ga,
ecc_state);
if(SAMPLE_SUCCESS != sample_ret)
{
fprintf(stderr, "\nError, sign ga_gb fail in [%s].", __FUNCTION__);
ret = SP_INTERNAL_ERROR;
break;
}
// Generate the CMACsmk for gb||SPID||TYPE||KDF_ID||Sigsp(gb,ga)
uint8_t mac[SAMPLE_EC_MAC_SIZE] = {0};
uint32_t cmac_size = offsetof(sample_ra_msg2_t, mac);
sample_ret = sample_rijndael128_cmac_msg(&g_sp_db.smk_key,
(uint8_t *)&p_msg2->g_b, cmac_size, &mac);
if(SAMPLE_SUCCESS != sample_ret)
{
fprintf(stderr, "\nError, cmac fail in [%s].", __FUNCTION__);
ret = SP_INTERNAL_ERROR;
break;
}
if(memcpy_s(&p_msg2->mac, sizeof(p_msg2->mac), mac, sizeof(mac)))
{
fprintf(stderr,"\nError, memcpy failed in [%s].", __FUNCTION__);
ret = SP_INTERNAL_ERROR;
break;
}
if(memcpy_s(&p_msg2->sig_rl[0], sig_rl_size, sig_rl, sig_rl_size))
{
fprintf(stderr,"\nError, memcpy failed in [%s].", __FUNCTION__);
ret = SP_INTERNAL_ERROR;
break;
}
p_msg2->sig_rl_size = sig_rl_size;
}while(0);
if(ret)
{
*pp_msg2 = NULL;
SAFE_FREE(p_msg2_full);
}
else
{
// Freed by the network simulator in ra_free_network_response_buffer
*pp_msg2 = p_msg2_full;
}
if(ecc_state)
{
sample_ecc256_close_context(ecc_state);
}
return ret;
}
// Process remote attestation message 3
int sp_ra_proc_msg3_req(const sample_ra_msg3_t *p_msg3,
uint32_t msg3_size,
ra_samp_response_header_t **pp_att_result_msg)
{
int ret = 0;
sample_status_t sample_ret = SAMPLE_SUCCESS;
const uint8_t *p_msg3_cmaced = NULL;
sample_quote_t *p_quote = NULL;
sample_sha_state_handle_t sha_handle = NULL;
sample_report_data_t report_data = {0};
sample_ra_att_result_msg_t *p_att_result_msg = NULL;
ra_samp_response_header_t* p_att_result_msg_full = NULL;
uint32_t i;
if((!p_msg3) ||
(msg3_size < sizeof(sample_ra_msg3_t)) ||
(!pp_att_result_msg))
{
return SP_INTERNAL_ERROR;
}
do
{
// Compare g_a in message 3 with local g_a.
ret = memcmp(&g_sp_db.g_a, &p_msg3->g_a, sizeof(sample_ec_pub_t));
if(ret)
{
fprintf(stderr, "\nError, g_a is not same [%s].", __FUNCTION__);
ret = SP_PROTOCOL_ERROR;
break;
}
//Make sure that msg3_size is bigger than sample_mac_t.
uint32_t mac_size = msg3_size - sizeof(sample_mac_t);
p_msg3_cmaced = reinterpret_cast<const uint8_t*>(p_msg3);
p_msg3_cmaced += sizeof(sample_mac_t);
// Verify the message mac using SMK
sample_cmac_128bit_tag_t mac = {0};
sample_ret = sample_rijndael128_cmac_msg(&g_sp_db.smk_key,
p_msg3_cmaced,
mac_size,
&mac);
if(SAMPLE_SUCCESS != sample_ret)
{
fprintf(stderr, "\nError, cmac fail in [%s].", __FUNCTION__);
ret = SP_INTERNAL_ERROR;
break;
}
// In real implementation, should use a time safe version of memcmp here,
// in order to avoid side channel attack.
ret = memcmp(&p_msg3->mac, mac, sizeof(mac));
if(ret)
{
fprintf(stderr, "\nError, verify cmac fail [%s].", __FUNCTION__);
ret = SP_INTEGRITY_FAILED;
break;
}
if(memcpy_s(&g_sp_db.ps_sec_prop, sizeof(g_sp_db.ps_sec_prop),
&p_msg3->ps_sec_prop, sizeof(p_msg3->ps_sec_prop)))
{
fprintf(stderr,"\nError, memcpy failed in [%s].", __FUNCTION__);
ret = SP_INTERNAL_ERROR;
break;
}
p_quote = (sample_quote_t *)p_msg3->quote;
// Verify the the report_data in the Quote matches the expected value.
// The first 32 bytes of report_data are SHA256 HASH of {ga|gb|vk}.
// The second 32 bytes of report_data are set to zero.
sample_ret = sample_sha256_init(&sha_handle);
if(sample_ret != SAMPLE_SUCCESS)
{
fprintf(stderr,"\nError, init hash failed in [%s].", __FUNCTION__);
ret = SP_INTERNAL_ERROR;
break;
}
sample_ret = sample_sha256_update((uint8_t *)&(g_sp_db.g_a),
sizeof(g_sp_db.g_a), sha_handle);
if(sample_ret != SAMPLE_SUCCESS)
{
fprintf(stderr,"\nError, udpate hash failed in [%s].",
__FUNCTION__);
ret = SP_INTERNAL_ERROR;
break;
}
sample_ret = sample_sha256_update((uint8_t *)&(g_sp_db.g_b),
sizeof(g_sp_db.g_b), sha_handle);
if(sample_ret != SAMPLE_SUCCESS)
{
fprintf(stderr,"\nError, udpate hash failed in [%s].",
__FUNCTION__);
ret = SP_INTERNAL_ERROR;
break;
}
sample_ret = sample_sha256_update((uint8_t *)&(g_sp_db.vk_key),
sizeof(g_sp_db.vk_key), sha_handle);
if(sample_ret != SAMPLE_SUCCESS)
{
fprintf(stderr,"\nError, udpate hash failed in [%s].",
__FUNCTION__);
ret = SP_INTERNAL_ERROR;
break;
}
sample_ret = sample_sha256_get_hash(sha_handle,
(sample_sha256_hash_t *)&report_data);
if(sample_ret != SAMPLE_SUCCESS)
{
fprintf(stderr,"\nError, Get hash failed in [%s].", __FUNCTION__);
ret = SP_INTERNAL_ERROR;
break;
}
ret = memcmp((uint8_t *)&report_data,
(uint8_t *)&(p_quote->report_body.report_data),
sizeof(report_data));
if(ret)
{
fprintf(stderr, "\nError, verify hash fail [%s].", __FUNCTION__);
ret = SP_INTEGRITY_FAILED;
break;
}
// Verify Enclave policy (IAS may provide an API for this if we
// registered an Enclave policy)
// Verify quote with IAS.
// @IAS_Q: What is the proper JSON format for attestation evidence?
ias_att_report_t attestation_report;
// @TODO: Convert this call to a 'network' send/receive
// once the IAS server is a vaialable.
ret = ias_verify_attestation_evidence(p_quote, NULL,
&attestation_report);
if(0 != ret)
{
ret = SP_IAS_FAILED;
break;
}
FILE* OUTPUT = stdout;
fprintf(OUTPUT, "\n\n\tAtestation Report:");
fprintf(OUTPUT, "\n\tid: 0x%0x.", attestation_report.id);
fprintf(OUTPUT, "\n\tstatus: %d.", attestation_report.status);
fprintf(OUTPUT, "\n\trevocation_reason: %u.",
attestation_report.revocation_reason);
// attestation_report.info_blob;
fprintf(OUTPUT, "\n\tpse_status: %d.", attestation_report.pse_status);
// Check if Platform_Info_Blob is available.
// @TODO: Currenlty, the IAS spec says this will not be available if
// no info blob status flags are set. For now, assume it is always
// there until we have the full message format definition.
// Respond the client with the results of the attestation.
uint32_t att_result_msg_size = sizeof(sample_ra_att_result_msg_t)
+ attestation_report.policy_report_size;
p_att_result_msg_full =
(ra_samp_response_header_t*)malloc(att_result_msg_size
+ sizeof(ra_samp_response_header_t) + sizeof(g_secret));
if(!p_att_result_msg_full)
{
fprintf(stderr, "\nError, out of memory in [%s].", __FUNCTION__);
ret = SP_INTERNAL_ERROR;
break;
}
memset(p_att_result_msg_full, 0, att_result_msg_size
+ sizeof(ra_samp_response_header_t) + sizeof(g_secret));
p_att_result_msg_full->type = TYPE_RA_ATT_RESULT;
p_att_result_msg_full->size = att_result_msg_size;
if(IAS_QUOTE_OK != attestation_report.status)
{
p_att_result_msg_full->status[0] = 0xFF;
}
if(IAS_PSE_OK != attestation_report.pse_status)
{
p_att_result_msg_full->status[1] = 0xFF;
}
p_att_result_msg =
(sample_ra_att_result_msg_t *)p_att_result_msg_full->body;
// @TODO: In the product, the HTTP response header itself will have
// an RK based signature that the service provider needs to check here.
// The platform_info_blob signature will be verified by the client
// if needed. No need to have the Service Provider to check it.
// @TODO: Verify the enlcave policy report if they are to be supported
// by IAS. Otherwise, the SP will need to check the ISV enclave report
// itself.
fprintf(OUTPUT, "\n\n\tEnclave Report:");
fprintf(OUTPUT, "\n\tSignature Type: 0x%x", p_quote->sign_type);
fprintf(OUTPUT, "\n\tSignature Basename: ");
for(i=0; i<sizeof(p_quote->basename.name) && p_quote->basename.name[i];
i++)
{
fprintf(OUTPUT, "%c", p_quote->basename.name[i]);
}
#ifdef __x86_64__
fprintf(OUTPUT, "\n\tattributes.flags: 0x%0lx",
p_quote->report_body.attributes.flags);
fprintf(OUTPUT, "\n\tattributes.xfrm: 0x%0lx",
p_quote->report_body.attributes.xfrm);
#else
fprintf(OUTPUT, "\n\tattributes.flags: 0x%0llx",
p_quote->report_body.attributes.flags);
fprintf(OUTPUT, "\n\tattributes.xfrm: 0x%0llx",
p_quote->report_body.attributes.xfrm);
#endif
fprintf(OUTPUT, "\n\tmr_enclave: ");
for(i=0;i<sizeof(sample_measurement_t);i++)
{
fprintf(OUTPUT, "%02x",p_quote->report_body.mr_enclave[i]);
//fprintf(stderr, "%02x",p_quote->report_body.mr_enclave.m[i]);
}
fprintf(OUTPUT, "\n\tmr_signer: ");
for(i=0;i<sizeof(sample_measurement_t);i++)
{
fprintf(OUTPUT, "%02x",p_quote->report_body.mr_signer[i]);
//fprintf(stderr, "%02x",p_quote->report_body.mr_signer.m[i]);
}
fprintf(OUTPUT, "\n\tisv_prod_id: 0x%0x",
p_quote->report_body.isv_prod_id);
fprintf(OUTPUT, "\n\tisv_svn: 0x%0x",p_quote->report_body.isv_svn);
fprintf(OUTPUT, "\n");
// @TODO do a real check here.
bool isv_policy_passed = true;
// Assemble Attestation Result Message
// Note, this is a structure copy. We don't copy the policy reports
// right now.
p_att_result_msg->platform_info_blob = attestation_report.info_blob;
// Generate mac based on the mk key.
mac_size = sizeof(ias_platform_info_blob_t);
sample_ret = sample_rijndael128_cmac_msg(&g_sp_db.mk_key,
(const uint8_t*)&p_att_result_msg->platform_info_blob,
mac_size,
&p_att_result_msg->mac);
if(SAMPLE_SUCCESS != sample_ret)
{
fprintf(stderr, "\nError, cmac fail in [%s].", __FUNCTION__);
ret = SP_INTERNAL_ERROR;
break;
}
// Generate shared secret and encrypt it with SK, if attestation passed.
uint8_t aes_gcm_iv[SAMPLE_SP_IV_SIZE] = {0};
p_att_result_msg->secret.payload_size = 8;
if((IAS_QUOTE_OK == attestation_report.status) &&
(IAS_PSE_OK == attestation_report.pse_status) &&
(isv_policy_passed == true))
{
ret = sample_rijndael128GCM_encrypt(&g_sp_db.sk_key,
&g_secret[0],
p_att_result_msg->secret.payload_size,
p_att_result_msg->secret.payload,
&aes_gcm_iv[0],
SAMPLE_SP_IV_SIZE,
NULL,
0,
&p_att_result_msg->secret.payload_tag);
}
}while(0);
if(ret)
{
*pp_att_result_msg = NULL;
SAFE_FREE(p_att_result_msg_full);
}
else
{
// Freed by the network simulator in ra_free_network_response_buffer
*pp_att_result_msg = p_att_result_msg_full;
}
return ret;
}

130
SampleCode/RemoteAttestation/service_provider/service_provider.h Normal file
View File

@ -0,0 +1,130 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef _SERVICE_PROVIDER_H
#define _SERVICE_PROVIDER_H
#include "remote_attestation_result.h"
#include "ias_ra.h"
#include "network_ra.h"
#ifdef __cplusplus
extern "C" {
#endif
typedef enum {
SP_OK,
SP_INTEGRITY_FAILED,
SP_QUOTE_VERIFICATION_FAILED,
SP_IAS_FAILED,
SP_INTERNAL_ERROR,
SP_PROTOCOL_ERROR,
} sp_ra_msg_status_t;
#pragma pack(push,1)
#define SAMPLE_SP_TAG_SIZE 16
#define SAMPLE_SP_IV_SIZE 12
typedef struct sample_ec_pub_t
{
uint8_t gx[SAMPLE_ECP_KEY_SIZE];
uint8_t gy[SAMPLE_ECP_KEY_SIZE];
} sample_ec_pub_t;
//fixed length to align with internal structure
typedef struct sample_ps_sec_prop_desc_t
{
uint8_t sample_ps_sec_prop_desc[256];
} sample_ps_sec_prop_desc_t;
#pragma pack(pop)
typedef uint32_t sample_ra_context_t;
typedef uint8_t sample_key_128bit_t[16];
typedef sample_key_128bit_t sample_ra_key_128_t;
typedef struct sample_ra_msg1_t
{
sample_ec_pub_t g_a; // the Endian-ness of Ga is
// Little-Endian
sample_epid_group_id_t gid; // the Endian-ness of GID is
// Little-Endian
} sample_ra_msg1_t;
//Key Derivation Function ID : 0x0001 AES-CMAC Entropy Extraction and Key Expansion
const uint16_t SAMPLE_AES_CMAC_KDF_ID = 0x0001;
typedef struct sample_ra_msg2_t
{
sample_ec_pub_t g_b; // the Endian-ness of Gb is
// Little-Endian
sample_spid_t spid;
uint16_t quote_type; /* unlinkable Quote(0) or linkable Quote(0) in little endian*/
uint16_t kdf_id; /* key derivation function id in little endian.
0x0001 for AES-CMAC Entropy Extraction and Key Derivation */
sample_ec_sign256_t sign_gb_ga; // In little endian
sample_mac_t mac; // mac_smk(g_b||spid||quote_type||
// sign_gb_ga)
uint32_t sig_rl_size;
uint8_t sig_rl[];
} sample_ra_msg2_t;
typedef struct sample_ra_msg3_t
{
sample_mac_t mac; // mac_smk(g_a||ps_sec_prop||quote)
sample_ec_pub_t g_a; // the Endian-ness of Ga is
// Little-Endian
sample_ps_sec_prop_desc_t ps_sec_prop;
uint8_t quote[];
} sample_ra_msg3_t;
int sp_ra_proc_msg1_req(const sample_ra_msg1_t *p_msg1,
uint32_t msg1_size,
ra_samp_response_header_t **pp_msg2);
int sp_ra_proc_msg3_req(const sample_ra_msg3_t *p_msg3,
uint32_t msg3_size,
ra_samp_response_header_t **pp_att_result_msg);
int sp_ra_free_msg2(
sample_ra_msg2_t *p_msg2);
#ifdef __cplusplus
}
#endif
#endif

219
SampleCode/SampleEnclave/.cproject Normal file
View File

@ -0,0 +1,219 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<?fileVersion 4.0.0?><cproject storage_type_id="org.eclipse.cdt.core.XmlProjectDescriptionStorage">
<storageModule moduleId="org.eclipse.cdt.core.settings">
<cconfiguration id="com.intel.sgx.configuration.Sim.Debug">
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.Sim.Debug" moduleId="org.eclipse.cdt.core.settings" name="SGX Debug Sim Mode">
<externalSettings/>
<extensions>
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
</extensions>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.Sim.Debug" name="SGX Debug Sim Mode" parent="com.intel.sgx.configuration.Sim.Debug">
<folderInfo id="com.intel.sgx.configuration.Sim.Debug.292452237" name="/" resourcePath="">
<toolChain id="com.intel.sgx.toolChain.Sim.Debug.1618485184" name="SGX GCC" superClass="com.intel.sgx.toolChain.Sim.Debug">
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.1039454044" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
<builder arguments="SGX_DEBUG=1 SGX_MODE=SIM -f Makefile" command="make" id="com.intel.sgx.builder2.1591862020" keepEnvironmentInBuildfile="false" name="Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder2"/>
<tool id="com.intel.sgx.compiler.1853780321" name="SGX GCC Compiler" superClass="com.intel.sgx.compiler">
<option id="com.intel.sgx.option.includePath.1427419865" superClass="com.intel.sgx.option.includePath" valueType="includePath">
<listOptionValue builtIn="false" value="/opt/intel/sgxsdk/include"/>
</option>
<inputType id="com.intel.sgx.inputType.1817588305" superClass="com.intel.sgx.inputType"/>
</tool>
</toolChain>
</folderInfo>
</configuration>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
</cconfiguration>
<cconfiguration id="com.intel.sgx.configuration.HW.Debug">
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.HW.Debug" moduleId="org.eclipse.cdt.core.settings" name="SGX Debug HW Mode">
<externalSettings/>
<extensions>
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
</extensions>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.HW.Debug" name="SGX Debug HW Mode" parent="com.intel.sgx.configuration.HW.Debug">
<folderInfo id="com.intel.sgx.configuration.HW.Debug.971320034" name="/" resourcePath="">
<toolChain id="com.intel.sgx.toolChain.HW.Debug.1761600540" name="SGX GCC" superClass="com.intel.sgx.toolChain.HW.Debug">
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.131147161" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
<builder arguments="SGX_DEBUG=1 SGX_MODE=HW -f Makefile" command="make" id="com.intel.sgx.builder1.1502087524" keepEnvironmentInBuildfile="false" name="Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder1"/>
<tool id="com.intel.sgx.compiler.1085280084" name="SGX GCC Compiler" superClass="com.intel.sgx.compiler">
<option id="com.intel.sgx.option.includePath.57165741" superClass="com.intel.sgx.option.includePath" valueType="includePath">
<listOptionValue builtIn="false" value="/opt/intel/sgxsdk/include"/>
</option>
<inputType id="com.intel.sgx.inputType.79844751" superClass="com.intel.sgx.inputType"/>
</tool>
</toolChain>
</folderInfo>
</configuration>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
</cconfiguration>
<cconfiguration id="com.intel.sgx.configuration.Sim.Release">
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.Sim.Release" moduleId="org.eclipse.cdt.core.settings" name="SGX Release Sim Mode">
<externalSettings/>
<extensions>
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
</extensions>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.Sim.Release" name="SGX Release Sim Mode" parent="com.intel.sgx.configuration.Sim.Release">
<folderInfo id="com.intel.sgx.configuration.Sim.Release.151408355" name="/" resourcePath="">
<toolChain id="com.intel.sgx.toolChain.Sim.Release.1055083183" name="SGX GCC" superClass="com.intel.sgx.toolChain.Sim.Release">
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.471419902" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
<builder arguments="SGX_DEBUG=0 SGX_MODE=SIM -f Makefile" command="make" id="com.intel.sgx.builder3.1151273037" keepEnvironmentInBuildfile="false" name="Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder3"/>
<tool id="com.intel.sgx.compiler.1302347316" name="SGX GCC Compiler" superClass="com.intel.sgx.compiler">
<option id="com.intel.sgx.option.includePath.1645761127" superClass="com.intel.sgx.option.includePath" valueType="includePath">
<listOptionValue builtIn="false" value="/opt/intel/sgxsdk/include"/>
</option>
<inputType id="com.intel.sgx.inputType.640775034" superClass="com.intel.sgx.inputType"/>
</tool>
</toolChain>
</folderInfo>
</configuration>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
</cconfiguration>
<cconfiguration id="com.intel.sgx.configuration.HW.Prerelease">
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.HW.Prerelease" moduleId="org.eclipse.cdt.core.settings" name="SGX Pre-release Release HW Mode">
<externalSettings/>
<extensions>
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
</extensions>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.HW.Prerelease" name="SGX Pre-release Release HW Mode" parent="com.intel.sgx.configuration.HW.Prerelease">
<folderInfo id="com.intel.sgx.configuration.HW.Prerelease.1418650208" name="/" resourcePath="">
<toolChain id="com.intel.sgx.toolChain.HW.Prerelease.1668578385" name="SGX GCC" superClass="com.intel.sgx.toolChain.HW.Prerelease">
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.977258758" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
<builder arguments="SGX_PRERELEASE=1 SGX_MODE=HW -f Makefile" command="make" id="com.intel.sgx.builder5.1888300852" keepEnvironmentInBuildfile="false" name="Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder5"/>
<tool id="com.intel.sgx.compiler.2113538546" name="SGX GCC Compiler" superClass="com.intel.sgx.compiler">
<option id="com.intel.sgx.option.includePath.904888562" superClass="com.intel.sgx.option.includePath" valueType="includePath">
<listOptionValue builtIn="false" value="/opt/intel/sgxsdk/include"/>
</option>
<inputType id="com.intel.sgx.inputType.283498732" superClass="com.intel.sgx.inputType"/>
</tool>
</toolChain>
</folderInfo>
</configuration>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
</cconfiguration>
<cconfiguration id="com.intel.sgx.configuration.HW.Release">
<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="com.intel.sgx.configuration.HW.Release" moduleId="org.eclipse.cdt.core.settings" name="SGX Release HW Mode">
<externalSettings/>
<extensions>
<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.MakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.VCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.autotools.core.ErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
</extensions>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<configuration artifactName="${ProjName}" buildProperties="" description="" id="com.intel.sgx.configuration.HW.Release" name="SGX Release HW Mode" parent="com.intel.sgx.configuration.HW.Release">
<folderInfo id="com.intel.sgx.configuration.HW.Release.1657582763" name="/" resourcePath="">
<toolChain id="com.intel.sgx.toolChain.HW.Release.465410401" name="SGX GCC" superClass="com.intel.sgx.toolChain.HW.Release">
<targetPlatform binaryParser="org.eclipse.cdt.core.ELF" id="com.intel.sgx.targetEnclave.828352216" isAbstract="false" superClass="com.intel.sgx.targetEnclave"/>
<builder arguments="SGX_DEBUG=0 SGX_MODE=HW -f Makefile" command="make" id="com.intel.sgx.builder6.714105790" keepEnvironmentInBuildfile="false" name="Software Guard Extensions Linux Builder" superClass="com.intel.sgx.builder6"/>
<tool id="com.intel.sgx.compiler.595797282" name="SGX GCC Compiler" superClass="com.intel.sgx.compiler">
<option id="com.intel.sgx.option.includePath.1385078253" superClass="com.intel.sgx.option.includePath" valueType="includePath">
<listOptionValue builtIn="false" value="/opt/intel/sgxsdk/include"/>
</option>
<inputType id="com.intel.sgx.inputType.463677873" superClass="com.intel.sgx.inputType"/>
</tool>
</toolChain>
</folderInfo>
</configuration>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
</cconfiguration>
</storageModule>
<storageModule moduleId="cdtBuildSystem" version="4.0.0">
<project id="SimpleEnclave.null.1312290154" name="SimpleEnclave"/>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.core.LanguageSettingsProviders"/>
<storageModule moduleId="refreshScope" versionNumber="2">
<configuration configurationName="SGX Debug HW Mode">
<resource resourceType="PROJECT" workspacePath="/SimpleEnclave"/>
</configuration>
<configuration configurationName="SGX Debug Sim Mode">
<resource resourceType="PROJECT" workspacePath="/SimpleEnclave"/>
</configuration>
<configuration configurationName="Debug">
<resource resourceType="PROJECT" workspacePath="/SimpleEnclave"/>
</configuration>
<configuration configurationName="Release">
<resource resourceType="PROJECT" workspacePath="/SimpleEnclave"/>
</configuration>
<configuration configurationName="SGX Release HW Mode">
<resource resourceType="PROJECT" workspacePath="/SimpleEnclave"/>
</configuration>
</storageModule>
<storageModule moduleId="scannerConfiguration">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
<scannerConfigBuildInfo instanceId="cdt.managedbuild.config.gnu.exe.release.680828348;cdt.managedbuild.config.gnu.exe.release.680828348.;cdt.managedbuild.tool.gnu.c.compiler.exe.release.2137539087;cdt.managedbuild.tool.gnu.c.compiler.input.762444756">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="com.intel.sgx.SGXtoolChain.977521771;com.intel.sgx.SGXtoolChain.977521771.100429378;com.intel.sgx.compiler.787445976;com.intel.sgx.inputType.1814458059">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.Sim.Release;com.intel.sgx.configuration.Sim.Release.151408355;com.intel.sgx.compiler.1302347316;com.intel.sgx.inputType.640775034">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="cdt.managedbuild.config.gnu.exe.debug.1377487595;cdt.managedbuild.config.gnu.exe.debug.1377487595.;cdt.managedbuild.tool.gnu.c.compiler.exe.debug.1972419354;cdt.managedbuild.tool.gnu.c.compiler.input.1480710981">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.HW.Release;com.intel.sgx.configuration.HW.Release.1657582763;com.intel.sgx.compiler.595797282;com.intel.sgx.inputType.463677873">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.Sim.Debug;com.intel.sgx.configuration.Sim.Debug.292452237;com.intel.sgx.compiler.1853780321;com.intel.sgx.inputType.1817588305">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.HW.Debug;com.intel.sgx.configuration.HW.Debug.971320034;com.intel.sgx.compiler.1085280084;com.intel.sgx.inputType.79844751">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
</scannerConfigBuildInfo>
<scannerConfigBuildInfo instanceId="com.intel.sgx.configuration.HW.Prerelease;com.intel.sgx.configuration.HW.Prerelease.1418650208;com.intel.sgx.compiler.2113538546;com.intel.sgx.inputType.283498732">
<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId="com.intel.sgx.SGXPerProjectProfile"/>
</scannerConfigBuildInfo>
</storageModule>
<storageModule moduleId="org.eclipse.cdt.internal.ui.text.commentOwnerProjectMappings"/>
</cproject>

28
SampleCode/SampleEnclave/.project Normal file
View File

@ -0,0 +1,28 @@
<?xml version="1.0" encoding="UTF-8"?>
<projectDescription>
<name>SimpleEnclave</name>
<comment></comment>
<projects>
</projects>
<buildSpec>
<buildCommand>
<name>org.eclipse.cdt.managedbuilder.core.genmakebuilder</name>
<triggers>clean,full,incremental,</triggers>
<arguments>
</arguments>
</buildCommand>
<buildCommand>
<name>org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder</name>
<triggers>full,incremental,</triggers>
<arguments>
</arguments>
</buildCommand>
</buildSpec>
<natures>
<nature>org.eclipse.cdt.core.cnature</nature>
<nature>org.eclipse.cdt.managedbuilder.core.managedBuildNature</nature>
<nature>org.eclipse.cdt.managedbuilder.core.ScannerConfigNature</nature>
<nature>org.eclipse.cdt.core.ccnature</nature>
<nature>com.intel.sgx.sgxnature</nature>
</natures>
</projectDescription>

265
SampleCode/SampleEnclave/App/App.cpp Normal file
View File

@ -0,0 +1,265 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include <stdio.h>
#include <string.h>
#include <assert.h>
# include <unistd.h>
# include <pwd.h>
# define MAX_PATH FILENAME_MAX
#include "sgx_urts.h"
#include "App.h"
#include "Enclave_u.h"
/* Global EID shared by multiple threads */
sgx_enclave_id_t global_eid = 0;
typedef struct _sgx_errlist_t {
sgx_status_t err;
const char *msg;
const char *sug; /* Suggestion */
} sgx_errlist_t;
/* Error code returned by sgx_create_enclave */
static sgx_errlist_t sgx_errlist[] = {
{
SGX_ERROR_UNEXPECTED,
"Unexpected error occurred.",
NULL
},
{
SGX_ERROR_INVALID_PARAMETER,
"Invalid parameter.",
NULL
},
{
SGX_ERROR_OUT_OF_MEMORY,
"Out of memory.",
NULL
},
{
SGX_ERROR_ENCLAVE_LOST,
"Power transition occurred.",
"Please refer to the sample \"PowerTransition\" for details."
},
{
SGX_ERROR_INVALID_ENCLAVE,
"Invalid enclave image.",
NULL
},
{
SGX_ERROR_INVALID_ENCLAVE_ID,
"Invalid enclave identification.",
NULL
},
{
SGX_ERROR_INVALID_SIGNATURE,
"Invalid enclave signature.",
NULL
},
{
SGX_ERROR_OUT_OF_EPC,
"Out of EPC memory.",
NULL
},
{
SGX_ERROR_NO_DEVICE,
"Invalid SGX device.",
"Please make sure SGX module is enabled in the BIOS, and install SGX driver afterwards."
},
{
SGX_ERROR_MEMORY_MAP_CONFLICT,
"Memory map conflicted.",
NULL
},
{
SGX_ERROR_INVALID_METADATA,
"Invalid enclave metadata.",
NULL
},
{
SGX_ERROR_DEVICE_BUSY,
"SGX device was busy.",
NULL
},
{
SGX_ERROR_INVALID_VERSION,
"Enclave version was invalid.",
NULL
},
{
SGX_ERROR_INVALID_ATTRIBUTE,
"Enclave was not authorized.",
NULL
},
{
SGX_ERROR_ENCLAVE_FILE_ACCESS,
"Can't open enclave file.",
NULL
},
};
/* Check error conditions for loading enclave */
void print_error_message(sgx_status_t ret)
{
size_t idx = 0;
size_t ttl = sizeof sgx_errlist/sizeof sgx_errlist[0];
for (idx = 0; idx < ttl; idx++) {
if(ret == sgx_errlist[idx].err) {
if(NULL != sgx_errlist[idx].sug)
printf("Info: %s\n", sgx_errlist[idx].sug);
printf("Error: %s\n", sgx_errlist[idx].msg);
break;
}
}
if (idx == ttl)
printf("Error: Unexpected error occurred.\n");
}
/* Initialize the enclave:
* Step 1: try to retrieve the launch token saved by last transaction
* Step 2: call sgx_create_enclave to initialize an enclave instance
* Step 3: save the launch token if it is updated
*/
int initialize_enclave(void)
{
char token_path[MAX_PATH] = {'\0'};
sgx_launch_token_t token = {0};
sgx_status_t ret = SGX_ERROR_UNEXPECTED;
int updated = 0;
/* Step 1: try to retrieve the launch token saved by last transaction
* if there is no token, then create a new one.
*/
/* try to get the token saved in $HOME */
const char *home_dir = getpwuid(getuid())->pw_dir;
if (home_dir != NULL &&
(strlen(home_dir)+strlen("/")+sizeof(TOKEN_FILENAME)+1) <= MAX_PATH) {
/* compose the token path */
strncpy(token_path, home_dir, strlen(home_dir));
strncat(token_path, "/", strlen("/"));
strncat(token_path, TOKEN_FILENAME, sizeof(TOKEN_FILENAME)+1);
} else {
/* if token path is too long or $HOME is NULL */
strncpy(token_path, TOKEN_FILENAME, sizeof(TOKEN_FILENAME));
}
FILE *fp = fopen(token_path, "rb");
if (fp == NULL && (fp = fopen(token_path, "wb")) == NULL) {
printf("Warning: Failed to create/open the launch token file \"%s\".\n", token_path);
}
if (fp != NULL) {
/* read the token from saved file */
size_t read_num = fread(token, 1, sizeof(sgx_launch_token_t), fp);
if (read_num != 0 && read_num != sizeof(sgx_launch_token_t)) {
/* if token is invalid, clear the buffer */
memset(&token, 0x0, sizeof(sgx_launch_token_t));
printf("Warning: Invalid launch token read from \"%s\".\n", token_path);
}
}
/* Step 2: call sgx_create_enclave to initialize an enclave instance */
/* Debug Support: set 2nd parameter to 1 */
ret = sgx_create_enclave(ENCLAVE_FILENAME, SGX_DEBUG_FLAG, &token, &updated, &global_eid, NULL);
if (ret != SGX_SUCCESS) {
print_error_message(ret);
if (fp != NULL) fclose(fp);
return -1;
}
/* Step 3: save the launch token if it is updated */
if (updated == FALSE || fp == NULL) {
/* if the token is not updated, or file handler is invalid, do not perform saving */
if (fp != NULL) fclose(fp);
return 0;
}
/* reopen the file with write capablity */
fp = freopen(token_path, "wb", fp);
if (fp == NULL) return 0;
size_t write_num = fwrite(token, 1, sizeof(sgx_launch_token_t), fp);
if (write_num != sizeof(sgx_launch_token_t))
printf("Warning: Failed to save launch token to \"%s\".\n", token_path);
fclose(fp);
return 0;
}
/* OCall functions */
void ocall_print_string(const char *str)
{
/* Proxy/Bridge will check the length and null-terminate
* the input string to prevent buffer overflow.
*/
printf("%s", str);
}
/* Application entry */
int SGX_CDECL main(int argc, char *argv[])
{
(void)(argc);
(void)(argv);
/* Initialize the enclave */
if(initialize_enclave() < 0){
printf("Enter a character before exit ...\n");
getchar();
return -1;
}
/* Utilize edger8r attributes */
edger8r_array_attributes();
edger8r_pointer_attributes();
edger8r_type_attributes();
edger8r_function_attributes();
/* Utilize trusted libraries */
ecall_libc_functions();
ecall_libcxx_functions();
ecall_thread_functions();
/* Destroy the enclave */
sgx_destroy_enclave(global_eid);
printf("Info: SampleEnclave successfully returned.\n");
printf("Enter a character before exit ...\n");
getchar();
return 0;
}

74
SampleCode/SampleEnclave/App/App.h Normal file
View File

@ -0,0 +1,74 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef _APP_H_
#define _APP_H_
#include <assert.h>
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include "sgx_error.h" /* sgx_status_t */
#include "sgx_eid.h" /* sgx_enclave_id_t */
#ifndef TRUE
# define TRUE 1
#endif
#ifndef FALSE
# define FALSE 0
#endif
# define TOKEN_FILENAME "enclave.token"
# define ENCLAVE_FILENAME "enclave.signed.so"
extern sgx_enclave_id_t global_eid; /* global enclave id */
#if defined(__cplusplus)
extern "C" {
#endif
void edger8r_array_attributes(void);
void edger8r_type_attributes(void);
void edger8r_pointer_attributes(void);
void edger8r_function_attributes(void);
void ecall_libc_functions(void);
void ecall_libcxx_functions(void);
void ecall_thread_functions(void);
#if defined(__cplusplus)
}
#endif
#endif /* !_APP_H_ */

92
SampleCode/SampleEnclave/App/Edger8rSyntax/Arrays.cpp Normal file
View File

@ -0,0 +1,92 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include "../App.h"
#include "Enclave_u.h"
/* edger8r_array_attributes:
* Invokes ECALLs declared with array attributes.
*/
void edger8r_array_attributes(void)
{
sgx_status_t ret = SGX_ERROR_UNEXPECTED;
/* user_check */
int arr1[4] = {0, 1, 2, 3};
ret = ecall_array_user_check(global_eid, arr1);
if (ret != SGX_SUCCESS)
abort();
/* make sure arr1 is changed */
for (int i = 0; i < 4; i++)
assert(arr1[i] == (3 - i));
/* in */
int arr2[4] = {0, 1, 2, 3};
ret = ecall_array_in(global_eid, arr2);
if (ret != SGX_SUCCESS)
abort();
/* arr2 is not changed */
for (int i = 0; i < 4; i++)
assert(arr2[i] == i);
/* out */
int arr3[4] = {0, 1, 2, 3};
ret = ecall_array_out(global_eid, arr3);
if (ret != SGX_SUCCESS)
abort();
/* arr3 is changed */
for (int i = 0; i < 4; i++)
assert(arr3[i] == (3 - i));
/* in, out */
int arr4[4] = {0, 1, 2, 3};
ret = ecall_array_in_out(global_eid, arr4);
if (ret != SGX_SUCCESS)
abort();
/* arr4 is changed */
for (int i = 0; i < 4; i++)
assert(arr4[i] == (3 - i));
/* isary */
array_t arr5 = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9};
ret = ecall_array_isary(global_eid, arr5);
if (ret != SGX_SUCCESS)
abort();
/* arr5 is changed */
for (int i = 0; i < 10; i++)
assert(arr5[i] == (9 - i));
}

72
SampleCode/SampleEnclave/App/Edger8rSyntax/Functions.cpp Normal file
View File

@ -0,0 +1,72 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include "../App.h"
#include "Enclave_u.h"
/* No need to implement memccpy here! */
/* edger8r_function_attributes:
* Invokes ECALL declared with calling convention attributes.
* Invokes ECALL declared with [public].
*/
void edger8r_function_attributes(void)
{
sgx_status_t ret = SGX_ERROR_UNEXPECTED;
ret = ecall_function_calling_convs(global_eid);
if (ret != SGX_SUCCESS)
abort();
ret = ecall_function_public(global_eid);
if (ret != SGX_SUCCESS)
abort();
/* user shall not invoke private function here */
int runned = 0;
ret = ecall_function_private(global_eid, &runned);
if (ret != SGX_ERROR_ECALL_NOT_ALLOWED || runned != 0)
abort();
}
/* ocall_function_allow:
* The OCALL invokes the [allow]ed ECALL 'edger8r_private'.
*/
void ocall_function_allow(void)
{
int runned = 0;
sgx_status_t ret = SGX_ERROR_UNEXPECTED;
ret = ecall_function_private(global_eid, &runned);
if (ret != SGX_SUCCESS || runned != 1)
abort();
}

149
SampleCode/SampleEnclave/App/Edger8rSyntax/Pointers.cpp Normal file
View File

@ -0,0 +1,149 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include "../App.h"
#include "Enclave_u.h"
/* edger8r_pointer_attributes:
* Invokes the ECALLs declared with pointer attributes.
*/
void edger8r_pointer_attributes(void)
{
int val = 0;
sgx_status_t ret = SGX_ERROR_UNEXPECTED;
char c[128] = {0};
size_t len = 0;
memset(c, 0xe, 128);
ret = ecall_pointer_user_check(global_eid, &len, &c, 128);
if (ret != SGX_SUCCESS)
abort();
assert(strcmp(c, "SGX_SUCCESS") == 0);
val = 0;
ret = ecall_pointer_in(global_eid, &val);
if (ret != SGX_SUCCESS)
abort();
assert(val == 0);
val = 0;
ret = ecall_pointer_out(global_eid, &val);
if (ret != SGX_SUCCESS)
abort();
assert(val == 1234);
val = 0;
ret = ecall_pointer_in_out(global_eid, &val);
if (ret != SGX_SUCCESS)
abort();
assert(val == 1234);
ret = ocall_pointer_attr(global_eid);
if (ret != SGX_SUCCESS)
abort();
char str1[] = "1234567890";
ret = ecall_pointer_string(global_eid, str1);
if (ret != SGX_SUCCESS)
abort();
assert(memcmp(str1, "0987654321", strlen(str1)) == 0);
const char str2[] = "1234567890";
ret = ecall_pointer_string_const(global_eid, str2);
if (ret != SGX_SUCCESS)
abort();
assert(memcmp(str2, "1234567890", strlen(str2)) == 0);
char str3[] = "1234567890";
ret = ecall_pointer_size(global_eid, (void*)str3, strlen(str3));
if (ret != SGX_SUCCESS)
abort();
assert(memcmp(str3, "0987654321", strlen(str3)) == 0);
char str4[] = "1234567890";
ret = ecall_pointer_isptr_readonly(global_eid, (buffer_t)str4, strlen(str4));
if (ret != SGX_SUCCESS)
abort();
assert(memcmp(str4, "1234567890", strlen(str4)) == 0);
int arr[10] = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9};
ret = ecall_pointer_count(global_eid, arr, 10);
if (ret != SGX_SUCCESS)
abort();
for (int i = 0; i < 10; i++)
assert(arr[i] == (9 - i));
memset(arr, 0x0, sizeof(arr));
ret = ecall_pointer_sizefunc(global_eid, (char *)arr);
if (ret != SGX_SUCCESS)
abort();
for (int i = 0; i < 10; i++)
assert(arr[i] == i);
return;
}
/* ocall_pointer_user_check:
* The OCALL declared with [user_check].
*/
void ocall_pointer_user_check(int* val)
{
(void)val;
assert(val != NULL);
}
/* ocall_pointer_in:
* The OCALL declared with [in].
*/
void ocall_pointer_in(int* val)
{
*val = 1234;
}
/* ocall_pointer_out:
* The OCALL declared with [out].
*/
void ocall_pointer_out(int* val)
{
*val = 1234;
}
/* ocall_pointer_in_out:
* The OCALL declared with [in, out].
*/
void ocall_pointer_in_out(int* val)
{
*val = 1234;
}

77
SampleCode/SampleEnclave/App/Edger8rSyntax/Types.cpp Normal file
View File

@ -0,0 +1,77 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include "../App.h"
#include "Enclave_u.h"
/* edger8r_type_attributes:
* Invokes ECALLs declared with basic types.
*/
void edger8r_type_attributes(void)
{
sgx_status_t ret = SGX_ERROR_UNEXPECTED;
ret = ecall_type_char(global_eid, (char)0x12);
if (ret != SGX_SUCCESS)
abort();
ret = ecall_type_int(global_eid, (int)1234);
if (ret != SGX_SUCCESS)
abort();
ret = ecall_type_float(global_eid, (float)1234.0);
if (ret != SGX_SUCCESS)
abort();
ret = ecall_type_double(global_eid, (double)1234.5678);
if (ret != SGX_SUCCESS)
abort();
ret = ecall_type_size_t(global_eid, (size_t)12345678);
if (ret != SGX_SUCCESS)
abort();
ret = ecall_type_wchar_t(global_eid, (wchar_t)0x1234);
if (ret != SGX_SUCCESS)
abort();
struct struct_foo_t g = {1234, 5678};
ret = ecall_type_struct(global_eid, g);
if (ret != SGX_SUCCESS)
abort();
union union_foo_t val = {0};
ret = ecall_type_enum_union(global_eid, ENUM_FOO_0, &val);
if (ret != SGX_SUCCESS)
abort();
assert(val.union_foo_0 == 2);
}

51
SampleCode/SampleEnclave/App/TrustedLibrary/Libc.cpp Normal file
View File

@ -0,0 +1,51 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include "../App.h"
#include "Enclave_u.h"
/* ecall_libc_functions:
* Invokes standard C functions.
*/
void ecall_libc_functions(void)
{
sgx_status_t ret = SGX_ERROR_UNEXPECTED;
ret = ecall_malloc_free(global_eid);
if (ret != SGX_SUCCESS)
abort();
int cpuid[4] = {0x1, 0x0, 0x0, 0x0};
ret = ecall_sgx_cpuid(global_eid, cpuid, 0x0);
if (ret != SGX_SUCCESS)
abort();
}

51
SampleCode/SampleEnclave/App/TrustedLibrary/Libcxx.cpp Normal file
View File

@ -0,0 +1,51 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include <stdio.h>
#include "../App.h"
#include "Enclave_u.h"
/* ecall_libcxx_functions:
* Invokes standard C++ functions.
*/
void ecall_libcxx_functions(void)
{
sgx_status_t ret = SGX_ERROR_UNEXPECTED;
ret = ecall_exception(global_eid);
if (ret != SGX_SUCCESS)
abort();
ret = ecall_map(global_eid);
if (ret != SGX_SUCCESS)
abort();
}

98
SampleCode/SampleEnclave/App/TrustedLibrary/Thread.cpp Normal file
View File

@ -0,0 +1,98 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include <thread>
#include <stdio.h>
using namespace std;
#include "../App.h"
#include "Enclave_u.h"
static size_t counter = 0;
void increase_counter(void)
{
size_t cnr = 0;
sgx_status_t ret = SGX_ERROR_UNEXPECTED;
ret = ecall_increase_counter(global_eid, &cnr);
if (cnr != 0) counter = cnr;
if (ret != SGX_SUCCESS)
abort();
}
void data_producer(void)
{
sgx_status_t ret = SGX_ERROR_UNEXPECTED;
ret = ecall_producer(global_eid);
if (ret != SGX_SUCCESS)
abort();
}
void data_consumer(void)
{
sgx_status_t ret = SGX_ERROR_UNEXPECTED;
ret = ecall_consumer(global_eid);
if (ret != SGX_SUCCESS)
abort();
}
/* ecall_thread_functions:
* Invokes thread functions including mutex, condition variable, etc.
*/
void ecall_thread_functions(void)
{
thread adder1(increase_counter);
thread adder2(increase_counter);
thread adder3(increase_counter);
thread adder4(increase_counter);
adder1.join();
adder2.join();
adder3.join();
adder4.join();
assert(counter == 4*LOOPS_PER_THREAD);
printf("Info: executing thread synchronization, please wait... \n");
/* condition variable */
thread consumer1(data_consumer);
thread producer0(data_producer);
thread consumer2(data_consumer);
thread consumer3(data_consumer);
thread consumer4(data_consumer);
consumer1.join();
consumer2.join();
consumer3.join();
consumer4.join();
producer0.join();
}

102
SampleCode/SampleEnclave/Enclave/Edger8rSyntax/Arrays.cpp Normal file
View File

@ -0,0 +1,102 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/* Test Array Attributes */
#include "sgx_trts.h"
#include "../Enclave.h"
#include "Enclave_t.h"
/* ecall_array_user_check:
* [user_check] parameter does not perfrom copy operations.
*/
void ecall_array_user_check(int arr[4])
{
if (sgx_is_outside_enclave(arr, 4 * sizeof(int)) != 1)
abort();
for (int i = 0; i < 4; i++) {
assert(arr[i] == i);
arr[i] = 3 - i;
}
}
/* ecall_array_in:
* arr[] is copied to trusted domain, but modified
* results will not be reflected to the untrusted side.
*/
void ecall_array_in(int arr[4])
{
for (int i = 0; i < 4; i++) {
assert(arr[i] == i);
arr[i] = (3 - i);
}
}
/* ecall_array_out:
* arr[] is allocated inside the enclave, and it will be copied
* to the untrusted side
*/
void ecall_array_out(int arr[4])
{
for (int i = 0; i < 4; i++) {
/* arr is not copied from App */
assert(arr[i] == 0);
arr[i] = (3 - i);
}
}
/* ecall_array_in_out:
* arr[] will be allocated inside the enclave, content of arr[] will be copied either.
* After ECALL returns, the results will be copied to the outside.
*/
void ecall_array_in_out(int arr[4])
{
for (int i = 0; i < 4; i++) {
assert(arr[i] == i);
arr[i] = (3 - i);
}
}
/* ecall_array_isary:
* [isary] tells Edger8r that user defined 'array_t' is an array type.
*/
void ecall_array_isary(array_t arr)
{
if (sgx_is_outside_enclave(arr, sizeof(array_t)) != 1)
abort();
int n = sizeof(array_t)/sizeof(arr[0]);
for (int i = 0; i < n; i++) {
assert(arr[i] == i);
arr[i] = (n - 1 - i);
}
}

98
SampleCode/SampleEnclave/Enclave/Edger8rSyntax/Arrays.edl Normal file
View File

@ -0,0 +1,98 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/* Arrays.edl - Samples for array attributes. */
enclave {
/*
* Only for fixed-size array (size is explicitly specified).
*/
trusted {
/*
* []: can be used to declare an array.
* [user_check]:
* pointer of the array won't be valified, and the buffer pointed by 'arr'
* is not copied into the enclave either. But enclave can modify the memory outside.
*/
public void ecall_array_user_check([user_check] int arr[4]);
/*
* [in]:
* buffer for the array will be allocated inside the enclave,
* content of the array will be copied into the new allocated memory inside.
* Any changes performed inside the enclave will not affect the array outside.
*/
public void ecall_array_in([in] int arr[4]);
/*
* [out]:
* buffer for the array will be allocated inside the enclave,
* but the content of the array won't be copied. After ECALL returns,
* the buffer inside the enclave will copied into outside array.
*/
public void ecall_array_out([out] int arr[4]);
/*
* [in, out]:
* buffer for the array will be allocated inside the enclave,
* the content of the array will be copied either. After ECALL returns,
* the buffer inside the enclave will by copied into outside array again.
*/
public void ecall_array_in_out([in, out] int arr[4]);
/*
* [isary]:
* tells Edger8r the user defined 'array_t' is an array type, 'arr' will be
* treated as a pointer, no memory copied either due to [user_check].
* For OCALLs, 'arr' shall point to the memory outside the enclave.
*/
public void ecall_array_isary([user_check, isary] array_t arr);
};
untrusted {
/*
* [user_check|in|out|in,out|isary] can also be used in OCALLs, refer to the "User Guide" for details.
*/
};
};

84
SampleCode/SampleEnclave/Enclave/Edger8rSyntax/Functions.cpp Normal file
View File

@ -0,0 +1,84 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/* Test Calling Conventions */
#include <string.h>
#include <stdio.h>
#include "../Enclave.h"
#include "Enclave_t.h"
/* ecall_function_calling_convs:
* memccpy is defined in system C library.
*/
void ecall_function_calling_convs(void)
{
sgx_status_t ret = SGX_ERROR_UNEXPECTED;
char s1[] = "1234567890";
char s2[] = "0987654321";
char buf[BUFSIZ] = {'\0'};
memcpy(buf, s1, strlen(s1));
ret = memccpy(NULL, s1, s2, '\0', strlen(s1));
if (ret != SGX_SUCCESS)
abort();
assert(memcmp(s1, s2, strlen(s1)) == 0);
return;
}
/* ecall_function_public:
* The public ECALL that invokes the OCALL 'ocall_function_allow'.
*/
void ecall_function_public(void)
{
sgx_status_t ret = SGX_ERROR_UNEXPECTED;
ret = ocall_function_allow();
if (ret != SGX_SUCCESS)
abort();
return;
}
/* ecall_function_private:
* The private ECALL that only can be invoked in the OCALL 'ocall_function_allow'.
*/
int ecall_function_private(void)
{
return 1;
}

88
SampleCode/SampleEnclave/Enclave/Edger8rSyntax/Functions.edl Normal file
View File

@ -0,0 +1,88 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/* Functions.edl - Samples for function attributes. */
enclave {
/*
* Following keywords/attributes are supported for untrusted functions:
* cdecl, stdcall, fastcall, dllimport (only for Windows).
* [public] is only supported for the trusted functions.
* Trusted function will be treated as [private] w/o the [public].
*/
trusted {
public void ecall_function_calling_convs(void);
/*
* [public]:
* public ECALL can be called directly in App.
*/
public void ecall_function_public(void);
/*
* [private]:
* private ECALL cannot be called directly in App.
*/
int ecall_function_private(void);
};
untrusted {
/*
* [cdecl]:
* tells edger8r the calling convention of the OCALLs is 'cdecl'.
* [dllimport]:
* indicats the OCALL is provided in DLLs.
*
* Note: memccpy() is provided by MS system DLL, we don't need to implement it in App side.
*/
[cdecl, dllimport] void *memccpy([in, out, size=len] void *dest, [in, size=len] const void *src, int val, size_t len);
/*
* [allow]:
* OCALL 'ocall_function_allow' can invoke ECALL 'ecall_function_private' in App side.
*
* Note: No ECALL can be called in OCALL w/o [allow].
*/
void ocall_function_allow(void) allow(ecall_function_private);
};
};

217
SampleCode/SampleEnclave/Enclave/Edger8rSyntax/Pointers.cpp Normal file
View File

@ -0,0 +1,217 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/* Test Pointer Auttributes */
#include <sys/types.h>
#include <string.h>
#include "sgx_trts.h"
#include "../Enclave.h"
#include "Enclave_t.h"
/* checksum_internal:
* get simple checksum of input buffer and length
*/
int32_t checksum_internal(char *buf, size_t count)
{
register int32_t sum = 0;
int16_t *ptr = (int16_t *)buf;
/* Main summing loop */
while(count > 1) {
sum = sum + *ptr++;
count = count - 2;
}
/* Add left-over byte, if any */
if (count > 0)
sum = sum + *((char *)ptr);
return ~sum;
}
/* ecall_pointer_user_check, ecall_pointer_in, ecall_pointer_out, ecall_pointer_in_out:
* The root ECALLs to test [in], [out], [user_check] attributes.
*/
size_t ecall_pointer_user_check(void *val, size_t sz)
{
/* check if the buffer is allocated outside */
if (sgx_is_outside_enclave(val, sz) != 1)
abort();
char tmp[100] = {0};
size_t len = sz>100?100:sz;
/* copy the memory into the enclave to make sure 'val'
* is not being changed in checksum_internal() */
memcpy(tmp, val, len);
int32_t sum = checksum_internal((char *)tmp, len);
printf("Checksum(0x%p, %zu) = 0x%x\n",
val, len, sum);
/* modify outside memory directly */
memcpy(val, "SGX_SUCCESS", len>12?12:len);
return len;
}
/* ecall_pointer_in:
* the buffer of val is copied to the enclave.
*/
void ecall_pointer_in(int *val)
{
if (sgx_is_within_enclave(val, sizeof(int)) != 1)
abort();
*val = 1234;
}
/* ecall_pointer_out:
* the buffer of val is copied to the untrusted side.
*/
void ecall_pointer_out(int *val)
{
if (sgx_is_within_enclave(val, sizeof(int)) != 1)
abort();
assert(*val == 0);
*val = 1234;
}
/* ecall_pointer_in_out:
* the buffer of val is double-copied.
*/
void ecall_pointer_in_out(int *val)
{
if (sgx_is_within_enclave(val, sizeof(int)) != 1)
abort();
*val = 1234;
}
/* ocall_pointer_attr:
* The root ECALL that test OCALL [in], [out], [user_check].
*/
void ocall_pointer_attr(void)
{
sgx_status_t ret = SGX_ERROR_UNEXPECTED;
int val = 0;
ret = ocall_pointer_user_check(&val);
if (ret != SGX_SUCCESS)
abort();
val = 0;
ret = ocall_pointer_in(&val);
if (ret != SGX_SUCCESS)
abort();
assert(val == 0);
val = 0;
ret = ocall_pointer_out(&val);
if (ret != SGX_SUCCESS)
abort();
assert(val == 1234);
val = 0;
ret = ocall_pointer_in_out(&val);
if (ret != SGX_SUCCESS)
abort();
assert(val == 1234);
return;
}
/* ecall_pointer_string:
* [string] defines a string.
*/
void ecall_pointer_string(char *str)
{
strncpy(str, "0987654321", strlen(str));
}
/* ecall_pointer_string_const:
* const [string] defines a string that cannot be modified.
*/
void ecall_pointer_string_const(const char *str)
{
char* temp = new char[strlen(str)];
strncpy(temp, str, strlen(str));
delete []temp;
}
/* ecall_pointer_size:
* 'len' needs to be specified to tell Edger8r the length of 'str'.
*/
void ecall_pointer_size(void *ptr, size_t len)
{
strncpy((char*)ptr, "0987654321", len);
}
/* ecall_pointer_count:
* 'cnt' needs to be specified to tell Edger8r the number of elements in 'arr'.
*/
void ecall_pointer_count(int *arr, int cnt)
{
for (int i = (cnt - 1); i >= 0; i--)
arr[i] = (cnt - 1 - i);
}
/* ecall_pointer_isptr_readonly:
* 'buf' is user defined type, shall be tagged with [isptr].
* if it's not writable, [readonly] shall be specified.
*/
void ecall_pointer_isptr_readonly(buffer_t buf, size_t len)
{
strncpy((char*)buf, "0987654321", len);
}
/* get_buffer_len:
* get the length of input buffer 'buf'.
*/
size_t get_buffer_len(const char* buf)
{
(void)buf;
return 10*sizeof(int);
}
/* ecall_pointer_sizefunc:
* call get_buffer_len to determin the length of 'buf'.
*/
void ecall_pointer_sizefunc(char *buf)
{
int *tmp = (int*)buf;
for (int i = 0; i < 10; i++) {
assert(tmp[i] == 0);
tmp[i] = i;
}
}

190
SampleCode/SampleEnclave/Enclave/Edger8rSyntax/Pointers.edl Normal file
View File

@ -0,0 +1,190 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/* Pointers.edl - Samples for pointer attributes. */
enclave {
/*
* Following keywords/attributes are supported for pointers in Edger8r:
* in, out, user_check,
* string, wstring,
* const, size, count, sizefunc, isptr, readonly
*/
trusted {
/*
* [user_check]:
* the pointer won't be validated, and the buffer pointed by
* 'val' is not copied into the enclave either. But Enclave
* can modify the memory pointed by 'val'.
*/
public size_t ecall_pointer_user_check([user_check] void *val, size_t sz);
/*
* [in]:
* buffer with the same size will be allocated inside the enclave,
* content pointed by 'val' will be copied into the new allocated
* memory inside. Any changes performed inside the enclave will not
* affect the buffer outside.
*/
public void ecall_pointer_in([in] int *val);
/*
* [out]:
* buffer with the same size will be allocated inside the enclave,
* but the content pointed by 'val' won't be copied. But after return,
* the buffer inside the enclave will copied into outside 'val'.
*/
public void ecall_pointer_out([out] int *val);
/*
* [in, out]:
* buffer with the same size will be allocated inside the enclave,
* the content pointed by 'val' will be copied either. After return,
* the buffer inside the enclave will by copied into outside 'val' again.
*/
public void ecall_pointer_in_out([in, out] int *val);
/*
* [string]:
* the attribute tells Edger8r 'str' is NULL terminated string, so strlen
* will be used to count the length of buffer pointed by 'str'.
*/
public void ecall_pointer_string([in, out, string] char *str);
/*
* [const]:
* the attribute tells Edger8r the buffer pointed by 'str' cannot be modified,
* so users cannot decorate 'str' with [out] attribute anymore.
*/
public void ecall_pointer_string_const([in, string] const char *str);
/*
* [size]:
* the attribute tells Edger8r the length of buffer in byte pointed by 'ptr'
* (shall be copied or not).
* Note: Users shall not specify [size] on [string] parameters.
*/
public void ecall_pointer_size([in, out, size=len] void *ptr, size_t len);
/*
* [count]:
* the attribute tells Edger8r the number of integers to be copied from 'arr'.
*/
public void ecall_pointer_count([in, out, count=cnt] int *arr, int cnt);
/*
* [isptr]:
* tells Edger8r the user defined type is a pointer;
* [readonly]:
* forbids the buffer allocated inside the enclave to be copied back to App
* (cannot use with [out]).
*/
public void ecall_pointer_isptr_readonly([in, isptr, readonly, size=len] buffer_t buf, size_t len);
/*
* [sizefunc]:
* call a function to decide the size/length of the parameter;
* Note:
* User need to define and implement `get_buf_len' as:
* size_t get_buf_len(const char* buf);
*/
public void ecall_pointer_sizefunc([sizefunc = get_buffer_len, in, out] char *buf);
};
/*
* Users can define multiple trusted/untrusted blocks,
* edger8r will merged them into one trusted/untrusted block.
*/
trusted {
/*
* Test pointer attributes in OCALLs
*/
public void ocall_pointer_attr(void);
};
untrusted {
/*
* [user_check]:
* the pointer won't be valified, and the buffer pointed by 'val' is not
* copied to outside buffer either. Besides 'App' cannot modify the memory
* pointer by 'val'.
*/
void ocall_pointer_user_check([user_check] int *val);
/*
* [in]:
* buffer with the same size will be allocated in 'App' side, the content
* pointed by 'val' will be copied into the new allocated memory outside.
* Any changes performed by 'App' will not affect the buffer pointed by 'val'.
*/
void ocall_pointer_in([in] int *val);
/*
* [out]:
* buffer with the same size will be allocated in 'App' side, the content
* pointed by 'val' won't be copied. But after return, the buffer outside
* will be copied into the enclave.
*/
void ocall_pointer_out([out] int *val);
/*
* [in, out]:
* buffer with the same size will be allocated in 'App' side, the content
* pointed by 'val' will be copied either. After return, the buffer outside
* will copied into the enclave.
*/
void ocall_pointer_in_out([in, out] int *val);
};
};

155
SampleCode/SampleEnclave/Enclave/Edger8rSyntax/Types.cpp Normal file
View File

@ -0,0 +1,155 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/* Test Basic Types */
#include "sgx_trts.h"
#include "../Enclave.h"
#include "Enclave_t.h"
#include <limits>
#include <cmath>
/* used to eliminate `unused variable' warning */
#define UNUSED(val) (void)(val)
#define ULP 2
/* used to compare double variables in order to avoid compile warnings */
bool almost_equal(double x, double y)
{
/* the machine epsilon has to be scaled to the magnitude of the larger value
and multiplied by the desired precision in ULPs (units in the last place) */
return std::abs(x-y) <= std::numeric_limits<double>::epsilon() * std::abs(x+y) * ULP;
}
/* used to compare double variables in order to avoid compile warnings */
bool almost_equal(float x, float y)
{
/* the machine epsilon has to be scaled to the magnitude of the larger value
and multiplied by the desired precision in ULPs (units in the last place) */
return std::abs(x-y) <= std::numeric_limits<float>::epsilon() * std::abs(x+y) * ULP;
}
/* ecall_type_char:
* [char] value passed by App.
*/
void ecall_type_char(char val)
{
assert(val == 0x12);
#ifndef DEBUG
UNUSED(val);
#endif
}
/* ecall_type_int:
* [int] value passed by App.
*/
void ecall_type_int(int val)
{
assert(val == 1234);
#ifndef DEBUG
UNUSED(val);
#endif
}
/* ecall_type_float:
* [float] value passed by App.
*/
void ecall_type_float(float val)
{
assert(almost_equal(val, (float)1234.0));
#ifndef DEBUG
UNUSED(val);
#endif
}
/* ecall_type_double:
* [double] value passed by App.
*/
void ecall_type_double(double val)
{
assert(almost_equal(val, (double)1234.5678));
#ifndef DEBUG
UNUSED(val);
#endif
}
/* ecall_type_size_t:
* [size_t] value passed by App.
*/
void ecall_type_size_t(size_t val)
{
assert(val == (size_t)12345678);
#ifndef DEBUG
UNUSED(val);
#endif
}
/* ecall_type_wchar_t:
* [wchar_t] value passed by App.
*/
void ecall_type_wchar_t(wchar_t val)
{
assert(val == (wchar_t)0x1234);
#ifndef DEBUG
UNUSED(val);
#endif
}
/* ecall_type_struct:
* struct_foo_t is defined in EDL and can be used in ECALL.
*/
void ecall_type_struct(struct struct_foo_t val)
{
assert(val.struct_foo_0 == 1234);
assert(val.struct_foo_1 == 5678);
#ifndef DEBUG
UNUSED(val);
#endif
}
/*
* ecall_type_enum_union:
* enum_foo_t/union_foo_t is defined in EDL
* and can be used in ECALL.
*/
void ecall_type_enum_union(enum enum_foo_t val1, union union_foo_t *val2)
{
if (sgx_is_outside_enclave(val2, sizeof(union union_foo_t)) != 1)
abort();
val2->union_foo_0 = 1;
val2->union_foo_1 = 2; /* overwrite union_foo_0 */
assert(val1 == ENUM_FOO_0);
#ifndef DEBUG
UNUSED(val1);
#endif
}

87
SampleCode/SampleEnclave/Enclave/Edger8rSyntax/Types.edl Normal file
View File

@ -0,0 +1,87 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/* Types.edl - Samples for basic types. */
enclave {
/*
* Following types can be supported in Edger8r:
* char, short, int, float, double, void,
* int8_t, int16_t, int32_t, int64_t,
* size_t, wchar_t,
* uint8_t, uint16_t, uint32_t, uint64_t,
* unsigned, struct, enum, union.
*/
/*
* We will demo few types in ECALL functions, data
* types in OCALL functions can be handled either.
*/
/* structure definition */
struct struct_foo_t {
/* Basic types can be used in structure. */
uint32_t struct_foo_0;
uint64_t struct_foo_1;
};
/* enum definition */
enum enum_foo_t {
ENUM_FOO_0 = 0,
ENUM_FOO_1 = 1
};
/* union definition */
union union_foo_t {
uint32_t union_foo_0;
uint32_t union_foo_1;
uint64_t union_foo_3;
};
trusted {
public void ecall_type_char(char val);
public void ecall_type_int(int val);
public void ecall_type_float(float val);
public void ecall_type_double(double val);
public void ecall_type_size_t(size_t val);
public void ecall_type_wchar_t(wchar_t val);
public void ecall_type_struct(struct struct_foo_t val);
public void ecall_type_enum_union(enum enum_foo_t val1, [user_check] union union_foo_t *val2);
/* for using user defined types, please refer to Pointers.edl, Arrays.edl. */
};
};

12
SampleCode/SampleEnclave/Enclave/Enclave.config.xml Normal file
View File

@ -0,0 +1,12 @@
<!-- Please refer to User's Guide for the explanation of each field -->
<EnclaveConfiguration>
<ProdID>0</ProdID>
<ISVSVN>0</ISVSVN>
<StackMaxSize>0x40000</StackMaxSize>
<HeapMaxSize>0x100000</HeapMaxSize>
<TCSNum>10</TCSNum>
<TCSPolicy>1</TCSPolicy>
<DisableDebug>0</DisableDebug>
<MiscSelect>0</MiscSelect>
<MiscMask>0xFFFFFFFF</MiscMask>
</EnclaveConfiguration>

51
SampleCode/SampleEnclave/Enclave/Enclave.cpp Normal file
View File

@ -0,0 +1,51 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include <stdarg.h>
#include <stdio.h> /* vsnprintf */
#include "Enclave.h"
#include "Enclave_t.h" /* print_string */
/*
* printf:
* Invokes OCALL to display the enclave buffer to the terminal.
*/
void printf(const char *fmt, ...)
{
char buf[BUFSIZ] = {'\0'};
va_list ap;
va_start(ap, fmt);
vsnprintf(buf, BUFSIZ, fmt, ap);
va_end(ap);
ocall_print_string(buf);
}

62
SampleCode/SampleEnclave/Enclave/Enclave.edl Normal file
View File

@ -0,0 +1,62 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/* Enclave.edl - Top EDL file. */
enclave {
include "user_types.h" /* buffer_t */
/* Import ECALL/OCALL from sub-directory EDLs.
* [from]: specifies the location of EDL file.
* [import]: specifies the functions to import,
* [*]: implies to import all functions.
*/
from "Edger8rSyntax/Types.edl" import *;
from "Edger8rSyntax/Pointers.edl" import *;
from "Edger8rSyntax/Arrays.edl" import *;
from "Edger8rSyntax/Functions.edl" import *;
from "TrustedLibrary/Libc.edl" import *;
from "TrustedLibrary/Libcxx.edl" import ecall_exception, ecall_map;
from "TrustedLibrary/Thread.edl" import *;
/*
* ocall_print_string - invokes OCALL to display string buffer inside the enclave.
* [in]: copy the string buffer to App outside.
* [string]: specifies 'str' is a NULL terminated buffer.
*/
untrusted {
void ocall_print_string([in, string] const char *str);
};
};

49
SampleCode/SampleEnclave/Enclave/Enclave.h Normal file
View File

@ -0,0 +1,49 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#ifndef _ENCLAVE_H_
#define _ENCLAVE_H_
#include <stdlib.h>
#include <assert.h>
#if defined(__cplusplus)
extern "C" {
#endif
void printf(const char *fmt, ...);
#if defined(__cplusplus)
}
#endif
#endif /* !_ENCLAVE_H_ */

9
SampleCode/SampleEnclave/Enclave/Enclave.lds Normal file
View File

@ -0,0 +1,9 @@
enclave.so
{
global:
g_global_data_sim;
g_global_data;
enclave_entry;
local:
*;
};

39
SampleCode/SampleEnclave/Enclave/Enclave_private.pem Normal file
View File

@ -0,0 +1,39 @@
-----BEGIN RSA PRIVATE KEY-----
MIIG4gIBAAKCAYEAroOogvsj/fZDZY8XFdkl6dJmky0lRvnWMmpeH41Bla6U1qLZ
AmZuyIF+mQC/cgojIsrBMzBxb1kKqzATF4+XwPwgKz7fmiddmHyYz2WDJfAjIveJ
ZjdMjM4+EytGlkkJ52T8V8ds0/L2qKexJ+NBLxkeQLfV8n1mIk7zX7jguwbCG1Pr
nEMdJ3Sew20vnje+RsngAzdPChoJpVsWi/K7cettX/tbnre1DL02GXc5qJoQYk7b
3zkmhz31TgFrd9VVtmUGyFXAysuSAb3EN+5VnHGr0xKkeg8utErea2FNtNIgua8H
ONfm9Eiyaav1SVKzPHlyqLtcdxH3I8Wg7yqMsaprZ1n5A1v/levxnL8+It02KseD
5HqV4rf/cImSlCt3lpRg8U5E1pyFQ2IVEC/XTDMiI3c+AR+w2jSRB3Bwn9zJtFlW
KHG3m1xGI4ck+Lci1JvWWLXQagQSPtZTsubxTQNx1gsgZhgv1JHVZMdbVlAbbRMC
1nSuJNl7KPAS/VfzAgEDAoIBgHRXxaynbVP5gkO0ug6Qw/E27wzIw4SmjsxG6Wpe
K7kfDeRskKxESdsA/xCrKkwGwhcx1iIgS5+Qscd1Yg+1D9X9asd/P7waPmWoZd+Z
AhlKwhdPsO7PiF3e1AzHhGQwsUTt/Y/aSI1MpHBvy2/s1h9mFCslOUxTmWw0oj/Q
ldIEgWeNR72CE2+jFIJIyml6ftnb6qzPiga8Bm48ubKh0kvySOqnkmnPzgh+JBD6
JnBmtZbfPT97bwTT+N6rnPqOOApvfHPf15kWI8yDbprG1l4OCUaIUH1AszxLd826
5IPM+8gINLRDP1MA6azECPjTyHXhtnSIBZCyWSVkc05vYmNXYUNiXWMajcxW9M02
wKzFELO8NCEAkaTPxwo4SCyIjUxiK1LbQ9h8PSy4c1+gGP4LAMR8xqP4QKg6zdu9
osUGG/xRe/uufgTBFkcjqBHtK5L5VI0jeNIUAgW/6iNbYXjBMJ0GfauLs+g1VsOm
WfdgXzsb9DYdMa0OXXHypmV4GwKBwQDUwQj8RKJ6c8cT4vcWCoJvJF00+RFL+P3i
Gx2DLERxRrDa8AVGfqaCjsR+3vLgG8V/py+z+dxZYSqeB80Qeo6PDITcRKoeAYh9
xlT3LJOS+k1cJcEmlbbO2IjLkTmzSwa80fWexKu8/Xv6vv15gpqYl1ngYoqJM3pd
vzmTIOi7MKSZ0WmEQavrZj8zK4endE3v0eAEeQ55j1GImbypSf7Idh7wOXtjZ7WD
Dg6yWDrri+AP/L3gClMj8wsAxMV4ZR8CgcEA0fzDHkFa6raVOxWnObmRoDhAtE0a
cjUj976NM5yyfdf2MrKy4/RhdTiPZ6b08/lBC/+xRfV3xKVGzacm6QjqjZrUpgHC
0LKiZaMtccCJjLtPwQd0jGQEnKfMFaPsnhOc5y8qVkCzVOSthY5qhz0XNotHHFmJ
gffVgB0iqrMTvSL7IA2yqqpOqNRlhaYhNl8TiFP3gIeMtVa9rZy31JPgT2uJ+kfo
gV7sdTPEjPWZd7OshGxWpT6QfVDj/T9T7L6tAoHBAI3WBf2DFvxNL2KXT2QHAZ9t
k3imC4f7U+wSE6zILaDZyzygA4RUbwG0gv8/TJVn2P/Eynf76DuWHGlaiLWnCbSz
Az2DHBQBBaku409zDQym3j1ugMRjzzSQWzJg0SIyBH3hTmnYcn3+Uqcp/lEBvGW6
O+rsXFt3pukqJmIV8HzLGGaLm62BHUeZf3dyWm+i3p/hQAL7Xvu04QW70xuGqdr5
afV7p5eaeQIJXyGQJ0eylV/90+qxjMKiB1XYg6WYvwKBwQCL/ddpgOdHJGN8uRom
e7Zq0Csi3hGheMKlKbN3vcxT5U7MdyHtTZZOJbTvxKNNUNYH/8uD+PqDGNneb29G
BfGzvI3EASyLIcGZF3OhKwZd0jUrWk2y7Vhob91jwp2+t73vdMbkKyI4mHOuXvGv
fg95si9oO7EBT+Oqvhccd2J+F1IVXncccYnF4u5ZGWt5lLewN/pVr7MjjykeaHqN
t+rfnQam2psA6fL4zS2zTmZPzR2tnY8Y1GBTi0Ko1OKd1HMCgcAb5cB/7/AQlhP9
yQa04PLH9ygQkKKptZp7dy5WcWRx0K/hAHRoi2aw1wZqfm7VBNu2SLcs90kCCCxp
6C5sfJi6b8NpNbIPC+sc9wsFr7pGo9SFzQ78UlcWYK2Gu2FxlMjonhka5hvo4zvg
WxlpXKEkaFt3gLd92m/dMqBrHfafH7VwOJY2zT3WIpjwuk0ZzmRg5p0pG/svVQEH
NZmwRwlopysbR69B/n1nefJ84UO50fLh5s5Zr3gBRwbWNZyzhXk=
-----END RSA PRIVATE KEY-----

59
SampleCode/SampleEnclave/Enclave/TrustedLibrary/Libc.cpp Normal file
View File

@ -0,0 +1,59 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include <string.h>
#include <sgx_cpuid.h>
#include "sgx_trts.h"
#include "../Enclave.h"
#include "Enclave_t.h"
/* ecall_malloc_free:
* Uses malloc/free to allocate/free trusted memory.
*/
void ecall_malloc_free(void)
{
void *ptr = malloc(100);
assert(ptr != NULL);
memset(ptr, 0x0, 100);
free(ptr);
}
/* ecall_sgx_cpuid:
* Uses sgx_cpuid to get CPU features and types.
*/
void ecall_sgx_cpuid(int cpuinfo[4], int leaf)
{
sgx_status_t ret = sgx_cpuid(cpuinfo, leaf);
if (ret != SGX_SUCCESS)
abort();
}

55
SampleCode/SampleEnclave/Enclave/TrustedLibrary/Libc.edl Normal file
View File

@ -0,0 +1,55 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/* Libc.edl - EDL sample for trusted C library. */
enclave {
from "sgx_tstdc.edl" import sgx_oc_cpuidex;
/*
* A subset of the C99 standard is supported as well as SGX customized functions:
* sgx_cpuid, etc.
*/
trusted {
/*
* Utilize malloc/free in enclave.
*/
public void ecall_malloc_free(void);
/*
* Utilize SGX version __cpuid() in enclave.
*/
public void ecall_sgx_cpuid([in, out] int cpuinfo[4], int leaf);
};
};

89
SampleCode/SampleEnclave/Enclave/TrustedLibrary/Libcxx.cpp Normal file
View File

@ -0,0 +1,89 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include <cstdlib>
#include <string>
#include "../Enclave.h"
#include "Enclave_t.h"
/*
* ecall_exception:
* throw/catch C++ exception inside the enclave.
*/
void ecall_exception(void)
{
std::string foo = "foo";
try {
throw std::runtime_error(foo);
}
catch (std::runtime_error const& e) {
assert( foo == e.what() );
std::runtime_error clone("");
clone = e;
assert(foo == clone.what() );
}
catch (...) {
assert( false );
}
}
#include <map>
#include <algorithm>
using namespace std;
/*
* ecall_map:
* Utilize STL <map> in the enclave.
*/
void ecall_map(void)
{
typedef map<char, int, less<char> > map_t;
typedef map_t::value_type map_value;
map_t m;
m.insert(map_value('a', 1));
m.insert(map_value('b', 2));
m.insert(map_value('c', 3));
m.insert(map_value('d', 4));
assert(m['a'] == 1);
assert(m['b'] == 2);
assert(m['c'] == 3);
assert(m['d'] == 4);
assert(m.find('e') == m.end());
return;
}

52
SampleCode/SampleEnclave/Enclave/TrustedLibrary/Libcxx.edl Normal file
View File

@ -0,0 +1,52 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/* Libcxx.edl - EDL sample for trusted C++ library. */
enclave {
/*
* A subset of the C++03 standard is supported.
*/
trusted {
/*
* Throw/catch exception inside the enclave.
*/
public void ecall_exception(void);
/*
* Utilize <map> inside the enclave.
*/
public void ecall_map(void);
};
};

104
SampleCode/SampleEnclave/Enclave/TrustedLibrary/Thread.cpp Normal file
View File

@ -0,0 +1,104 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#include "../Enclave.h"
#include "Enclave_t.h"
#include <sgx_thread.h>
static size_t global_counter = 0;
static sgx_thread_mutex_t global_mutex = SGX_THREAD_MUTEX_INITIALIZER;
#define BUFFER_SIZE 50
typedef struct {
int buf[BUFFER_SIZE];
int occupied;
int nextin;
int nextout;
sgx_thread_mutex_t mutex;
sgx_thread_cond_t more;
sgx_thread_cond_t less;
} cond_buffer_t;
static cond_buffer_t buffer = {{0, 0, 0, 0, 0, 0}, 0, 0, 0,
SGX_THREAD_MUTEX_INITIALIZER, SGX_THREAD_COND_INITIALIZER, SGX_THREAD_COND_INITIALIZER};
/*
* ecall_increase_counter:
* Utilize thread APIs inside the enclave.
*/
size_t ecall_increase_counter(void)
{
size_t ret = 0;
for (int i = 0; i < LOOPS_PER_THREAD; i++) {
sgx_thread_mutex_lock(&global_mutex);
/* mutually exclusive adding */
size_t tmp = global_counter;
global_counter = ++tmp;
if (4*LOOPS_PER_THREAD == global_counter)
ret = global_counter;
sgx_thread_mutex_unlock(&global_mutex);
}
return ret;
}
void ecall_producer(void)
{
for (int i = 0; i < 4*LOOPS_PER_THREAD; i++) {
cond_buffer_t *b = &buffer;
sgx_thread_mutex_lock(&b->mutex);
while (b->occupied >= BUFFER_SIZE)
sgx_thread_cond_wait(&b->less, &b->mutex);
b->buf[b->nextin] = b->nextin;
b->nextin++;
b->nextin %= BUFFER_SIZE;
b->occupied++;
sgx_thread_cond_signal(&b->more);
sgx_thread_mutex_unlock(&b->mutex);
}
}
void ecall_consumer(void)
{
for (int i = 0; i < LOOPS_PER_THREAD; i++) {
cond_buffer_t *b = &buffer;
sgx_thread_mutex_lock(&b->mutex);
while(b->occupied <= 0)
sgx_thread_cond_wait(&b->more, &b->mutex);
b->buf[b->nextout++] = 0;
b->nextout %= BUFFER_SIZE;
b->occupied--;
sgx_thread_cond_signal(&b->less);
sgx_thread_mutex_unlock(&b->mutex);
}
}

51
SampleCode/SampleEnclave/Enclave/TrustedLibrary/Thread.edl Normal file
View File

@ -0,0 +1,51 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/* Thread.edl - EDL sample for trusted thread library. */
enclave {
from "sgx_tstdc.edl" import sgx_thread_wait_untrusted_event_ocall, sgx_thread_set_untrusted_event_ocall, sgx_thread_setwait_untrusted_events_ocall, sgx_thread_set_multiple_untrusted_events_ocall;
trusted {
/*
* Use SGX mutex.
*/
public size_t ecall_increase_counter();
/*
* Use SGX condition variables.
*/
public void ecall_producer();
public void ecall_consumer();
};
};

40
SampleCode/SampleEnclave/Include/user_types.h Normal file
View File

@ -0,0 +1,40 @@
/*
* Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/* User defined types */
#define LOOPS_PER_THREAD 500
typedef void *buffer_t;
typedef int array_t[10];

209
SampleCode/SampleEnclave/Makefile Normal file
View File

@ -0,0 +1,209 @@
#
# Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
#
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in
# the documentation and/or other materials provided with the
# distribution.
# * Neither the name of Intel Corporation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
#
######## SGX SDK Settings ########
SGX_SDK ?= /opt/intel/sgxsdk
SGX_MODE ?= SIM
SGX_ARCH ?= x64
ifeq ($(shell getconf LONG_BIT), 32)
SGX_ARCH := x86
else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32)
SGX_ARCH := x86
endif
ifeq ($(SGX_ARCH), x86)
SGX_COMMON_CFLAGS := -m32
SGX_LIBRARY_PATH := $(SGX_SDK)/lib
SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign
SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r
else
SGX_COMMON_CFLAGS := -m64
SGX_LIBRARY_PATH := $(SGX_SDK)/lib64
SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign
SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r
endif
ifeq ($(SGX_DEBUG), 1)
ifeq ($(SGX_PRERELEASE), 1)
$(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!)
endif
endif
ifeq ($(SGX_DEBUG), 1)
SGX_COMMON_CFLAGS += -O0 -g
else
SGX_COMMON_CFLAGS += -O2
endif
######## App Settings ########
ifneq ($(SGX_MODE), HW)
Urts_Library_Name := sgx_urts_sim
else
Urts_Library_Name := sgx_urts
endif
App_Cpp_Files := App/App.cpp $(wildcard App/Edger8rSyntax/*.cpp) $(wildcard App/TrustedLibrary/*.cpp)
App_Include_Paths := -IInclude -IApp -I$(SGX_SDK)/include
App_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths)
# Three configuration modes - Debug, prerelease, release
# Debug - Macro DEBUG enabled.
# Prerelease - Macro NDEBUG and EDEBUG enabled.
# Release - Macro NDEBUG enabled.
ifeq ($(SGX_DEBUG), 1)
App_C_Flags += -DDEBUG -UNDEBUG -UEDEBUG
else ifeq ($(SGX_PRERELEASE), 1)
App_C_Flags += -DNDEBUG -DEDEBUG -UDEBUG
else
App_C_Flags += -DNDEBUG -UEDEBUG -UDEBUG
endif
App_Cpp_Flags := $(App_C_Flags) -std=c++11
App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -lpthread
ifneq ($(SGX_MODE), HW)
App_Link_Flags += -lsgx_uae_service_sim
else
App_Link_Flags += -lsgx_uae_service
endif
App_Cpp_Objects := $(App_Cpp_Files:.cpp=.o)
App_Name := app
######## Enclave Settings ########
ifneq ($(SGX_MODE), HW)
Trts_Library_Name := sgx_trts_sim
Service_Library_Name := sgx_tservice_sim
else
Trts_Library_Name := sgx_trts
Service_Library_Name := sgx_tservice
endif
Crypto_Library_Name := sgx_tcrypto
Enclave_Cpp_Files := Enclave/Enclave.cpp $(wildcard Enclave/Edger8rSyntax/*.cpp) $(wildcard Enclave/TrustedLibrary/*.cpp)
Enclave_Include_Paths := -IInclude -IEnclave -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/stlport
Enclave_C_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector $(Enclave_Include_Paths)
Enclave_Cpp_Flags := $(Enclave_C_Flags) -std=c++03 -nostdinc++
Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \
-Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
-Wl,--start-group -lsgx_tstdc -lsgx_tstdcxx -l$(Crypto_Library_Name) -l$(Service_Library_Name) -Wl,--end-group \
-Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
-Wl,-pie,-eenclave_entry -Wl,--export-dynamic \
-Wl,--defsym,__ImageBase=0 \
-Wl,--version-script=Enclave/Enclave.lds
Enclave_Cpp_Objects := $(Enclave_Cpp_Files:.cpp=.o)
Enclave_Name := enclave.so
Signed_Enclave_Name := enclave.signed.so
Enclave_Config_File := Enclave/Enclave.config.xml
ifeq ($(SGX_MODE), HW)
ifneq ($(SGX_DEBUG), 1)
ifneq ($(SGX_PRERELEASE), 1)
Build_Mode = HW_RELEASE
endif
endif
endif
.PHONY: all run
ifeq ($(Build_Mode), HW_RELEASE)
all: $(App_Name) $(Enclave_Name)
@echo "The project has been built in release hardware mode."
@echo "Please sign the $(Enclave_Name) first with your signing key before you run the $(App_Name) to launch and access the enclave."
@echo "To sign the enclave use the command:"
@echo " $(SGX_ENCLAVE_SIGNER) sign -key <your key> -enclave $(Enclave_Name) -out <$(Signed_Enclave_Name)> -config $(Enclave_Config_File)"
@echo "You can also sign the enclave using an external signing tool. See User's Guide for more details."
@echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW."
else
all: $(App_Name) $(Signed_Enclave_Name)
endif
run: all
ifneq ($(Build_Mode), HW_RELEASE)
@$(CURDIR)/$(App_Name)
@echo "RUN => $(App_Name) [$(SGX_MODE)|$(SGX_ARCH), OK]"
endif
######## App Objects ########
App/Enclave_u.c: $(SGX_EDGER8R) Enclave/Enclave.edl
@cd App && $(SGX_EDGER8R) --untrusted ../Enclave/Enclave.edl --search-path ../Enclave --search-path $(SGX_SDK)/include
@echo "GEN => $@"
App/Enclave_u.o: App/Enclave_u.c
@$(CC) $(App_C_Flags) -c $< -o $@
@echo "CC <= $<"
App/%.o: App/%.cpp
@$(CXX) $(App_Cpp_Flags) -c $< -o $@
@echo "CXX <= $<"
$(App_Name): App/Enclave_u.o $(App_Cpp_Objects)
@$(CXX) $^ -o $@ $(App_Link_Flags)
@echo "LINK => $@"
######## Enclave Objects ########
Enclave/Enclave_t.c: $(SGX_EDGER8R) Enclave/Enclave.edl
@cd Enclave && $(SGX_EDGER8R) --trusted ../Enclave/Enclave.edl --search-path ../Enclave --search-path $(SGX_SDK)/include
@echo "GEN => $@"
Enclave/Enclave_t.o: Enclave/Enclave_t.c
@$(CC) $(Enclave_C_Flags) -c $< -o $@
@echo "CC <= $<"
Enclave/%.o: Enclave/%.cpp
@$(CXX) $(Enclave_Cpp_Flags) -c $< -o $@
@echo "CXX <= $<"
$(Enclave_Name): Enclave/Enclave_t.o $(Enclave_Cpp_Objects)
@$(CXX) $^ -o $@ $(Enclave_Link_Flags)
@echo "LINK => $@"
$(Signed_Enclave_Name): $(Enclave_Name)
@$(SGX_ENCLAVE_SIGNER) sign -key Enclave/Enclave_private.pem -enclave $(Enclave_Name) -out $@ -config $(Enclave_Config_File)
@echo "SIGN => $@"
.PHONY: clean
clean:
@rm -f $(App_Name) $(Enclave_Name) $(Signed_Enclave_Name) $(App_Cpp_Objects) App/Enclave_u.* $(Enclave_Cpp_Objects) Enclave/Enclave_t.*

29
SampleCode/SampleEnclave/README.txt Normal file
View File

@ -0,0 +1,29 @@
------------------------
Purpose of SampleEnclave
------------------------
The project demonstrates several fundamental usages of Intel(R) Software Guard
Extensions (SGX) SDK:
- Initializing and destroying an enclave
- Creating ECALLs or OCALLs
- Calling trusted libraries inside the enclave
------------------------------------
How to Build/Execute the Sample Code
------------------------------------
1. Install Intel(R) SGX SDK for Linux* OS
2. Build the project with the prepared Makefile:
a. Hardware Mode, Debug build:
$ make SGX_MODE=HW SGX_DEBUG=1
b. Hardware Mode, Pre-release build:
$ make SGX_MODE=HW SGX_PRERELEASE=1
c. Hardware Mode, Release build:
$ make SGX_MODE=HW
d. Simulation Mode, Debug build:
$ make SGX_DEBUG=1
e. Simulation Mode, Pre-release build:
$ make SGX_PRERELEASE=1
f. Simulation Mode, Release build:
$ make
3. Execute the binary directly:
$ ./app