diff --git a/wallfacer2.0/secgear_da/CMakeLists.txt b/wallfacer2.0/secgear_da/CMakeLists.txt new file mode 100644 index 0000000000000000000000000000000000000000..c731a8c9f7fe7926ac9351995a540dc221fe929b --- /dev/null +++ b/wallfacer2.0/secgear_da/CMakeLists.txt @@ -0,0 +1,44 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. +# secGear is licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR +# PURPOSE. +# See the Mulan PSL v2 for more details. + +project(HelloWorld CXX) + +# set(CMAKE_C_STANDARD 99) +set(CMAKE_CXX_STANDARD 17) + + +set(CURRENT_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR}) + +#set edl name +set(EDL_FILE da.edl) +set(CODEGEN codegen) + +if(CC_GP) + set(CODETYPE trustzone) + set(UUID f68fd704-6eb1-4d14-b218-722850eb3ef0) + add_definitions(-DPATH="/data/${UUID}.sec") +endif() + +if (NOT DEFINED SSL_PATH) + set(SSL_PATH /opt/intel/sgxssl) +endif() + +if(CC_SGX) + set(CODETYPE sgx) + add_definitions(-DPATH="${CMAKE_CURRENT_BINARY_DIR}/enclave/enclave.signed.so") +endif() + +if(CC_PL) + set(CODETYPE penglai) + add_definitions(-DPATH="${CMAKE_CURRENT_SOURCE_DIR}/enclave/penglai-ELF") +endif() + +add_subdirectory(${CURRENT_ROOT_PATH}/enclave) +add_subdirectory(${CURRENT_ROOT_PATH}/host) diff --git a/wallfacer2.0/secgear_da/da.edl b/wallfacer2.0/secgear_da/da.edl new file mode 100644 index 0000000000000000000000000000000000000000..5d5470ec8df94416fbb2207cc35da14779dd272a --- /dev/null +++ b/wallfacer2.0/secgear_da/da.edl @@ -0,0 +1,31 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * secGear is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + +enclave { + include "secgear_urts.h" + from "secgear_tstdc.edl" import *; + from "secgear_tssl.edl" import *; + from "secgear_pthread.edl" import*; + trusted { + public int get_string([out, size=32]char *buf); + + // 初始化数据表 + public int InitCustomerItem(uint64_t customer_items_addr, size_t cust_size); + + // 查询数据 + public int GetData([in, size=32]int32_t* FieldIndex, size_t field_len, uint64_t item_addr, uint64_t res_item_addr,[out,size=16]size_t* res_len); + + }; + untrusted { + void print(uint64_t c); + }; +}; diff --git a/wallfacer2.0/secgear_da/enclave/CMakeLists.txt b/wallfacer2.0/secgear_da/enclave/CMakeLists.txt new file mode 100644 index 0000000000000000000000000000000000000000..d5749bd67dc35567db0febf6d74a7bee42e837a9 --- /dev/null +++ b/wallfacer2.0/secgear_da/enclave/CMakeLists.txt @@ -0,0 +1,234 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. +# secGear is licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR +# PURPOSE. +# See the Mulan PSL v2 for more details. + +#set auto code prefix +set(PREFIX da) + +#set sign key +set(PEM Enclave_private.pem) + +#set sign tool +set(SIGN_TOOL ${LOCAL_ROOT_PATH}/tools/sign_tool/sign_tool.sh) + +#set enclave src code +set(SOURCE_FILES ${CMAKE_CURRENT_SOURCE_DIR}/da.cpp) + +#set log level +set(PRINT_LEVEL 3) +add_definitions(-DPRINT_LEVEL=${PRINT_LEVEL}) + +if(CC_GP) + #set signed output + set(OUTPUT ${UUID}.sec) + #set whilelist. default: /vendor/bin/teec_hello + set(WHITE_LIST_0 /vendor/bin/helloworld) + set(WHITE_LIST_OWNER root) + set(WHITE_LIST_1 /vendor/bin/secgear_helloworld) + set(WHITELIST WHITE_LIST_0 WHITE_LIST_1) + + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp) +endif() + +if(CC_SGX) + set(OUTPUT enclave.signed.so) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SDK_PATH}/include --search-path ${SSL_PATH}/include) +endif() + +if(CC_PL) + set(OUTPUT penglai-ELF) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/penglai) +endif() + +set(COMMON_C_FLAGS "-W -Wall -Werror -fno-short-enums -fno-omit-frame-pointer -fstack-protector \ + -Wstack-protector --param ssp-buffer-size=4 -frecord-gcc-switches -Wextra -nostdinc -nodefaultlibs \ + -fno-peephole -fno-peephole2 -Wno-main -Wno-error=unused-parameter \ + -Wno-error=unused-but-set-variable -Wno-error=format-truncation=") + +set(COMMON_C_LINK_FLAGS "-Wl,-z,now -Wl,-z,relro -Wl,-z,noexecstack -Wl,-nostdlib -nodefaultlibs -nostartfiles") + +if(CC_GP) + + set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -march=armv8-a ") + set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s -fPIC") + set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-s") + + set(ITRUSTEE_TEEDIR ${SDK_PATH}/) + set(ITRUSTEE_LIBC ${SDK_PATH}/thirdparty/open_source/musl/libc) + + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${CMAKE_BINARY_DIR}/lib/) + endif() + + add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES}) + + target_include_directories( ${PREFIX} PRIVATE + ${CMAKE_CURRENT_BINARY_DIR} + ${CMAKE_BINARY_DIR}/inc + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/gp + ${LOCAL_ROOT_PATH}/inc/enclave_inc + ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp + ${ITRUSTEE_TEEDIR}/include/TA + ${ITRUSTEE_TEEDIR}/include/TA/huawei_ext + ${ITRUSTEE_LIBC}/arch/aarch64 + ${ITRUSTEE_LIBC}/ + ${ITRUSTEE_LIBC}/arch/arm/bits + ${ITRUSTEE_LIBC}/arch/generic + ${ITRUSTEE_LIBC}/arch/arm + ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp/itrustee) + + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${PREFIX} PRIVATE + ${CMAKE_BINARY_DIR}/lib/) + endif() + + foreach(WHITE_LIST ${WHITELIST}) + add_definitions(-D${WHITE_LIST}="${${WHITE_LIST}}") + endforeach(WHITE_LIST) + add_definitions(-DWHITE_LIST_OWNER="${WHITE_LIST_OWNER}") + + target_link_libraries(${PREFIX} -lsecgear_tee) + + #for trustzone compiling, you should connact us to get config and private_key.pem for test, so we will not sign and install binary in this example # + # add_custom_command(TARGET ${PREFIX} + # POST_BUILD + # COMMAND bash ${SIGN_TOOL} -d sign -x trustzone -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -c ${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt -m ${CMAKE_CURRENT_SOURCE_DIR}/config_cloud.ini -o ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT}) + + # install(FILES ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT} + # DESTINATION /data + # PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) + +endif() + +if(CC_SGX) + set(SGX_DIR ${SDK_PATH}) + set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -m64 -fvisibility=hidden") + set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s") + set(LINK_LIBRARY_PATH ${SGX_DIR}/lib64) + + set(OPENSSL_LIBRARY_PATH ${SSL_PATH}/lib64) # openssl动态库 + + if(CC_SIM) + set(Trts_Library_Name sgx_trts_sim) + set(Service_Library_Name sgx_tservice_sim) + else() + set(Trts_Library_Name sgx_trts) + set(Service_Library_Name sgx_tservice) + endif() + + set(Crypto_Library_Name sgx_tcrypto) + + set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-z,defs -Wl,-pie -Bstatic -Bsymbolic -eenclave_entry \ + -Wl,--export-dynamic -Wl,--defsym,__ImageBase=0 -Wl,--gc-sections -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/Enclave.lds") + + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories( + ${LINK_LIBRARY_PATH} + ${OPENSSL_LIBRARY_PATH} + ) + endif() + + add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES}) + + target_include_directories(${PREFIX} PRIVATE + ${CMAKE_CURRENT_BINARY_DIR} + ${SGX_DIR}/include/tlibc + ${SGX_DIR}/include/libcxx + ${SGX_DIR}/include + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/sgx + ${SSL_PATH}/include #openssl静态库 + ${CURRENT_ROOT_PATH}/include + ) + + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${PREFIX} PRIVATE + ${LINK_LIBRARY_PATH} + ${OPENSSL_LIBRARY_PATH} + ${CURRENT_ROOT_PATH}/include + ) + endif() + + target_link_libraries(${PREFIX} -Wl,--whole-archive ${Trts_Library_Name} -lsgx_tsgxssl -Wl,--no-whole-archive + -Wl,--start-group + -lsgx_tstdc -lsgx_tcxx -lsgx_tsgxssl -lsgx_tsgxssl_crypto -lsgx_usgxssl + -lsgx_tcrypto -lsgx_pthread + -l${Crypto_Library_Name} -l${Service_Library_Name} + -Wl,--end-group) + add_custom_command(TARGET ${PREFIX} + POST_BUILD + COMMAND umask 0177 + COMMAND openssl genrsa -3 -out ${PEM} 3072 + COMMAND bash ${SIGN_TOOL} -d sign -x sgx -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -k ${PEM} -o ${OUTPUT} -c ${CMAKE_CURRENT_SOURCE_DIR}/Enclave.config.xml) +endif() + +if(NOT DEFINED CC_PL) + set_target_properties(${PREFIX} PROPERTIES SKIP_BUILD_RPATH TRUE) +endif() + +if(CC_PL) + set(SDK_LIB_DIR ${SDK_PATH}/lib) + set(SDK_INCLUDE_DIR ${SDK_LIB_DIR}/app/include) + set(SDK_APP_LIB ${SDK_LIB_DIR}/libpenglai-enclave-eapp.a) + set(MUSL_LIB_DIR ${SDK_PATH}/musl/lib) + set(MUSL_LIBC ${MUSL_LIB_DIR}/libc.a) + set(GCC_LIB ${SDK_LIB_DIR}/libgcc.a) + set(SECGEAR_TEE_LIB ${CMAKE_BINARY_DIR}/lib/libsecgear_tee.a) + + set(SOURCE_C_OBJS "") + foreach(SOURCE_FILE ${SOURCE_FILES}) + STRING(REGEX REPLACE ".+/(.+)\\..*" "\\1" SOURCE_FILE_NAME ${SOURCE_FILE}) + set(SOURCE_OBJ ${CMAKE_CURRENT_BINARY_DIR}/${SOURCE_FILE_NAME}.o) + add_custom_command( + OUTPUT ${SOURCE_OBJ} + DEPENDS ${SOURCE_FILES} + COMMAND gcc -Wall -I${SDK_INCLUDE_DIR} -I${CMAKE_CURRENT_BINARY_DIR} -I${CMAKE_BINARY_DIR}/inc + -I${LOCAL_ROOT_PATH}/inc/host_inc -I${LOCAL_ROOT_PATH}/inc/host_inc/penglai -I${LOCAL_ROOT_PATH}/inc/enclave_inc + -I${LOCAL_ROOT_PATH}/inc/enclave_inc/penglai -c -o ${SOURCE_OBJ} ${SOURCE_FILE} + COMMENT "generate SOURCE_OBJ" + ) + list(APPEND SOURCE_C_OBJS ${SOURCE_OBJ}) + endforeach() + + set(APP_C_OBJ ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.o) + add_custom_command( + OUTPUT ${APP_C_OBJ} + DEPENDS ${AUTO_FILES} + COMMAND gcc -Wall -I${SDK_INCLUDE_DIR} -I${CMAKE_CURRENT_BINARY_DIR} -I${CMAKE_BINARY_DIR}/inc + -I${LOCAL_ROOT_PATH}/inc/host_inc -I${LOCAL_ROOT_PATH}/inc/host_inc/penglai -I${LOCAL_ROOT_PATH}/inc/enclave_inc + -I${LOCAL_ROOT_PATH}/inc/enclave_inc/penglai -c -o ${APP_C_OBJ} ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c + COMMENT "generate APP_C_OBJ" + ) + + add_custom_command( + OUTPUT ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} + DEPENDS ${APP_C_OBJ} ${SOURCE_C_OBJS} ${SDK_APP_LIB} ${MUSL_LIBC} ${GCC_LIB} + COMMAND ld -static -L${SDK_LIB_DIR} -L${MUSL_LIB_DIR} -L/usr/lib64 -lpenglai-enclave-eapp -lsecgear_tee -lc + -o ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} ${APP_C_OBJ} ${SOURCE_C_OBJS} ${SDK_APP_LIB} ${SECGEAR_TEE_LIB} + ${MUSL_LIBC} ${GCC_LIB} -T ${SDK_PATH}/app.lds + COMMAND chmod -x ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} + COMMENT "generate penglai-ELF" + ) + add_custom_target( + ${OUTPUT} ALL + DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} + COMMENT "makefile target penglai-ELF" + ) + +endif() diff --git a/wallfacer2.0/secgear_da/enclave/Enclave.config.xml b/wallfacer2.0/secgear_da/enclave/Enclave.config.xml new file mode 100644 index 0000000000000000000000000000000000000000..eec0841060fc8d52aac92f94f28f3065ea3ee002 --- /dev/null +++ b/wallfacer2.0/secgear_da/enclave/Enclave.config.xml @@ -0,0 +1,12 @@ + + 0 + 0 + 0x400000 + 0x1000000 + 10 + 1 + + 0 + 0 + 0xFFFFFFFF + diff --git a/wallfacer2.0/secgear_da/enclave/Enclave.lds b/wallfacer2.0/secgear_da/enclave/Enclave.lds new file mode 100644 index 0000000000000000000000000000000000000000..ab77e6478ef3c3448356e80b9884a8a533dd32c6 --- /dev/null +++ b/wallfacer2.0/secgear_da/enclave/Enclave.lds @@ -0,0 +1,11 @@ +enclave.so +{ + global: + g_global_data_sim; + g_global_data; + enclave_entry; + g_peak_heap_used; + local: + *; +}; + diff --git a/wallfacer2.0/secgear_da/enclave/config_cloud.ini b/wallfacer2.0/secgear_da/enclave/config_cloud.ini new file mode 100644 index 0000000000000000000000000000000000000000..8c70225ecd3f2e7de449e89cbe338b81e1f06db9 --- /dev/null +++ b/wallfacer2.0/secgear_da/enclave/config_cloud.ini @@ -0,0 +1,60 @@ +[signSecPrivateCfg] +;;; +;private key length for signing TA: +;[fixed value] +;256 ECDSA Alg +;2048/4096 RSA Alg +secSignKeyLen = 4096 +;;; +;[fixed value] +;0 means SHA256 hash type +;1 means SHA512 hash type +secHashType = 0 +;;; +; [fixed value] +;0 means padding type is pkcs1v15 +;1 means padding type is PSS +;[fixed value] +secPaddingType = 1 +;;; +;[fixed value] +;RSA alg +;ECDSA alg +;SM2 alg +secSignAlg = RSA +;;; +;public key for encrypt TA +secEncryptKey = rsa_public_key_cloud.pem +;;; +;public key length +secEncryptKeyLen = 3072 + +[signSecPublicCfg] +;;; +;[fixed value] +; sec sign key type +;0 means debug +;1 means release +secReleaseType = 1 +;;; +;0 means TA not installed by OTRP +;1 means TA installed by OTRP +secOtrpFlag = 0 +;;; +;0 means not sign +;1 means signed by local private +;2 means signed using native sign tool; +;3 means signed by CI +;[fixed value] +secSignType = 1 +;;; +;server address for signing TA +secSignServerIp = +;;; +;private key for signing TA +;[private key owned by yourself] +secSignKey = /home/TA_cert/private_key.pem +;;; +;config file +;[signed config file by Huawei] +configPath = /home/TA_cert/secgear-app1/config diff --git a/wallfacer2.0/secgear_da/enclave/da.cpp b/wallfacer2.0/secgear_da/enclave/da.cpp new file mode 100644 index 0000000000000000000000000000000000000000..13cdbf85e69daddbc31a1b83e4dea4ae93e1c923 --- /dev/null +++ b/wallfacer2.0/secgear_da/enclave/da.cpp @@ -0,0 +1,261 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * secGear is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + + +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "common.h" +#include "tpch.h" + +#include "da_t.h" +using namespace std; + +#define TA_HELLO_WORLD "secgear hello world!" +#define BUF_MAX 32 + +const uint8_t userkey[16] = { // AES密钥生成参数 + '1', '2', '3', '4', + '5', '6', '7', '8', + '9', '0', '1', '2', + '3', '4', '5', '6' +}; +// 分组加密 +uint8_t aes_in[16] = {0}, aes_out[16] = {0}; + +// 加解密秘钥 +AES_KEY encrypt_key, decrypt_key; + +// 相关数据结构定义 +CustomerItem* customer_items; // 数据指针 +size_t customer_items_size = 0; +CustomerBucket customer_bucket; // 缓存桶 +AccessCounter ac_counter; // 访问频次计数器 + + +int get_string(char *buf) +{ + strncpy(buf, TA_HELLO_WORLD, strlen(TA_HELLO_WORLD) + 1); + return 0; +} + + +// 加密 +void AES_Encrypt(KEY &Key) +{ + uint8_t *value = (uint8_t *)Key.val_ptr; // 获取value值 + AES_set_encrypt_key(userkey, 128, &encrypt_key); // 生成128bit加密秘钥 + for (size_t i = 0;i < Key.val_size;i+=16) { + memcpy(aes_in, value+i, 16); // 取16字节 + AES_ecb_encrypt(aes_in, aes_out, &encrypt_key, AES_ENCRYPT); // 加密 + memcpy(value+i, aes_out, 16); // 拷贝回去 + } +} +// 解密 +void AES_Decrypt(KEY Key, uint8_t *buf) +{ + uint8_t *value = (uint8_t *)Key.val_ptr; + AES_set_decrypt_key(userkey, 128, &decrypt_key); // 生成128bit解密密钥 + for (size_t i = 0;i < Key.val_size;i+=16) { + memcpy(aes_in, value+i,16); // 取16字节 + AES_ecb_encrypt(aes_in, aes_out, &decrypt_key, AES_DECRYPT); // 解密 + memcpy(buf+i, aes_out, 16); // 拷贝到buf + } +} +// char* 转string +string toString(char* arr) +{ + string str = string(arr); + return str; +} + +/** +* 初始化函数 +* @param customer_items_addr customer表在不可信内存中的地址 +* @param item_num customer表的大小 +*/ +int InitCustomerItem(uint64_t customer_items_addr, size_t cust_size) +{ + + customer_items = (CustomerItem*)customer_items_addr; + customer_items_size = cust_size; + return 0; +} + +/** +* 从表中搜索数据 +* @param FieldIndex 查找字段 +* @param item 查找条件 +* @param res_item 结果集合 +* @param res_len 返回结果长度 +*/ +int SearchFromTable(int FieldIndex, CustomerItem* item, CustomerItem* res_item, size_t* res_len) +{ + Variant var_tar, var_src; + int type_id; + switch(FieldIndex) { + case C_CUSTKEY_COUNTER: var_tar = item->CustomerKey; break; + case C_NAME_COUNTER: var_tar = toString(item->Name); break; + case C_ADDRESS_COUNTER: var_tar = toString(item->Address); break; + case C_NATION_COUNTER: var_tar = item->Nation; break; + case C_PHONE_COUNTER: var_tar = toString(item->Phone); break; + case C_ACCTBAL_COUNTER: var_tar = toString(item->Mktsegment); break; + case C_COMMENT_COUNTER: var_tar = toString(item->Comment); break; + default: break; + + } + type_id = var_tar.index(); + // 查找 + for (size_t i = 0;i < customer_items_size;i++) { + switch (FieldIndex) { + case C_CUSTKEY_COUNTER: var_src = customer_items[i].CustomerKey; break; + case C_NAME_COUNTER: var_src = customer_items[i].Name; break; + case C_ADDRESS_COUNTER: var_src = customer_items[i].Address; break; + case C_NATION_COUNTER: var_src = customer_items[i].Nation; break; + case C_PHONE_COUNTER: var_src = customer_items[i].Phone; break; + case C_ACCTBAL_COUNTER: var_src = customer_items[i].Acctbal; break; + case C_COMMENT_COUNTER: var_src = customer_items[i].Comment; break; + default: break; + } + if (var_src == var_tar) { + print(1); + memcpy(&res_item[res_len[0]++], &customer_items[i], sizeof(CustomerItem)); + } + } + return 0; +} + + +/** +* 从桶中搜索数据 +* @param FieldIndex 查找字段 +* @param item 查找条件 +* @param res_item 结果集合 +* @param res_len 返回结果长度 +*/ +int SearchFromBucket(int FieldIndex, CustomerItem* item, CustomerItem* res_item, size_t* res_len) +{ + Variant var_tar, var_src; // 比较变量 + int type_id; // 数据类型 + + switch(FieldIndex) { + case C_CUSTKEY_COUNTER: var_tar = item->CustomerKey; break; + case C_NAME_COUNTER: var_tar = toString(item->Name); break; + case C_ADDRESS_COUNTER: var_tar = toString(item->Address); break; + case C_NATION_COUNTER: var_tar = item->Nation; break; + case C_PHONE_COUNTER: var_tar = toString(item->Phone); break; + case C_ACCTBAL_COUNTER: var_tar = toString(item->Mktsegment); break; + case C_COMMENT_COUNTER: var_tar = toString(item->Comment); break; + default: break; + } + type_id = var_tar.index(); + + // 先在桶里找 + for (BucketItem::iterator it = customer_bucket[FieldIndex].begin();it != customer_bucket[FieldIndex].end(); it++) { + var_src = it->first; + // 如果相等 + if (var_tar == var_src) { + print(12580); + res_len[0] = it->second.size(); + for (int i = 0;i < it->second.size();i++) { + memcpy(&res_item[it->second[i]], &customer_items[it->second[i]], sizeof(CustomerItem)); + } + + } + } + // 找不到再去表里搜 + if (res_len[0] == 0) { + SearchFromTable(FieldIndex, item, res_item, res_len); + } + + return 0; +} + + +/** +* 根据计数器调整桶 +* +*/ +void AdjustBucket() +{ + string str; + // 开始往桶里面丢,桶的个数与字段个数相同,桶里面应该记录<字段值,[主码索引]> + for (size_t i = 0;i <= C_COMMENT_COUNTER;i++) { + // 如果该字段计数器中有内容,就开始构建桶 + if (ac_counter[i].size() != 0) { + for (Counter::iterator it = ac_counter[i].begin(); it != ac_counter[i].end(); it++) { + if (it->second > 0) { + int index = it->first; + switch (i) { + case C_CUSTKEY_COUNTER: customer_bucket[i][customer_items[index].CustomerKey].push_back(it->first); break; // bucketitem + case C_NAME_COUNTER: customer_bucket[i][customer_items[index].Name].push_back(it->first); break; // bucketitem + case C_ADDRESS_COUNTER: customer_bucket[i][customer_items[index].Address].push_back(it->first); break; // bucketitem + case C_NATION_COUNTER: customer_bucket[i][customer_items[index].Nation].push_back(it->first); break; // bucketitem + case C_PHONE_COUNTER: customer_bucket[i][customer_items[index].Phone].push_back(it->first); break; // bucketitem + case C_ACCTBAL_COUNTER: customer_bucket[i][customer_items[index].Acctbal].push_back(it->first); break; // bucketitem + case C_MKTSEGMENT_COUNTER: customer_bucket[i][customer_items[index].Mktsegment].push_back(it->first); break; // bucketitem + case C_COMMENT_COUNTER: customer_bucket[i][customer_items[index].Comment].push_back(it->first); break; // bucketitem + default: break; + } + } + } + } + } +} + +/** +* 查询函数 +* @param FieldList 要查询的字段名称(字段编号) +* @param field_len 要查询的字段个数 +* @param item_addr 查询关键字的地址 +* @param res_item_addr 返回结果集的地址 +* @param res_len 返回结果集合的大小 +*/ +int GetData(int32_t* FieldIndex, size_t field_len, uint64_t item_addr, uint64_t res_item_addr, size_t* res_len) +{ + // 获取查询条件指针 + CustomerItem* item = (CustomerItem*)item_addr; + + // 获取返回结果指针 + CustomerItem* res_item = (CustomerItem*)res_item_addr; + + // 开始查询 + SearchFromBucket(FieldIndex[0], item, res_item, res_len); + + // 根据查找结果更新计数器的值 + for (size_t counter_i = 0;counter_i < field_len;counter_i++) { + for (size_t i = 0;i < res_len[0];i++) { + ac_counter[FieldIndex[counter_i]][res_item->CustomerKey]++; + } + } + + // 根据计数器内容调整桶 + AdjustBucket(); + + return 0; +} + diff --git a/wallfacer2.0/secgear_da/enclave/manifest.txt b/wallfacer2.0/secgear_da/enclave/manifest.txt new file mode 100644 index 0000000000000000000000000000000000000000..d78354e6c0e101a126d65a116c4e98765f852db7 --- /dev/null +++ b/wallfacer2.0/secgear_da/enclave/manifest.txt @@ -0,0 +1,7 @@ +gpd.ta.appID: f68fd704-6eb1-4d14-b218-722850eb3ef0 +gpd.ta.service_name: rsa-demo +gpd.ta.singleInstance: true +gpd.ta.multiSession: false +gpd.ta.instanceKeepAlive: false +gpd.ta.dataSize: 819200 +gpd.ta.stackSize: 40960 diff --git a/wallfacer2.0/secgear_da/host/CMakeLists.txt b/wallfacer2.0/secgear_da/host/CMakeLists.txt new file mode 100644 index 0000000000000000000000000000000000000000..299a1df70accf47dbaa7a2b64f4125798cf3039f --- /dev/null +++ b/wallfacer2.0/secgear_da/host/CMakeLists.txt @@ -0,0 +1,130 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. +# secGear is licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR +# PURPOSE. +# See the Mulan PSL v2 for more details. + +#set auto code prefix +set(PREFIX da) +#set host exec name +set(OUTPUT secgear_da) +#set host src code +set(SOURCE_FILE ${CMAKE_CURRENT_SOURCE_DIR}/main.cpp) + +#set auto code +if(CC_GP) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp) +endif() + +if(CC_SGX) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} + --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx + --search-path ${SDK_PATH}/include + --search-path ${SSL_PATH}/include) +endif() + +if(CC_PL) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/penglai) +endif() + +set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIE") +set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s") + +if(CC_GP) + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() + add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) + target_include_directories(${OUTPUT} PRIVATE + ${CMAKE_BINARY_DIR}/inc + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/gp + ${CMAKE_CURRENT_BINARY_DIR}) + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() +endif() + +if(CC_SGX) + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY} + ${SSL_PATH}/lib64 + ) + endif() + add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) + target_include_directories(${OUTPUT} PRIVATE + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/sgx + ${CMAKE_CURRENT_BINARY_DIR} + ${CURRENT_ROOT_PATH}/include/) + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${OUTPUT} PRIVATE + ${CMAKE_LIBRARY_OUTPUT_DIRECTORY} + ${SSL_PATH}/lib64 + ${CURRENT_ROOT_PATH}/include/ + ) + endif() +endif() + +if(CC_PL) + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() + add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) + target_include_directories(${OUTPUT} PRIVATE + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/penglai + ${CMAKE_CURRENT_BINARY_DIR} + ) + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() +endif() + +if(CC_SIM) + target_link_libraries(${OUTPUT} secgearsim pthread sgx_usgxssl) # 链接动态库 +else() + target_link_libraries(${OUTPUT} secgear pthread sgx_usgxssl) +endif() +set_target_properties(${OUTPUT} PROPERTIES SKIP_BUILD_RPATH TRUE) + +if(CC_GP) + #itrustee install whitelist /vender/bin/teec_hello + install(TARGETS ${OUTPUT} + RUNTIME + DESTINATION /vendor/bin/ + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ + WORLD_EXECUTE WORLD_READ) +endif() + +if(CC_SGX) + install(TARGETS ${OUTPUT} + RUNTIME + DESTINATION ${CMAKE_BINARY_DIR}/bin/ + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ + WORLD_EXECUTE WORLD_READ) +endif() + +if(CC_PL) + install(TARGETS ${OUTPUT} + RUNTIME + DESTINATION ${CMAKE_BINARY_DIR}/bin/ + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ + WORLD_EXECUTE WORLD_READ) +endif() diff --git a/wallfacer2.0/secgear_da/host/main.cpp b/wallfacer2.0/secgear_da/host/main.cpp new file mode 100644 index 0000000000000000000000000000000000000000..08f512e575232af48932782c59d933d3474930ae --- /dev/null +++ b/wallfacer2.0/secgear_da/host/main.cpp @@ -0,0 +1,205 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * secGear is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + +#include +#include +#include +#include +#include + +#include "enclave.h" +#include "da_u.h" +#include "common.h" +#include "tpch.h" + +#include +using namespace std; + +// #define RSA_PUBLIC_KEY_FILE "pubkey.pem" +clock_t start, stop; // 时间参数 +unsigned long long begin2, end2, total = 0; // CPU时钟周期数 +unsigned long long begin1, end1, total1 = 0; // CPU时钟周期数 +cc_enclave_t global_eid = {}; // 全局enclave_id +cc_enclave_result_t res = CC_FAIL; // enclave状态结果 +uint8_t buf[VALUE_SIZE] = {0}; // 无符号缓冲区 +char temp[VALUE_SIZE + 1]; // 字符串缓冲区 +int retval = 0; // ecall函数返回值 + +// 数据加密后存储在非安全区中,首地址传入TEE中,无需ocall直接访问 +CustomerItem *customer_items = new CustomerItem[MAX_ITEM_NUM + 1]; + +// 测量CPU时钟周期数 +static __inline__ unsigned long long rdtsc(void) +{ + unsigned hi, lo; + __asm__ __volatile__ ("rdtsc" : "=a"(lo),"=d"(hi)); + return ( (unsigned long long)lo)|( ((unsigned long long)hi)<<32 ); +} + +// 创建enclave +int CreateEnclave() +{ + int retval = 0; + const char *path = PATH; + + + char real_p[PATH_MAX]; + /* check file exists, if not exist then use absolute path */ + if (realpath(path, real_p) == NULL) { + if (getcwd(real_p, sizeof(real_p)) == NULL) { + printf("Cannot find enclave.sign.so"); + return res; + } + if (PATH_MAX - strlen(real_p) <= strlen("/enclave.signed.so")) { + printf("Failed to strcat enclave.sign.so path"); + return res; + } + (void)strcat(real_p, "/enclave.signed.so"); + } + // 创建飞地 + res = cc_enclave_create( + real_p, + AUTO_ENCLAVE_TYPE, + 0, + SECGEAR_DEBUG_FLAG, + NULL, + 0, + &global_eid); + return res; +} +// 销毁enclave +void DestoryEnclave() +{ + int retval = 0; + res = cc_enclave_destroy(&global_eid); + if(res != CC_SUCCESS) { + printf("host destroy enclave error\n"); + } else { + printf("host destroy enclave success\n"); + } +} + +// 打印查询结果 +void print_res(CustomerItem *res_item, size_t res_len) +{ + for (size_t i = 0;i < res_len;i++) { + cout << "=========================================\n"; + cout << i + 1 << ":" << endl; + cout << "Key: " << res_item[i].CustomerKey << endl; + cout << "Name: "<< res_item[i].Name << endl; + cout << "Address: " << res_item[i].Address << endl; + cout << "Nation: " << res_item[i].Nation << endl; + cout << "Phone: " << res_item[i].Phone << endl; + cout << "MktSegment: " << res_item[i].Mktsegment << endl; + cout << "Comment: " << res_item[i].Comment << endl; + } +} + +// 生成数据 +void generate_data() +{ + // 生成测试数据 + for (int i = 0;i <= MAX_ITEM_NUM;i++) { + string temp = "hello"; + temp += to_string(rand()%10); + customer_items[i].CustomerKey = i; + customer_items[i].Nation = rand()%10 + 1; + memcpy(customer_items[i].Comment, temp.c_str(), temp.length()); + memcpy(customer_items[i].Name, temp.c_str(), temp.length()); + memcpy(customer_items[i].Address, temp.c_str(), temp.length()); + memcpy(customer_items[i].Phone, temp.c_str(), temp.length()); + memcpy(customer_items[i].Acctbal, temp.c_str(), temp.length()); + memcpy(customer_items[i].Mktsegment, temp.c_str(), temp.length()); + } +} + +// 查询数据 +void get_data(int32_t* FieldList, size_t field_len, CustomerItem* item, CustomerItem* res_item, size_t* res_len) +{ + res = GetData(&global_eid, + &retval, + FieldList, // 字段 + field_len, // 查询条件字段个数 + (uint64_t)item, // 查询条件 + (uint64_t)res_item, // 查询结果返回 + res_len // 查询结果个数 + ); + + if (res != CC_SUCCESS || retval != 0) { + cout << "Search failed\n"; + } else { + cout << "Search success\n"; + print_res(res_item, res_len[0]); + } + memset(res_len, 0, sizeof(size_t)); + +} + +// 打印测试函数(ocall-function) +void print(uint64_t c) { + std::cout << c << std::endl; +} + + +int main() +{ + // 生成数据 + generate_data(); + // 创建飞地 + if (CreateEnclave() != 0) { + std::cout << "Create enclave failed\n"; + return -1; + } + // 初始化数据 + res = InitCustomerItem(&global_eid, + &retval, + (uint64_t)customer_items, + MAX_ITEM_NUM); + if (res != CC_SUCCESS || retval != 0) { + cout << "Initiation failed\n"; + return res; + } else { + cout << "Init success\n"; + } + // 设置查询条件(测试用例) + CustomerItem* item = new CustomerItem(); // 暂存查询条件 + int32_t FieldList[32] = {0}; // 查询字段列表 + FieldList[0] = 3; // 查询字段名称 + size_t res_len[2] = {0}; // 返回结果长度 + size_t field_len = 1; // 查询字段个数 + + item->CustomerKey = 101; + memcpy(item->Name, "C_NAME", 6); + memcpy(item->Address, "hello3", 6); + item->Nation = 4; + + // 返回结果集合 + CustomerItem* res_item = new CustomerItem[MAX_BUF_SIZE]; + // 查询数据 + begin1 = rdtsc(); + get_data(FieldList, field_len, item, res_item, res_len); + end1 = rdtsc(); + + // 再次执行查询任务 + begin2 = rdtsc(); + get_data(FieldList, field_len, item, res_item, res_len); + end2 = rdtsc(); + + + cout << "第一次查询CPU cycles (get data from table): " << end1 - begin1 << endl; + cout << "第二次查询CPU cycles (get data from bucket): " << end2 - begin2 << endl; + // 销毁飞地 + DestoryEnclave(); + + + return res; +} diff --git a/wallfacer2.0/secgear_da/host/test.cpp b/wallfacer2.0/secgear_da/host/test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..3c013033674a53a8b5afc28006c72a1185442be8 --- /dev/null +++ b/wallfacer2.0/secgear_da/host/test.cpp @@ -0,0 +1,133 @@ +#include "tpch.h" +#include +#include +#define MAX_ITEM_NUM 1000000 +using namespace std; + +static __inline__ unsigned long long rdtsc(void) +{ + unsigned hi, lo; + __asm__ __volatile__ ("rdtsc" : "=a"(lo),"=d"(hi)); + return ( (unsigned long long)lo)|( ((unsigned long long)hi)<< 32 ); +} + +int main() +{ + unsigned long long int begin, stop,total=0; + CustomerItem *items = new CustomerItem[MAX_ITEM_NUM + 1]; // ???????????????????????TEE????TEE????ocall?????? + CustomerBucket cust_bucket; // ????? + clock_t start, end; + double during = 0; + Variant var; + for (int i = 1;i <= MAX_ITEM_NUM;i++) { + items[i].CustomerKey = i; + items[i].Comment = "hello" + to_string(i); + items[i].Name = "hello" + to_string(i); + items[i].Address = "hello" + to_string(i); + items[i].Phone = "hello" + to_string(i); + items[i].Acctbal = "hello" + to_string(i); + items[i].Mktsegment = "hello" + to_string(i); + + } + // ????????? + items[1].Comment = "hello"; + items[10].Comment = "hello"; + for (int i = 500000;i <= 600000;i++) { + items[i].Comment == "hello"; + } + + Variant var1 = "hello"; + CustomerItem item = items[10]; + + // ???????????????? ?????????????????? + AccessCounter ac_counter; + // ??????????? + ac_counter[C_COMMENT_COUNTER][item.CustomerKey]++; // ?????????? + ac_counter[C_CUSTKEY_COUNTER][item.CustomerKey]++; + ac_counter[C_COMMENT_COUNTER][1] = 10; + // ??????????????????????? + + for (size_t i = 0;i < ac_counter.size(); i++) { + cout << "Field: " << FieldNameList[i] << endl; + if (ac_counter.size() != 0) { + for (Counter::iterator it = ac_counter[i].begin(); it != ac_counter[i].end(); it++) { + cout << "primary key = " << it->first << " " << "counter = " << it->second << "; "; + } + cout << "\n==============\n"; + } + } + + // ????????????????????????????????????????? + for (size_t i = 0; i <= C_COMMENT_COUNTER; i++) { + if (ac_counter[i].size()) { // ???????????????????? + for (Counter::iterator it = ac_counter[i].begin(); it != ac_counter[i].end(); it++) { + if (it->second != 0) { // ??????????????1 + int index = it->first; + switch (i) + { + case C_CUSTKEY_COUNTER: cust_bucket[i][items[index].CustomerKey].push_back(it->first); break; // bucketitem + case C_NAME_COUNTER: cust_bucket[i][items[index].Name].push_back(it->first); break; // bucketitem + case C_ADDRESS_COUNTER: cust_bucket[i][items[index].Address].push_back(it->first); break; // bucketitem + case C_NATION_COUNTER: cust_bucket[i][items[index].Nation].push_back(it->first); break; // bucketitem + case C_PHONE_COUNTER: cust_bucket[i][items[index].Phone].push_back(it->first); break; // bucketitem + case C_ACCTBAL_COUNTER: cust_bucket[i][items[index].Acctbal].push_back(it->first); break; // bucketitem + case C_MKTSEGMENT_COUNTER: cust_bucket[i][items[index].Mktsegment].push_back(it->first); break; // bucketitem + case C_COMMENT_COUNTER: cust_bucket[i][items[index].Comment].push_back(it->first); break; // bucketitem + default: break; + } + + } + } + } + } + start = clock(); + // ??bucket???? + begin = rdtsc(); + for (BucketItem::iterator it = cust_bucket[C_COMMENT_COUNTER].begin();it != cust_bucket[C_COMMENT_COUNTER].end(); it++) { + var = it->first; + int type_id = var.index(); + /* + switch (type_id) + { + case 0: int32_t va = std::get<0>(var); + case 1: string va = std::get<1>(var); + case 2: double va = std::get<2>(var) + default: break; + } + */ + // string str = std::get<1>(var); + if (var == var1) { + // cout << it->second.size() << endl; + cout << it->second.size() << " "; + for (auto ii: it->second) { + // cout << ii << " "; + } + } + } + stop = rdtsc(); + end = clock(); + during = (double)(end - start) / CLOCKS_PER_SEC; + cout << "???: " << during << endl; + cout << "CPU?????????: "<< stop - begin << endl; + + + start = clock(); + begin = rdtsc(); + vector res; + for (int i = 1;i <= MAX_ITEM_NUM;i++) { + var = items[i].Comment; + if (var == var1) { + // cout << items[i].CustomerKey << " "; + res.push_back(items[i].CustomerKey); + } + + } + cout << res.size() << " "; + stop = rdtsc(); + end = clock(); + during = (double)(end - start) / CLOCKS_PER_SEC; + cout << "???: " << during << endl; + cout << "CPU?????????" << stop - begin << endl; + + return 0; +} \ No newline at end of file diff --git a/wallfacer2.0/secgear_da/include/common.h b/wallfacer2.0/secgear_da/include/common.h new file mode 100644 index 0000000000000000000000000000000000000000..ea54200f8cb85b41942b1e17283ac31fca3ad79e --- /dev/null +++ b/wallfacer2.0/secgear_da/include/common.h @@ -0,0 +1,31 @@ +#ifndef COMMON_H +#define COMMON_H + +#define VALUE_SIZE 128 +#define TEST_ITEM_SIZE 100 +using namespace std; + +// 键(存储在TEE中) +typedef struct KEY { + int key_val; // 键 + uint8_t *val_ptr; // 指针 + size_t val_size; // value长度 + size_t hash_value; // hash(这里可以选一种hash函数替换成HMAC) +} KEY; + +// 值(加密存储在REE中) +typedef struct VALUE { + uint8_t *value; + size_t val_len; +} VALUE; + +// 键值对数据 +typedef struct KV { + int32_t key_val; + uint8_t value[VALUE_SIZE]; + size_t value_len; +} KV; + + + +#endif \ No newline at end of file diff --git a/wallfacer2.0/secgear_da/include/tpch.h b/wallfacer2.0/secgear_da/include/tpch.h new file mode 100644 index 0000000000000000000000000000000000000000..efa59800eede5f95784e7e5be7a5fca2176b9ac5 --- /dev/null +++ b/wallfacer2.0/secgear_da/include/tpch.h @@ -0,0 +1,105 @@ +#ifndef TPCH_H +#define TPCH_H + +#include +#include +#include +#include +#include + +/* +定义长度 +*/ +#define MAX_ITEM_NUM 10000 +#define BUF_SIZE_16 16 +#define BUF_SIZE_32 32 +#define BUF_SIZE_64 64 +#define BUF_SIZE_128 128 +#define MAX_BUF_SIZE 10001 + + +using namespace std; +/* +* Customer表字段名称 +*/ +#define C_CUSTKEY_FIELD "C_CUSTKEY" +#define C_NAME_FIELD "C_NAME" +#define C_ADDRESS_FIELD "C_ADDRESS" +#define C_NATION_FIELD "C_NATION" +#define C_PHONE_FIELD "C_PHONE" +#define C_ACCTBAL_FIELD "C_ACCTBAL" +#define C_MKTSEGMENT_FIELD "C_MKTSEGMENT" +#define C_COMMENT_FIELD "C_COMMENT" + +/* +* 使用列主序存储,在相应的列查到数据之后可以通过下标索引获取其他字段数据 +*/ +enum CustomerDesc { + C_NAME = 0, + C_ADDRESS, + C_PHONE, + C_ACCTBAL, + C_MKTSEGMENT, + C_COMMENT +}; +typedef array String_32; + +/* +* 按照字段名称为计数器构建下标索引 +*/ +enum CustomerCounterIndex { + C_CUSTKEY_COUNTER = 0, + C_NAME_COUNTER, + C_ADDRESS_COUNTER, + C_NATION_COUNTER, + C_PHONE_COUNTER, + C_ACCTBAL_COUNTER, + C_MKTSEGMENT_COUNTER, + C_COMMENT_COUNTER +}; + +// 字段名称集合 +std::array FieldNameList = {"C_CUSTKEY", "C_NAME", "C_ADDRESS", "C_NATION", "C_PHONE", "C_ACCTBAL","C_MKTSEGMENT", "C_COMMENT"}; +/* +* 数据条目 +*/ +typedef struct CustomerItem { + int32_t CustomerKey; + int32_t Nation; + char Name[BUF_SIZE_16 + 1]; + char Address[BUF_SIZE_128 + 1]; + char Phone[BUF_SIZE_16 + 1]; + char Acctbal[BUF_SIZE_128 + 1]; + char Mktsegment[BUF_SIZE_128 + 1]; + char Comment[BUF_SIZE_128 + 1]; +} CustomerItem; + +// 访问频次计数器 +typedef std::map Counter; +typedef std::array AccessCounter; + +// 自定义Variant类型,包括int(0), string(1), double(2)三种变量类型 +typedef std::variant Variant; + +// 缓存桶, 用来存储<字段名称, 主键> +typedef std::map > BucketItem; +typedef std::array CustomerBucket; + +////////////////////////////////////////////////////////////////////// +// 主码属性 +typedef struct Customer { + map > CustomerKey; +} Customer; + +// 非主属性 +typedef struct CustomerField { + map > Name; + map > Address; + map > Nation; + map > Phone; + map > Acctbal; + map > Mktsegment; + map > Comment; +} CustomerField; + +#endif \ No newline at end of file diff --git a/wallfacer2.0/secgear_kv/CMakeLists.txt b/wallfacer2.0/secgear_kv/CMakeLists.txt new file mode 100644 index 0000000000000000000000000000000000000000..d73ecd9e144e9db2335056fcaccd785f5ff204bd --- /dev/null +++ b/wallfacer2.0/secgear_kv/CMakeLists.txt @@ -0,0 +1,44 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. +# secGear is licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR +# PURPOSE. +# See the Mulan PSL v2 for more details. + +project(HelloWorld CXX) + +# set(CMAKE_C_STANDARD 99) +set(CMAKE_CXX_STANDARD 17) + + +set(CURRENT_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR}) + +#set edl name +set(EDL_FILE kv.edl) +set(CODEGEN codegen) + +if(CC_GP) + set(CODETYPE trustzone) + set(UUID f68fd704-6eb1-4d14-b218-722850eb3ef0) + add_definitions(-DPATH="/data/${UUID}.sec") +endif() + +if (NOT DEFINED SSL_PATH) + set(SSL_PATH /opt/intel/sgxssl) +endif() + +if(CC_SGX) + set(CODETYPE sgx) + add_definitions(-DPATH="${CMAKE_CURRENT_BINARY_DIR}/enclave/enclave.signed.so") +endif() + +if(CC_PL) + set(CODETYPE penglai) + add_definitions(-DPATH="${CMAKE_CURRENT_SOURCE_DIR}/enclave/penglai-ELF") +endif() + +add_subdirectory(${CURRENT_ROOT_PATH}/enclave) +add_subdirectory(${CURRENT_ROOT_PATH}/host) diff --git a/wallfacer2.0/secgear_kv/enclave/CMakeLists.txt b/wallfacer2.0/secgear_kv/enclave/CMakeLists.txt new file mode 100644 index 0000000000000000000000000000000000000000..cafed093b78398ba4ce8b286ee8fd239228ce48c --- /dev/null +++ b/wallfacer2.0/secgear_kv/enclave/CMakeLists.txt @@ -0,0 +1,234 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. +# secGear is licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR +# PURPOSE. +# See the Mulan PSL v2 for more details. + +#set auto code prefix +set(PREFIX kv) + +#set sign key +set(PEM Enclave_private.pem) + +#set sign tool +set(SIGN_TOOL ${LOCAL_ROOT_PATH}/tools/sign_tool/sign_tool.sh) + +#set enclave src code +set(SOURCE_FILES ${CMAKE_CURRENT_SOURCE_DIR}/kv.cpp) + +#set log level +set(PRINT_LEVEL 3) +add_definitions(-DPRINT_LEVEL=${PRINT_LEVEL}) + +if(CC_GP) + #set signed output + set(OUTPUT ${UUID}.sec) + #set whilelist. default: /vendor/bin/teec_hello + set(WHITE_LIST_0 /vendor/bin/helloworld) + set(WHITE_LIST_OWNER root) + set(WHITE_LIST_1 /vendor/bin/secgear_helloworld) + set(WHITELIST WHITE_LIST_0 WHITE_LIST_1) + + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp) +endif() + +if(CC_SGX) + set(OUTPUT enclave.signed.so) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SDK_PATH}/include --search-path ${SSL_PATH}/include) +endif() + +if(CC_PL) + set(OUTPUT penglai-ELF) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/penglai) +endif() + +set(COMMON_C_FLAGS "-W -Wall -Werror -fno-short-enums -fno-omit-frame-pointer -fstack-protector \ + -Wstack-protector --param ssp-buffer-size=4 -frecord-gcc-switches -Wextra -nostdinc -nodefaultlibs \ + -fno-peephole -fno-peephole2 -Wno-main -Wno-error=unused-parameter \ + -Wno-error=unused-but-set-variable -Wno-error=format-truncation=") + +set(COMMON_C_LINK_FLAGS "-Wl,-z,now -Wl,-z,relro -Wl,-z,noexecstack -Wl,-nostdlib -nodefaultlibs -nostartfiles") + +if(CC_GP) + + set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -march=armv8-a ") + set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s -fPIC") + set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-s") + + set(ITRUSTEE_TEEDIR ${SDK_PATH}/) + set(ITRUSTEE_LIBC ${SDK_PATH}/thirdparty/open_source/musl/libc) + + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${CMAKE_BINARY_DIR}/lib/) + endif() + + add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES}) + + target_include_directories( ${PREFIX} PRIVATE + ${CMAKE_CURRENT_BINARY_DIR} + ${CMAKE_BINARY_DIR}/inc + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/gp + ${LOCAL_ROOT_PATH}/inc/enclave_inc + ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp + ${ITRUSTEE_TEEDIR}/include/TA + ${ITRUSTEE_TEEDIR}/include/TA/huawei_ext + ${ITRUSTEE_LIBC}/arch/aarch64 + ${ITRUSTEE_LIBC}/ + ${ITRUSTEE_LIBC}/arch/arm/bits + ${ITRUSTEE_LIBC}/arch/generic + ${ITRUSTEE_LIBC}/arch/arm + ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp/itrustee) + + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${PREFIX} PRIVATE + ${CMAKE_BINARY_DIR}/lib/) + endif() + + foreach(WHITE_LIST ${WHITELIST}) + add_definitions(-D${WHITE_LIST}="${${WHITE_LIST}}") + endforeach(WHITE_LIST) + add_definitions(-DWHITE_LIST_OWNER="${WHITE_LIST_OWNER}") + + target_link_libraries(${PREFIX} -lsecgear_tee) + + #for trustzone compiling, you should connact us to get config and private_key.pem for test, so we will not sign and install binary in this example # + # add_custom_command(TARGET ${PREFIX} + # POST_BUILD + # COMMAND bash ${SIGN_TOOL} -d sign -x trustzone -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -c ${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt -m ${CMAKE_CURRENT_SOURCE_DIR}/config_cloud.ini -o ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT}) + + # install(FILES ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT} + # DESTINATION /data + # PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) + +endif() + +if(CC_SGX) + set(SGX_DIR ${SDK_PATH}) + set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -m64 -fvisibility=hidden") + set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s") + set(LINK_LIBRARY_PATH ${SGX_DIR}/lib64) + + set(OPENSSL_LIBRARY_PATH ${SSL_PATH}/lib64) # openssl动态库 + + if(CC_SIM) + set(Trts_Library_Name sgx_trts_sim) + set(Service_Library_Name sgx_tservice_sim) + else() + set(Trts_Library_Name sgx_trts) + set(Service_Library_Name sgx_tservice) + endif() + + set(Crypto_Library_Name sgx_tcrypto) + + set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-z,defs -Wl,-pie -Bstatic -Bsymbolic -eenclave_entry \ + -Wl,--export-dynamic -Wl,--defsym,__ImageBase=0 -Wl,--gc-sections -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/Enclave.lds") + + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories( + ${LINK_LIBRARY_PATH} + ${OPENSSL_LIBRARY_PATH} + ) + endif() + + add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES}) + + target_include_directories(${PREFIX} PRIVATE + ${CMAKE_CURRENT_BINARY_DIR} + ${SGX_DIR}/include/tlibc + ${SGX_DIR}/include/libcxx + ${SGX_DIR}/include + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/sgx + ${SSL_PATH}/include #openssl静态库 + ${CURRENT_ROOT_PATH}/include + ) + + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${PREFIX} PRIVATE + ${LINK_LIBRARY_PATH} + ${OPENSSL_LIBRARY_PATH} + ${CURRENT_ROOT_PATH}/include + ) + endif() + + target_link_libraries(${PREFIX} -Wl,--whole-archive ${Trts_Library_Name} -lsgx_tsgxssl -Wl,--no-whole-archive + -Wl,--start-group + -lsgx_tstdc -lsgx_tcxx -lsgx_tsgxssl -lsgx_tsgxssl_crypto -lsgx_usgxssl + -lsgx_tcrypto -lsgx_pthread + -l${Crypto_Library_Name} -l${Service_Library_Name} + -Wl,--end-group) + add_custom_command(TARGET ${PREFIX} + POST_BUILD + COMMAND umask 0177 + COMMAND openssl genrsa -3 -out ${PEM} 3072 + COMMAND bash ${SIGN_TOOL} -d sign -x sgx -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -k ${PEM} -o ${OUTPUT} -c ${CMAKE_CURRENT_SOURCE_DIR}/Enclave.config.xml) +endif() + +if(NOT DEFINED CC_PL) + set_target_properties(${PREFIX} PROPERTIES SKIP_BUILD_RPATH TRUE) +endif() + +if(CC_PL) + set(SDK_LIB_DIR ${SDK_PATH}/lib) + set(SDK_INCLUDE_DIR ${SDK_LIB_DIR}/app/include) + set(SDK_APP_LIB ${SDK_LIB_DIR}/libpenglai-enclave-eapp.a) + set(MUSL_LIB_DIR ${SDK_PATH}/musl/lib) + set(MUSL_LIBC ${MUSL_LIB_DIR}/libc.a) + set(GCC_LIB ${SDK_LIB_DIR}/libgcc.a) + set(SECGEAR_TEE_LIB ${CMAKE_BINARY_DIR}/lib/libsecgear_tee.a) + + set(SOURCE_C_OBJS "") + foreach(SOURCE_FILE ${SOURCE_FILES}) + STRING(REGEX REPLACE ".+/(.+)\\..*" "\\1" SOURCE_FILE_NAME ${SOURCE_FILE}) + set(SOURCE_OBJ ${CMAKE_CURRENT_BINARY_DIR}/${SOURCE_FILE_NAME}.o) + add_custom_command( + OUTPUT ${SOURCE_OBJ} + DEPENDS ${SOURCE_FILES} + COMMAND gcc -Wall -I${SDK_INCLUDE_DIR} -I${CMAKE_CURRENT_BINARY_DIR} -I${CMAKE_BINARY_DIR}/inc + -I${LOCAL_ROOT_PATH}/inc/host_inc -I${LOCAL_ROOT_PATH}/inc/host_inc/penglai -I${LOCAL_ROOT_PATH}/inc/enclave_inc + -I${LOCAL_ROOT_PATH}/inc/enclave_inc/penglai -c -o ${SOURCE_OBJ} ${SOURCE_FILE} + COMMENT "generate SOURCE_OBJ" + ) + list(APPEND SOURCE_C_OBJS ${SOURCE_OBJ}) + endforeach() + + set(APP_C_OBJ ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.o) + add_custom_command( + OUTPUT ${APP_C_OBJ} + DEPENDS ${AUTO_FILES} + COMMAND gcc -Wall -I${SDK_INCLUDE_DIR} -I${CMAKE_CURRENT_BINARY_DIR} -I${CMAKE_BINARY_DIR}/inc + -I${LOCAL_ROOT_PATH}/inc/host_inc -I${LOCAL_ROOT_PATH}/inc/host_inc/penglai -I${LOCAL_ROOT_PATH}/inc/enclave_inc + -I${LOCAL_ROOT_PATH}/inc/enclave_inc/penglai -c -o ${APP_C_OBJ} ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c + COMMENT "generate APP_C_OBJ" + ) + + add_custom_command( + OUTPUT ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} + DEPENDS ${APP_C_OBJ} ${SOURCE_C_OBJS} ${SDK_APP_LIB} ${MUSL_LIBC} ${GCC_LIB} + COMMAND ld -static -L${SDK_LIB_DIR} -L${MUSL_LIB_DIR} -L/usr/lib64 -lpenglai-enclave-eapp -lsecgear_tee -lc + -o ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} ${APP_C_OBJ} ${SOURCE_C_OBJS} ${SDK_APP_LIB} ${SECGEAR_TEE_LIB} + ${MUSL_LIBC} ${GCC_LIB} -T ${SDK_PATH}/app.lds + COMMAND chmod -x ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} + COMMENT "generate penglai-ELF" + ) + add_custom_target( + ${OUTPUT} ALL + DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} + COMMENT "makefile target penglai-ELF" + ) + +endif() diff --git a/wallfacer2.0/secgear_kv/enclave/Enclave.config.xml b/wallfacer2.0/secgear_kv/enclave/Enclave.config.xml new file mode 100644 index 0000000000000000000000000000000000000000..bd60be70ea40d3d06384de5ac747909597fef4c4 --- /dev/null +++ b/wallfacer2.0/secgear_kv/enclave/Enclave.config.xml @@ -0,0 +1,12 @@ + + 0 + 0 + 0x400000 + 0x100000000 + 10 + 1 + + 0 + 0 + 0xFFFFFFFF + diff --git a/wallfacer2.0/secgear_kv/enclave/Enclave.lds b/wallfacer2.0/secgear_kv/enclave/Enclave.lds new file mode 100644 index 0000000000000000000000000000000000000000..ab77e6478ef3c3448356e80b9884a8a533dd32c6 --- /dev/null +++ b/wallfacer2.0/secgear_kv/enclave/Enclave.lds @@ -0,0 +1,11 @@ +enclave.so +{ + global: + g_global_data_sim; + g_global_data; + enclave_entry; + g_peak_heap_used; + local: + *; +}; + diff --git a/wallfacer2.0/secgear_kv/enclave/config_cloud.ini b/wallfacer2.0/secgear_kv/enclave/config_cloud.ini new file mode 100644 index 0000000000000000000000000000000000000000..8c70225ecd3f2e7de449e89cbe338b81e1f06db9 --- /dev/null +++ b/wallfacer2.0/secgear_kv/enclave/config_cloud.ini @@ -0,0 +1,60 @@ +[signSecPrivateCfg] +;;; +;private key length for signing TA: +;[fixed value] +;256 ECDSA Alg +;2048/4096 RSA Alg +secSignKeyLen = 4096 +;;; +;[fixed value] +;0 means SHA256 hash type +;1 means SHA512 hash type +secHashType = 0 +;;; +; [fixed value] +;0 means padding type is pkcs1v15 +;1 means padding type is PSS +;[fixed value] +secPaddingType = 1 +;;; +;[fixed value] +;RSA alg +;ECDSA alg +;SM2 alg +secSignAlg = RSA +;;; +;public key for encrypt TA +secEncryptKey = rsa_public_key_cloud.pem +;;; +;public key length +secEncryptKeyLen = 3072 + +[signSecPublicCfg] +;;; +;[fixed value] +; sec sign key type +;0 means debug +;1 means release +secReleaseType = 1 +;;; +;0 means TA not installed by OTRP +;1 means TA installed by OTRP +secOtrpFlag = 0 +;;; +;0 means not sign +;1 means signed by local private +;2 means signed using native sign tool; +;3 means signed by CI +;[fixed value] +secSignType = 1 +;;; +;server address for signing TA +secSignServerIp = +;;; +;private key for signing TA +;[private key owned by yourself] +secSignKey = /home/TA_cert/private_key.pem +;;; +;config file +;[signed config file by Huawei] +configPath = /home/TA_cert/secgear-app1/config diff --git a/wallfacer2.0/secgear_kv/enclave/kv.cpp b/wallfacer2.0/secgear_kv/enclave/kv.cpp new file mode 100644 index 0000000000000000000000000000000000000000..1f61621cbd6ce6f7fb63a97a4bccdcb5bec4704c --- /dev/null +++ b/wallfacer2.0/secgear_kv/enclave/kv.cpp @@ -0,0 +1,164 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * secGear is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + + +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include "common.h" +#include "kv_t.h" +using namespace std; + +#define TA_HELLO_WORLD "secgear hello world!" +#define BUF_MAX 32 + +const uint8_t userkey[16] = { // AES密钥生成参数 + '1', '2', '3', '4', + '5', '6', '7', '8', + '9', '0', '1', '2', + '3', '4', '5', '6' +}; +// 分组加密 +uint8_t aes_in[16] = {0}, aes_out[16] = {0}; + +// 加解密秘钥 +AES_KEY encrypt_key, decrypt_key; + +vector KeyVec; // 键值对列表 +list KeyList; +hash strHash; // 字符串hash函数 + +int get_string(char *buf) +{ + strncpy(buf, TA_HELLO_WORLD, strlen(TA_HELLO_WORLD) + 1); + return 0; +} +// 加密 +void AES_Encrypt(KEY &Key) +{ + uint8_t *value = (uint8_t *)Key.val_ptr; // 获取value值 + AES_set_encrypt_key(userkey, 128, &encrypt_key); // 生成128bit加密秘钥 + for (size_t i = 0;i < Key.val_size;i+=16) { + memcpy(aes_in, value+i, 16); // 取16字节 + AES_ecb_encrypt(aes_in, aes_out, &encrypt_key, AES_ENCRYPT); // 加密 + memcpy(value+i, aes_out, 16); // 拷贝回去 + } +} +// 解密 +void AES_Decrypt(KEY Key, uint8_t *buf) +{ + uint8_t *value = (uint8_t *)Key.val_ptr; + AES_set_decrypt_key(userkey, 128, &decrypt_key); // 生成128bit解密密钥 + for (size_t i = 0;i < Key.val_size;i+=16) { + memcpy(aes_in, value+i,16); // 取16字节 + AES_ecb_encrypt(aes_in, aes_out, &decrypt_key, AES_DECRYPT); // 解密 + memcpy(buf+i, aes_out, 16); // 拷贝到buf + } +} + +int search_key(int key_val) +{ + for (int i = 0;i < KeyVec.size();i++) { + if (KeyVec[i].key_val == key_val) { // 查找到key + return i; + } + } + return -1; +} + +/** + * @param key_val 键信息 + * @param val_addr 值在不可信内存中的地址 + * @param val_len 值的长度 +*/ +int Set_KV(int key_val, uint64_t val_addr, size_t val_len) +{ + // 初始化键值对信息 + KEY Key; // 新建一个KEY变量 + Key.key_val = key_val; // 初始化key值 + Key.val_ptr = (uint8_t*)val_addr; // 初始化value指针 + Key.val_size = val_len; // 值的长度 + + // 计算hash值,实现完整性保护 + char *str = new char[VALUE_SIZE + 1]; // 转为char* + memcpy(str, Key.val_ptr, val_len); + string value_str = str; // 转为string + + Key.hash_value = strHash(value_str); // 计算hash值 + + // 对不可信内存中的value内容进行加密(AES-ECB模式) + // AES_Encrypt(Key); + + // 是否已存在键相同的键值对映射 + int index = search_key(key_val); + // 不存在 + if (index < 0) { + // 将Key插入列表 + KeyVec.push_back(Key); + } + else { + KeyVec[index] = Key; + } + return 0; +} +/** + * @param key_val 键信息 + * @param value_val 返回值 +*/ +int Get_KV(int key_val, uint8_t* value_val) +{ + // 查找键值对下标 + int index = search_key(key_val); + if (index < 0) return -1; + + // 解密 + // AES_Decrypt(KeyVec[index], value_val); + // 转为string计算hash + char *str = new char[VALUE_SIZE + 1]; // 转为char* + memcpy(str, value_val, KeyVec[index].val_size); + // 计算hash值 + string value_str = str; + size_t hashval = strHash(value_str); + // 校验完整性 + if (KeyVec[index].hash_value != hashval) { + memset(value_val, '0', KeyVec[index].val_size); + } + return 0; +} +/** + * @param key_val 键信息 + * @return 是否删除成功 +*/ +int Delete_KV(int key_val) +{ + int index = search_key(key_val); + if (index < 0) return -1; + // 删除键为1的键值对并回收内存 + KeyVec.erase(KeyVec.begin() + index); + // KeyVec.erase(remove(KeyVec.begin(), KeyVec.end(), Key)); + + return 0; +} \ No newline at end of file diff --git a/wallfacer2.0/secgear_kv/enclave/manifest.txt b/wallfacer2.0/secgear_kv/enclave/manifest.txt new file mode 100644 index 0000000000000000000000000000000000000000..d78354e6c0e101a126d65a116c4e98765f852db7 --- /dev/null +++ b/wallfacer2.0/secgear_kv/enclave/manifest.txt @@ -0,0 +1,7 @@ +gpd.ta.appID: f68fd704-6eb1-4d14-b218-722850eb3ef0 +gpd.ta.service_name: rsa-demo +gpd.ta.singleInstance: true +gpd.ta.multiSession: false +gpd.ta.instanceKeepAlive: false +gpd.ta.dataSize: 819200 +gpd.ta.stackSize: 40960 diff --git a/wallfacer2.0/secgear_kv/host/CMakeLists.txt b/wallfacer2.0/secgear_kv/host/CMakeLists.txt new file mode 100644 index 0000000000000000000000000000000000000000..7f0bcb6d0bc8ed5948d2e6826a7b0d76ad7e5332 --- /dev/null +++ b/wallfacer2.0/secgear_kv/host/CMakeLists.txt @@ -0,0 +1,130 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. +# secGear is licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR +# PURPOSE. +# See the Mulan PSL v2 for more details. + +#set auto code prefix +set(PREFIX kv) +#set host exec name +set(OUTPUT secgear_kv) +#set host src code +set(SOURCE_FILE ${CMAKE_CURRENT_SOURCE_DIR}/main.cpp) + +#set auto code +if(CC_GP) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp) +endif() + +if(CC_SGX) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} + --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx + --search-path ${SDK_PATH}/include + --search-path ${SSL_PATH}/include) +endif() + +if(CC_PL) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/penglai) +endif() + +set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIE") +set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s") + +if(CC_GP) + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() + add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) + target_include_directories(${OUTPUT} PRIVATE + ${CMAKE_BINARY_DIR}/inc + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/gp + ${CMAKE_CURRENT_BINARY_DIR}) + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() +endif() + +if(CC_SGX) + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY} + ${SSL_PATH}/lib64 + ) + endif() + add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) + target_include_directories(${OUTPUT} PRIVATE + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/sgx + ${CMAKE_CURRENT_BINARY_DIR} + ${CURRENT_ROOT_PATH}/include/) + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${OUTPUT} PRIVATE + ${CMAKE_LIBRARY_OUTPUT_DIRECTORY} + ${SSL_PATH}/lib64 + ${CURRENT_ROOT_PATH}/include/ + ) + endif() +endif() + +if(CC_PL) + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() + add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) + target_include_directories(${OUTPUT} PRIVATE + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/penglai + ${CMAKE_CURRENT_BINARY_DIR} + ) + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() +endif() + +if(CC_SIM) + target_link_libraries(${OUTPUT} secgearsim pthread sgx_usgxssl) # 链接动态库 +else() + target_link_libraries(${OUTPUT} secgear pthread sgx_usgxssl) +endif() +set_target_properties(${OUTPUT} PROPERTIES SKIP_BUILD_RPATH TRUE) + +if(CC_GP) + #itrustee install whitelist /vender/bin/teec_hello + install(TARGETS ${OUTPUT} + RUNTIME + DESTINATION /vendor/bin/ + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ + WORLD_EXECUTE WORLD_READ) +endif() + +if(CC_SGX) + install(TARGETS ${OUTPUT} + RUNTIME + DESTINATION ${CMAKE_BINARY_DIR}/bin/ + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ + WORLD_EXECUTE WORLD_READ) +endif() + +if(CC_PL) + install(TARGETS ${OUTPUT} + RUNTIME + DESTINATION ${CMAKE_BINARY_DIR}/bin/ + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ + WORLD_EXECUTE WORLD_READ) +endif() diff --git a/wallfacer2.0/secgear_kv/host/main.cpp b/wallfacer2.0/secgear_kv/host/main.cpp new file mode 100644 index 0000000000000000000000000000000000000000..ee31dd43412219d449326b58bd61255225e5937c --- /dev/null +++ b/wallfacer2.0/secgear_kv/host/main.cpp @@ -0,0 +1,178 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * secGear is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + +#include +#include +#include +#include +#include + +#include "enclave.h" +#include "kv_u.h" +#include "common.h" + +#include +using namespace std; + +// #define RSA_PUBLIC_KEY_FILE "pubkey.pem" +clock_t start, stop; // 时间参数 + +cc_enclave_t global_eid = {}; // 全局enclave_id +cc_enclave_result_t res = CC_FAIL; // enclave状态结果 +uint8_t buf[VALUE_SIZE] = {0}; // 缓冲区 +char temp[VALUE_SIZE + 1]; +int retval = 0; +// 创建enclave +int CreateEnclave() +{ + int retval = 0; + const char *path = PATH; + + + char real_p[PATH_MAX]; + /* check file exists, if not exist then use absolute path */ + if (realpath(path, real_p) == NULL) { + if (getcwd(real_p, sizeof(real_p)) == NULL) { + printf("Cannot find enclave.sign.so"); + return res; + } + if (PATH_MAX - strlen(real_p) <= strlen("/enclave.signed.so")) { + printf("Failed to strcat enclave.sign.so path"); + return res; + } + (void)strcat(real_p, "/enclave.signed.so"); + } + // 创建飞地 + res = cc_enclave_create( + real_p, + AUTO_ENCLAVE_TYPE, + 0, + SECGEAR_DEBUG_FLAG, + NULL, + 0, + &global_eid); + return res; +} +// 销毁enclave +void DestoryEnclave() +{ + res = cc_enclave_destroy(&global_eid); + if(res != CC_SUCCESS) { + printf("host destroy enclave error\n"); + } else { + printf("host destroy enclave success\n"); + } +} +// 打印测试函数(ocall-function) +void print(uint64_t c) { + std::cout << c << std::endl; +} + +// 添加键值对 +int Set(int key, char *value_str) +{ + VALUE Value; + Value.value = new uint8_t[VALUE_SIZE]; + memcpy(Value.value, value_str, strlen(value_str)); + Value.val_len = strlen(value_str); // 获取value长度 + uint64_t val_addr = (uint64_t)Value.value; // 获取value地址 + + // 发起ecall插入键值对值 + res = Set_KV(&global_eid, // enclave_id + &retval, // 返回值 + key, // key + val_addr, // value地址 + Value.val_len // value长度 + ); + if (res != CC_SUCCESS || retval != 0) { + std::cout << "Set KV failed!\n"; + return -1; + } + return 0; +} +// 获取键值对 +int Get(int key) +{ + uint8_t *value_val = new uint8_t[VALUE_SIZE]; + // 发起ecall查询键值对 + res = Get_KV(&global_eid, // enclave_id + &retval, // 返回值 + key, // key + value_val // value值 + ); + if (res != CC_SUCCESS || retval != 0) { + std::cout << "Get KV failed!\n"; + return -1; + } + std::cout << key << ": " << value_val << std::endl; + return 0; +} + +int Delete(int key_val) +{ + // 发起ecall删除键值对 + res = Delete_KV(&global_eid, + &retval, + key_val); + if (res != CC_SUCCESS || retval != 0) { + std::cout << "Delete KV failed!\n"; + return -1; + } + return 0; +} + +int main() +{ + double set_during, get_during; + + int retval; + // 创建飞地 + if (CreateEnclave() != 0) { + std::cout << "Create enclave failed\n"; + return -1; + } + start = clock(); + for (int j = 0;j < TEST_ITEM_SIZE;j++) { + + char sv[VALUE_SIZE + 1] = {'\0'}; + for (int i = 0;i < VALUE_SIZE;i++) { + sv[i] = 'a' + rand()%26; + } + // 发起ecall 建立键值对映射信息 + // cout << sv << endl; + if (Set(j, sv) < 0) { + cout << j << endl; + break; + } + // Set(j, sv); + } + stop = clock(); + set_during = double(stop - start) /CLOCKS_PER_SEC; + + + start = clock(); + // 发起ecall 查询键值对信息 + for (int i = 0;i < TEST_ITEM_SIZE;i++) { + Get(i); + + } + stop = clock(); + get_during = double(stop- start) / CLOCKS_PER_SEC; + + + cout << "Set消耗时间: " << set_during << 's' << endl; + cout << "Get消耗时间: " << get_during << 's' << endl; + + // 发起ecall 删除键值对 + + return res; +} diff --git a/wallfacer2.0/secgear_kv/include/common.h b/wallfacer2.0/secgear_kv/include/common.h new file mode 100644 index 0000000000000000000000000000000000000000..d8a984db51d1fe6b33deba698991e01ca6bed208 --- /dev/null +++ b/wallfacer2.0/secgear_kv/include/common.h @@ -0,0 +1,29 @@ +#ifndef COMMON_H +#define COMMON_H + +#define VALUE_SIZE 128 +#define TEST_ITEM_SIZE 1000000 +using namespace std; + +// 键(存储在TEE中) +typedef struct KEY { + int key_val; // 键 + uint8_t *val_ptr; // 指针 + size_t val_size; // value长度 + size_t hash_value; // hash(这里可以选一种hash函数替换成HMAC) +} KEY; + +// 值(加密存储在REE中) +typedef struct VALUE { + uint8_t *value; + size_t val_len; +} VALUE; + +// 键值对数据 +typedef struct KV { + int32_t key_val; + uint8_t value[VALUE_SIZE]; + size_t value_len; +} KV; + +#endif \ No newline at end of file diff --git a/wallfacer2.0/secgear_kv/kv.edl b/wallfacer2.0/secgear_kv/kv.edl new file mode 100644 index 0000000000000000000000000000000000000000..e1bddff3f02a4f89ab216ec149ae939dc6210cb7 --- /dev/null +++ b/wallfacer2.0/secgear_kv/kv.edl @@ -0,0 +1,38 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * secGear is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + +enclave { + include "secgear_urts.h" + from "secgear_tstdc.edl" import *; + from "secgear_tssl.edl" import *; + from "secgear_pthread.edl" import*; + trusted { + public int get_string([out, size=32]char *buf); + + public int Set_KV(int key_val, uint64_t val_addr, size_t val_len); + + public int Get_KV(int key_val, [out, size=128]uint8_t *buf); + + public int Delete_KV(int key_val); + + // public int GenerateRSAKey([out, size=key_len]char* out_pri_key, [out, size=key_len]char* out_pub_key, size_t key_len); + + // public int GenerateECCKey([out, size=key_len]char* out_pri_key,[out, size=key_len]char* out_pub_key, size_t key_len); + + // public int AES_ECB_Encrypt([out, size=16]uint8_t *user_key, [out, size=16]uint8_t *aes_in, [in, size=16]uint8_t *aes_out); + + // public int AES_ECB_Decrypt([out, size=16]uint8_t *user_key, [out, size=16]uint8_t *aes_in, [in, size=16]uint8_t *aes_out); + }; + untrusted { + void print(uint64_t c); + }; +};