From b109f5927e87b9c3fa2b68d00195dda862002ebf Mon Sep 17 00:00:00 2001 From: axel Date: Sat, 9 Mar 2024 13:24:08 +0800 Subject: [PATCH 1/5] Wallfacer2.0 add secgear_kv --- wallfacer2.0/secgear_kv/CMakeLists.txt | 44 ++++ .../secgear_kv/enclave/CMakeLists.txt | 234 ++++++++++++++++++ .../secgear_kv/enclave/Enclave.config.xml | 12 + wallfacer2.0/secgear_kv/enclave/Enclave.lds | 11 + .../secgear_kv/enclave/config_cloud.ini | 60 +++++ wallfacer2.0/secgear_kv/enclave/kv.cpp | 164 ++++++++++++ wallfacer2.0/secgear_kv/enclave/manifest.txt | 7 + wallfacer2.0/secgear_kv/host/CMakeLists.txt | 130 ++++++++++ wallfacer2.0/secgear_kv/host/main.cpp | 178 +++++++++++++ wallfacer2.0/secgear_kv/include/common.h | 29 +++ wallfacer2.0/secgear_kv/kv.edl | 38 +++ 11 files changed, 907 insertions(+) create mode 100644 wallfacer2.0/secgear_kv/CMakeLists.txt create mode 100644 wallfacer2.0/secgear_kv/enclave/CMakeLists.txt create mode 100644 wallfacer2.0/secgear_kv/enclave/Enclave.config.xml create mode 100644 wallfacer2.0/secgear_kv/enclave/Enclave.lds create mode 100644 wallfacer2.0/secgear_kv/enclave/config_cloud.ini create mode 100644 wallfacer2.0/secgear_kv/enclave/kv.cpp create mode 100644 wallfacer2.0/secgear_kv/enclave/manifest.txt create mode 100644 wallfacer2.0/secgear_kv/host/CMakeLists.txt create mode 100644 wallfacer2.0/secgear_kv/host/main.cpp create mode 100644 wallfacer2.0/secgear_kv/include/common.h create mode 100644 wallfacer2.0/secgear_kv/kv.edl diff --git a/wallfacer2.0/secgear_kv/CMakeLists.txt b/wallfacer2.0/secgear_kv/CMakeLists.txt new file mode 100644 index 00000000..d73ecd9e --- /dev/null +++ b/wallfacer2.0/secgear_kv/CMakeLists.txt @@ -0,0 +1,44 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. +# secGear is licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR +# PURPOSE. +# See the Mulan PSL v2 for more details. + +project(HelloWorld CXX) + +# set(CMAKE_C_STANDARD 99) +set(CMAKE_CXX_STANDARD 17) + + +set(CURRENT_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR}) + +#set edl name +set(EDL_FILE kv.edl) +set(CODEGEN codegen) + +if(CC_GP) + set(CODETYPE trustzone) + set(UUID f68fd704-6eb1-4d14-b218-722850eb3ef0) + add_definitions(-DPATH="/data/${UUID}.sec") +endif() + +if (NOT DEFINED SSL_PATH) + set(SSL_PATH /opt/intel/sgxssl) +endif() + +if(CC_SGX) + set(CODETYPE sgx) + add_definitions(-DPATH="${CMAKE_CURRENT_BINARY_DIR}/enclave/enclave.signed.so") +endif() + +if(CC_PL) + set(CODETYPE penglai) + add_definitions(-DPATH="${CMAKE_CURRENT_SOURCE_DIR}/enclave/penglai-ELF") +endif() + +add_subdirectory(${CURRENT_ROOT_PATH}/enclave) +add_subdirectory(${CURRENT_ROOT_PATH}/host) diff --git a/wallfacer2.0/secgear_kv/enclave/CMakeLists.txt b/wallfacer2.0/secgear_kv/enclave/CMakeLists.txt new file mode 100644 index 00000000..cafed093 --- /dev/null +++ b/wallfacer2.0/secgear_kv/enclave/CMakeLists.txt @@ -0,0 +1,234 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. +# secGear is licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR +# PURPOSE. +# See the Mulan PSL v2 for more details. + +#set auto code prefix +set(PREFIX kv) + +#set sign key +set(PEM Enclave_private.pem) + +#set sign tool +set(SIGN_TOOL ${LOCAL_ROOT_PATH}/tools/sign_tool/sign_tool.sh) + +#set enclave src code +set(SOURCE_FILES ${CMAKE_CURRENT_SOURCE_DIR}/kv.cpp) + +#set log level +set(PRINT_LEVEL 3) +add_definitions(-DPRINT_LEVEL=${PRINT_LEVEL}) + +if(CC_GP) + #set signed output + set(OUTPUT ${UUID}.sec) + #set whilelist. default: /vendor/bin/teec_hello + set(WHITE_LIST_0 /vendor/bin/helloworld) + set(WHITE_LIST_OWNER root) + set(WHITE_LIST_1 /vendor/bin/secgear_helloworld) + set(WHITELIST WHITE_LIST_0 WHITE_LIST_1) + + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp) +endif() + +if(CC_SGX) + set(OUTPUT enclave.signed.so) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SDK_PATH}/include --search-path ${SSL_PATH}/include) +endif() + +if(CC_PL) + set(OUTPUT penglai-ELF) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/penglai) +endif() + +set(COMMON_C_FLAGS "-W -Wall -Werror -fno-short-enums -fno-omit-frame-pointer -fstack-protector \ + -Wstack-protector --param ssp-buffer-size=4 -frecord-gcc-switches -Wextra -nostdinc -nodefaultlibs \ + -fno-peephole -fno-peephole2 -Wno-main -Wno-error=unused-parameter \ + -Wno-error=unused-but-set-variable -Wno-error=format-truncation=") + +set(COMMON_C_LINK_FLAGS "-Wl,-z,now -Wl,-z,relro -Wl,-z,noexecstack -Wl,-nostdlib -nodefaultlibs -nostartfiles") + +if(CC_GP) + + set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -march=armv8-a ") + set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s -fPIC") + set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-s") + + set(ITRUSTEE_TEEDIR ${SDK_PATH}/) + set(ITRUSTEE_LIBC ${SDK_PATH}/thirdparty/open_source/musl/libc) + + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${CMAKE_BINARY_DIR}/lib/) + endif() + + add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES}) + + target_include_directories( ${PREFIX} PRIVATE + ${CMAKE_CURRENT_BINARY_DIR} + ${CMAKE_BINARY_DIR}/inc + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/gp + ${LOCAL_ROOT_PATH}/inc/enclave_inc + ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp + ${ITRUSTEE_TEEDIR}/include/TA + ${ITRUSTEE_TEEDIR}/include/TA/huawei_ext + ${ITRUSTEE_LIBC}/arch/aarch64 + ${ITRUSTEE_LIBC}/ + ${ITRUSTEE_LIBC}/arch/arm/bits + ${ITRUSTEE_LIBC}/arch/generic + ${ITRUSTEE_LIBC}/arch/arm + ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp/itrustee) + + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${PREFIX} PRIVATE + ${CMAKE_BINARY_DIR}/lib/) + endif() + + foreach(WHITE_LIST ${WHITELIST}) + add_definitions(-D${WHITE_LIST}="${${WHITE_LIST}}") + endforeach(WHITE_LIST) + add_definitions(-DWHITE_LIST_OWNER="${WHITE_LIST_OWNER}") + + target_link_libraries(${PREFIX} -lsecgear_tee) + + #for trustzone compiling, you should connact us to get config and private_key.pem for test, so we will not sign and install binary in this example # + # add_custom_command(TARGET ${PREFIX} + # POST_BUILD + # COMMAND bash ${SIGN_TOOL} -d sign -x trustzone -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -c ${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt -m ${CMAKE_CURRENT_SOURCE_DIR}/config_cloud.ini -o ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT}) + + # install(FILES ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT} + # DESTINATION /data + # PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) + +endif() + +if(CC_SGX) + set(SGX_DIR ${SDK_PATH}) + set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -m64 -fvisibility=hidden") + set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s") + set(LINK_LIBRARY_PATH ${SGX_DIR}/lib64) + + set(OPENSSL_LIBRARY_PATH ${SSL_PATH}/lib64) # openssl动态库 + + if(CC_SIM) + set(Trts_Library_Name sgx_trts_sim) + set(Service_Library_Name sgx_tservice_sim) + else() + set(Trts_Library_Name sgx_trts) + set(Service_Library_Name sgx_tservice) + endif() + + set(Crypto_Library_Name sgx_tcrypto) + + set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-z,defs -Wl,-pie -Bstatic -Bsymbolic -eenclave_entry \ + -Wl,--export-dynamic -Wl,--defsym,__ImageBase=0 -Wl,--gc-sections -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/Enclave.lds") + + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories( + ${LINK_LIBRARY_PATH} + ${OPENSSL_LIBRARY_PATH} + ) + endif() + + add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES}) + + target_include_directories(${PREFIX} PRIVATE + ${CMAKE_CURRENT_BINARY_DIR} + ${SGX_DIR}/include/tlibc + ${SGX_DIR}/include/libcxx + ${SGX_DIR}/include + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/sgx + ${SSL_PATH}/include #openssl静态库 + ${CURRENT_ROOT_PATH}/include + ) + + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${PREFIX} PRIVATE + ${LINK_LIBRARY_PATH} + ${OPENSSL_LIBRARY_PATH} + ${CURRENT_ROOT_PATH}/include + ) + endif() + + target_link_libraries(${PREFIX} -Wl,--whole-archive ${Trts_Library_Name} -lsgx_tsgxssl -Wl,--no-whole-archive + -Wl,--start-group + -lsgx_tstdc -lsgx_tcxx -lsgx_tsgxssl -lsgx_tsgxssl_crypto -lsgx_usgxssl + -lsgx_tcrypto -lsgx_pthread + -l${Crypto_Library_Name} -l${Service_Library_Name} + -Wl,--end-group) + add_custom_command(TARGET ${PREFIX} + POST_BUILD + COMMAND umask 0177 + COMMAND openssl genrsa -3 -out ${PEM} 3072 + COMMAND bash ${SIGN_TOOL} -d sign -x sgx -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -k ${PEM} -o ${OUTPUT} -c ${CMAKE_CURRENT_SOURCE_DIR}/Enclave.config.xml) +endif() + +if(NOT DEFINED CC_PL) + set_target_properties(${PREFIX} PROPERTIES SKIP_BUILD_RPATH TRUE) +endif() + +if(CC_PL) + set(SDK_LIB_DIR ${SDK_PATH}/lib) + set(SDK_INCLUDE_DIR ${SDK_LIB_DIR}/app/include) + set(SDK_APP_LIB ${SDK_LIB_DIR}/libpenglai-enclave-eapp.a) + set(MUSL_LIB_DIR ${SDK_PATH}/musl/lib) + set(MUSL_LIBC ${MUSL_LIB_DIR}/libc.a) + set(GCC_LIB ${SDK_LIB_DIR}/libgcc.a) + set(SECGEAR_TEE_LIB ${CMAKE_BINARY_DIR}/lib/libsecgear_tee.a) + + set(SOURCE_C_OBJS "") + foreach(SOURCE_FILE ${SOURCE_FILES}) + STRING(REGEX REPLACE ".+/(.+)\\..*" "\\1" SOURCE_FILE_NAME ${SOURCE_FILE}) + set(SOURCE_OBJ ${CMAKE_CURRENT_BINARY_DIR}/${SOURCE_FILE_NAME}.o) + add_custom_command( + OUTPUT ${SOURCE_OBJ} + DEPENDS ${SOURCE_FILES} + COMMAND gcc -Wall -I${SDK_INCLUDE_DIR} -I${CMAKE_CURRENT_BINARY_DIR} -I${CMAKE_BINARY_DIR}/inc + -I${LOCAL_ROOT_PATH}/inc/host_inc -I${LOCAL_ROOT_PATH}/inc/host_inc/penglai -I${LOCAL_ROOT_PATH}/inc/enclave_inc + -I${LOCAL_ROOT_PATH}/inc/enclave_inc/penglai -c -o ${SOURCE_OBJ} ${SOURCE_FILE} + COMMENT "generate SOURCE_OBJ" + ) + list(APPEND SOURCE_C_OBJS ${SOURCE_OBJ}) + endforeach() + + set(APP_C_OBJ ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.o) + add_custom_command( + OUTPUT ${APP_C_OBJ} + DEPENDS ${AUTO_FILES} + COMMAND gcc -Wall -I${SDK_INCLUDE_DIR} -I${CMAKE_CURRENT_BINARY_DIR} -I${CMAKE_BINARY_DIR}/inc + -I${LOCAL_ROOT_PATH}/inc/host_inc -I${LOCAL_ROOT_PATH}/inc/host_inc/penglai -I${LOCAL_ROOT_PATH}/inc/enclave_inc + -I${LOCAL_ROOT_PATH}/inc/enclave_inc/penglai -c -o ${APP_C_OBJ} ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c + COMMENT "generate APP_C_OBJ" + ) + + add_custom_command( + OUTPUT ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} + DEPENDS ${APP_C_OBJ} ${SOURCE_C_OBJS} ${SDK_APP_LIB} ${MUSL_LIBC} ${GCC_LIB} + COMMAND ld -static -L${SDK_LIB_DIR} -L${MUSL_LIB_DIR} -L/usr/lib64 -lpenglai-enclave-eapp -lsecgear_tee -lc + -o ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} ${APP_C_OBJ} ${SOURCE_C_OBJS} ${SDK_APP_LIB} ${SECGEAR_TEE_LIB} + ${MUSL_LIBC} ${GCC_LIB} -T ${SDK_PATH}/app.lds + COMMAND chmod -x ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} + COMMENT "generate penglai-ELF" + ) + add_custom_target( + ${OUTPUT} ALL + DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} + COMMENT "makefile target penglai-ELF" + ) + +endif() diff --git a/wallfacer2.0/secgear_kv/enclave/Enclave.config.xml b/wallfacer2.0/secgear_kv/enclave/Enclave.config.xml new file mode 100644 index 00000000..bd60be70 --- /dev/null +++ b/wallfacer2.0/secgear_kv/enclave/Enclave.config.xml @@ -0,0 +1,12 @@ + + 0 + 0 + 0x400000 + 0x100000000 + 10 + 1 + + 0 + 0 + 0xFFFFFFFF + diff --git a/wallfacer2.0/secgear_kv/enclave/Enclave.lds b/wallfacer2.0/secgear_kv/enclave/Enclave.lds new file mode 100644 index 00000000..ab77e647 --- /dev/null +++ b/wallfacer2.0/secgear_kv/enclave/Enclave.lds @@ -0,0 +1,11 @@ +enclave.so +{ + global: + g_global_data_sim; + g_global_data; + enclave_entry; + g_peak_heap_used; + local: + *; +}; + diff --git a/wallfacer2.0/secgear_kv/enclave/config_cloud.ini b/wallfacer2.0/secgear_kv/enclave/config_cloud.ini new file mode 100644 index 00000000..8c70225e --- /dev/null +++ b/wallfacer2.0/secgear_kv/enclave/config_cloud.ini @@ -0,0 +1,60 @@ +[signSecPrivateCfg] +;;; +;private key length for signing TA: +;[fixed value] +;256 ECDSA Alg +;2048/4096 RSA Alg +secSignKeyLen = 4096 +;;; +;[fixed value] +;0 means SHA256 hash type +;1 means SHA512 hash type +secHashType = 0 +;;; +; [fixed value] +;0 means padding type is pkcs1v15 +;1 means padding type is PSS +;[fixed value] +secPaddingType = 1 +;;; +;[fixed value] +;RSA alg +;ECDSA alg +;SM2 alg +secSignAlg = RSA +;;; +;public key for encrypt TA +secEncryptKey = rsa_public_key_cloud.pem +;;; +;public key length +secEncryptKeyLen = 3072 + +[signSecPublicCfg] +;;; +;[fixed value] +; sec sign key type +;0 means debug +;1 means release +secReleaseType = 1 +;;; +;0 means TA not installed by OTRP +;1 means TA installed by OTRP +secOtrpFlag = 0 +;;; +;0 means not sign +;1 means signed by local private +;2 means signed using native sign tool; +;3 means signed by CI +;[fixed value] +secSignType = 1 +;;; +;server address for signing TA +secSignServerIp = +;;; +;private key for signing TA +;[private key owned by yourself] +secSignKey = /home/TA_cert/private_key.pem +;;; +;config file +;[signed config file by Huawei] +configPath = /home/TA_cert/secgear-app1/config diff --git a/wallfacer2.0/secgear_kv/enclave/kv.cpp b/wallfacer2.0/secgear_kv/enclave/kv.cpp new file mode 100644 index 00000000..1f61621c --- /dev/null +++ b/wallfacer2.0/secgear_kv/enclave/kv.cpp @@ -0,0 +1,164 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * secGear is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + + +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include "common.h" +#include "kv_t.h" +using namespace std; + +#define TA_HELLO_WORLD "secgear hello world!" +#define BUF_MAX 32 + +const uint8_t userkey[16] = { // AES密钥生成参数 + '1', '2', '3', '4', + '5', '6', '7', '8', + '9', '0', '1', '2', + '3', '4', '5', '6' +}; +// 分组加密 +uint8_t aes_in[16] = {0}, aes_out[16] = {0}; + +// 加解密秘钥 +AES_KEY encrypt_key, decrypt_key; + +vector KeyVec; // 键值对列表 +list KeyList; +hash strHash; // 字符串hash函数 + +int get_string(char *buf) +{ + strncpy(buf, TA_HELLO_WORLD, strlen(TA_HELLO_WORLD) + 1); + return 0; +} +// 加密 +void AES_Encrypt(KEY &Key) +{ + uint8_t *value = (uint8_t *)Key.val_ptr; // 获取value值 + AES_set_encrypt_key(userkey, 128, &encrypt_key); // 生成128bit加密秘钥 + for (size_t i = 0;i < Key.val_size;i+=16) { + memcpy(aes_in, value+i, 16); // 取16字节 + AES_ecb_encrypt(aes_in, aes_out, &encrypt_key, AES_ENCRYPT); // 加密 + memcpy(value+i, aes_out, 16); // 拷贝回去 + } +} +// 解密 +void AES_Decrypt(KEY Key, uint8_t *buf) +{ + uint8_t *value = (uint8_t *)Key.val_ptr; + AES_set_decrypt_key(userkey, 128, &decrypt_key); // 生成128bit解密密钥 + for (size_t i = 0;i < Key.val_size;i+=16) { + memcpy(aes_in, value+i,16); // 取16字节 + AES_ecb_encrypt(aes_in, aes_out, &decrypt_key, AES_DECRYPT); // 解密 + memcpy(buf+i, aes_out, 16); // 拷贝到buf + } +} + +int search_key(int key_val) +{ + for (int i = 0;i < KeyVec.size();i++) { + if (KeyVec[i].key_val == key_val) { // 查找到key + return i; + } + } + return -1; +} + +/** + * @param key_val 键信息 + * @param val_addr 值在不可信内存中的地址 + * @param val_len 值的长度 +*/ +int Set_KV(int key_val, uint64_t val_addr, size_t val_len) +{ + // 初始化键值对信息 + KEY Key; // 新建一个KEY变量 + Key.key_val = key_val; // 初始化key值 + Key.val_ptr = (uint8_t*)val_addr; // 初始化value指针 + Key.val_size = val_len; // 值的长度 + + // 计算hash值,实现完整性保护 + char *str = new char[VALUE_SIZE + 1]; // 转为char* + memcpy(str, Key.val_ptr, val_len); + string value_str = str; // 转为string + + Key.hash_value = strHash(value_str); // 计算hash值 + + // 对不可信内存中的value内容进行加密(AES-ECB模式) + // AES_Encrypt(Key); + + // 是否已存在键相同的键值对映射 + int index = search_key(key_val); + // 不存在 + if (index < 0) { + // 将Key插入列表 + KeyVec.push_back(Key); + } + else { + KeyVec[index] = Key; + } + return 0; +} +/** + * @param key_val 键信息 + * @param value_val 返回值 +*/ +int Get_KV(int key_val, uint8_t* value_val) +{ + // 查找键值对下标 + int index = search_key(key_val); + if (index < 0) return -1; + + // 解密 + // AES_Decrypt(KeyVec[index], value_val); + // 转为string计算hash + char *str = new char[VALUE_SIZE + 1]; // 转为char* + memcpy(str, value_val, KeyVec[index].val_size); + // 计算hash值 + string value_str = str; + size_t hashval = strHash(value_str); + // 校验完整性 + if (KeyVec[index].hash_value != hashval) { + memset(value_val, '0', KeyVec[index].val_size); + } + return 0; +} +/** + * @param key_val 键信息 + * @return 是否删除成功 +*/ +int Delete_KV(int key_val) +{ + int index = search_key(key_val); + if (index < 0) return -1; + // 删除键为1的键值对并回收内存 + KeyVec.erase(KeyVec.begin() + index); + // KeyVec.erase(remove(KeyVec.begin(), KeyVec.end(), Key)); + + return 0; +} \ No newline at end of file diff --git a/wallfacer2.0/secgear_kv/enclave/manifest.txt b/wallfacer2.0/secgear_kv/enclave/manifest.txt new file mode 100644 index 00000000..d78354e6 --- /dev/null +++ b/wallfacer2.0/secgear_kv/enclave/manifest.txt @@ -0,0 +1,7 @@ +gpd.ta.appID: f68fd704-6eb1-4d14-b218-722850eb3ef0 +gpd.ta.service_name: rsa-demo +gpd.ta.singleInstance: true +gpd.ta.multiSession: false +gpd.ta.instanceKeepAlive: false +gpd.ta.dataSize: 819200 +gpd.ta.stackSize: 40960 diff --git a/wallfacer2.0/secgear_kv/host/CMakeLists.txt b/wallfacer2.0/secgear_kv/host/CMakeLists.txt new file mode 100644 index 00000000..7f0bcb6d --- /dev/null +++ b/wallfacer2.0/secgear_kv/host/CMakeLists.txt @@ -0,0 +1,130 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. +# secGear is licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR +# PURPOSE. +# See the Mulan PSL v2 for more details. + +#set auto code prefix +set(PREFIX kv) +#set host exec name +set(OUTPUT secgear_kv) +#set host src code +set(SOURCE_FILE ${CMAKE_CURRENT_SOURCE_DIR}/main.cpp) + +#set auto code +if(CC_GP) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp) +endif() + +if(CC_SGX) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} + --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx + --search-path ${SDK_PATH}/include + --search-path ${SSL_PATH}/include) +endif() + +if(CC_PL) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/penglai) +endif() + +set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIE") +set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s") + +if(CC_GP) + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() + add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) + target_include_directories(${OUTPUT} PRIVATE + ${CMAKE_BINARY_DIR}/inc + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/gp + ${CMAKE_CURRENT_BINARY_DIR}) + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() +endif() + +if(CC_SGX) + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY} + ${SSL_PATH}/lib64 + ) + endif() + add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) + target_include_directories(${OUTPUT} PRIVATE + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/sgx + ${CMAKE_CURRENT_BINARY_DIR} + ${CURRENT_ROOT_PATH}/include/) + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${OUTPUT} PRIVATE + ${CMAKE_LIBRARY_OUTPUT_DIRECTORY} + ${SSL_PATH}/lib64 + ${CURRENT_ROOT_PATH}/include/ + ) + endif() +endif() + +if(CC_PL) + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() + add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) + target_include_directories(${OUTPUT} PRIVATE + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/penglai + ${CMAKE_CURRENT_BINARY_DIR} + ) + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() +endif() + +if(CC_SIM) + target_link_libraries(${OUTPUT} secgearsim pthread sgx_usgxssl) # 链接动态库 +else() + target_link_libraries(${OUTPUT} secgear pthread sgx_usgxssl) +endif() +set_target_properties(${OUTPUT} PROPERTIES SKIP_BUILD_RPATH TRUE) + +if(CC_GP) + #itrustee install whitelist /vender/bin/teec_hello + install(TARGETS ${OUTPUT} + RUNTIME + DESTINATION /vendor/bin/ + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ + WORLD_EXECUTE WORLD_READ) +endif() + +if(CC_SGX) + install(TARGETS ${OUTPUT} + RUNTIME + DESTINATION ${CMAKE_BINARY_DIR}/bin/ + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ + WORLD_EXECUTE WORLD_READ) +endif() + +if(CC_PL) + install(TARGETS ${OUTPUT} + RUNTIME + DESTINATION ${CMAKE_BINARY_DIR}/bin/ + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ + WORLD_EXECUTE WORLD_READ) +endif() diff --git a/wallfacer2.0/secgear_kv/host/main.cpp b/wallfacer2.0/secgear_kv/host/main.cpp new file mode 100644 index 00000000..ee31dd43 --- /dev/null +++ b/wallfacer2.0/secgear_kv/host/main.cpp @@ -0,0 +1,178 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * secGear is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + +#include +#include +#include +#include +#include + +#include "enclave.h" +#include "kv_u.h" +#include "common.h" + +#include +using namespace std; + +// #define RSA_PUBLIC_KEY_FILE "pubkey.pem" +clock_t start, stop; // 时间参数 + +cc_enclave_t global_eid = {}; // 全局enclave_id +cc_enclave_result_t res = CC_FAIL; // enclave状态结果 +uint8_t buf[VALUE_SIZE] = {0}; // 缓冲区 +char temp[VALUE_SIZE + 1]; +int retval = 0; +// 创建enclave +int CreateEnclave() +{ + int retval = 0; + const char *path = PATH; + + + char real_p[PATH_MAX]; + /* check file exists, if not exist then use absolute path */ + if (realpath(path, real_p) == NULL) { + if (getcwd(real_p, sizeof(real_p)) == NULL) { + printf("Cannot find enclave.sign.so"); + return res; + } + if (PATH_MAX - strlen(real_p) <= strlen("/enclave.signed.so")) { + printf("Failed to strcat enclave.sign.so path"); + return res; + } + (void)strcat(real_p, "/enclave.signed.so"); + } + // 创建飞地 + res = cc_enclave_create( + real_p, + AUTO_ENCLAVE_TYPE, + 0, + SECGEAR_DEBUG_FLAG, + NULL, + 0, + &global_eid); + return res; +} +// 销毁enclave +void DestoryEnclave() +{ + res = cc_enclave_destroy(&global_eid); + if(res != CC_SUCCESS) { + printf("host destroy enclave error\n"); + } else { + printf("host destroy enclave success\n"); + } +} +// 打印测试函数(ocall-function) +void print(uint64_t c) { + std::cout << c << std::endl; +} + +// 添加键值对 +int Set(int key, char *value_str) +{ + VALUE Value; + Value.value = new uint8_t[VALUE_SIZE]; + memcpy(Value.value, value_str, strlen(value_str)); + Value.val_len = strlen(value_str); // 获取value长度 + uint64_t val_addr = (uint64_t)Value.value; // 获取value地址 + + // 发起ecall插入键值对值 + res = Set_KV(&global_eid, // enclave_id + &retval, // 返回值 + key, // key + val_addr, // value地址 + Value.val_len // value长度 + ); + if (res != CC_SUCCESS || retval != 0) { + std::cout << "Set KV failed!\n"; + return -1; + } + return 0; +} +// 获取键值对 +int Get(int key) +{ + uint8_t *value_val = new uint8_t[VALUE_SIZE]; + // 发起ecall查询键值对 + res = Get_KV(&global_eid, // enclave_id + &retval, // 返回值 + key, // key + value_val // value值 + ); + if (res != CC_SUCCESS || retval != 0) { + std::cout << "Get KV failed!\n"; + return -1; + } + std::cout << key << ": " << value_val << std::endl; + return 0; +} + +int Delete(int key_val) +{ + // 发起ecall删除键值对 + res = Delete_KV(&global_eid, + &retval, + key_val); + if (res != CC_SUCCESS || retval != 0) { + std::cout << "Delete KV failed!\n"; + return -1; + } + return 0; +} + +int main() +{ + double set_during, get_during; + + int retval; + // 创建飞地 + if (CreateEnclave() != 0) { + std::cout << "Create enclave failed\n"; + return -1; + } + start = clock(); + for (int j = 0;j < TEST_ITEM_SIZE;j++) { + + char sv[VALUE_SIZE + 1] = {'\0'}; + for (int i = 0;i < VALUE_SIZE;i++) { + sv[i] = 'a' + rand()%26; + } + // 发起ecall 建立键值对映射信息 + // cout << sv << endl; + if (Set(j, sv) < 0) { + cout << j << endl; + break; + } + // Set(j, sv); + } + stop = clock(); + set_during = double(stop - start) /CLOCKS_PER_SEC; + + + start = clock(); + // 发起ecall 查询键值对信息 + for (int i = 0;i < TEST_ITEM_SIZE;i++) { + Get(i); + + } + stop = clock(); + get_during = double(stop- start) / CLOCKS_PER_SEC; + + + cout << "Set消耗时间: " << set_during << 's' << endl; + cout << "Get消耗时间: " << get_during << 's' << endl; + + // 发起ecall 删除键值对 + + return res; +} diff --git a/wallfacer2.0/secgear_kv/include/common.h b/wallfacer2.0/secgear_kv/include/common.h new file mode 100644 index 00000000..d8a984db --- /dev/null +++ b/wallfacer2.0/secgear_kv/include/common.h @@ -0,0 +1,29 @@ +#ifndef COMMON_H +#define COMMON_H + +#define VALUE_SIZE 128 +#define TEST_ITEM_SIZE 1000000 +using namespace std; + +// 键(存储在TEE中) +typedef struct KEY { + int key_val; // 键 + uint8_t *val_ptr; // 指针 + size_t val_size; // value长度 + size_t hash_value; // hash(这里可以选一种hash函数替换成HMAC) +} KEY; + +// 值(加密存储在REE中) +typedef struct VALUE { + uint8_t *value; + size_t val_len; +} VALUE; + +// 键值对数据 +typedef struct KV { + int32_t key_val; + uint8_t value[VALUE_SIZE]; + size_t value_len; +} KV; + +#endif \ No newline at end of file diff --git a/wallfacer2.0/secgear_kv/kv.edl b/wallfacer2.0/secgear_kv/kv.edl new file mode 100644 index 00000000..e1bddff3 --- /dev/null +++ b/wallfacer2.0/secgear_kv/kv.edl @@ -0,0 +1,38 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * secGear is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + +enclave { + include "secgear_urts.h" + from "secgear_tstdc.edl" import *; + from "secgear_tssl.edl" import *; + from "secgear_pthread.edl" import*; + trusted { + public int get_string([out, size=32]char *buf); + + public int Set_KV(int key_val, uint64_t val_addr, size_t val_len); + + public int Get_KV(int key_val, [out, size=128]uint8_t *buf); + + public int Delete_KV(int key_val); + + // public int GenerateRSAKey([out, size=key_len]char* out_pri_key, [out, size=key_len]char* out_pub_key, size_t key_len); + + // public int GenerateECCKey([out, size=key_len]char* out_pri_key,[out, size=key_len]char* out_pub_key, size_t key_len); + + // public int AES_ECB_Encrypt([out, size=16]uint8_t *user_key, [out, size=16]uint8_t *aes_in, [in, size=16]uint8_t *aes_out); + + // public int AES_ECB_Decrypt([out, size=16]uint8_t *user_key, [out, size=16]uint8_t *aes_in, [in, size=16]uint8_t *aes_out); + }; + untrusted { + void print(uint64_t c); + }; +}; -- Gitee From f98b1aeb4a760054ee5caddcfa32637eec53d843 Mon Sep 17 00:00:00 2001 From: axel Date: Fri, 15 Mar 2024 16:30:36 +0800 Subject: [PATCH 2/5] data arragement --- wallfacer2.0/secgear_da/CMakeLists.txt | 44 +++ wallfacer2.0/secgear_da/da.edl | 31 +++ .../secgear_da/enclave/CMakeLists.txt | 234 ++++++++++++++++ .../secgear_da/enclave/Enclave.config.xml | 12 + wallfacer2.0/secgear_da/enclave/Enclave.lds | 11 + .../secgear_da/enclave/config_cloud.ini | 60 ++++ wallfacer2.0/secgear_da/enclave/da.cpp | 261 ++++++++++++++++++ wallfacer2.0/secgear_da/enclave/manifest.txt | 7 + wallfacer2.0/secgear_da/host/CMakeLists.txt | 130 +++++++++ wallfacer2.0/secgear_da/host/main.cpp | 205 ++++++++++++++ wallfacer2.0/secgear_da/host/test.cpp | 133 +++++++++ wallfacer2.0/secgear_da/include/common.h | 31 +++ wallfacer2.0/secgear_da/include/tpch.h | 105 +++++++ 13 files changed, 1264 insertions(+) create mode 100644 wallfacer2.0/secgear_da/CMakeLists.txt create mode 100644 wallfacer2.0/secgear_da/da.edl create mode 100644 wallfacer2.0/secgear_da/enclave/CMakeLists.txt create mode 100644 wallfacer2.0/secgear_da/enclave/Enclave.config.xml create mode 100644 wallfacer2.0/secgear_da/enclave/Enclave.lds create mode 100644 wallfacer2.0/secgear_da/enclave/config_cloud.ini create mode 100644 wallfacer2.0/secgear_da/enclave/da.cpp create mode 100644 wallfacer2.0/secgear_da/enclave/manifest.txt create mode 100644 wallfacer2.0/secgear_da/host/CMakeLists.txt create mode 100644 wallfacer2.0/secgear_da/host/main.cpp create mode 100644 wallfacer2.0/secgear_da/host/test.cpp create mode 100644 wallfacer2.0/secgear_da/include/common.h create mode 100644 wallfacer2.0/secgear_da/include/tpch.h diff --git a/wallfacer2.0/secgear_da/CMakeLists.txt b/wallfacer2.0/secgear_da/CMakeLists.txt new file mode 100644 index 00000000..c731a8c9 --- /dev/null +++ b/wallfacer2.0/secgear_da/CMakeLists.txt @@ -0,0 +1,44 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. +# secGear is licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR +# PURPOSE. +# See the Mulan PSL v2 for more details. + +project(HelloWorld CXX) + +# set(CMAKE_C_STANDARD 99) +set(CMAKE_CXX_STANDARD 17) + + +set(CURRENT_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR}) + +#set edl name +set(EDL_FILE da.edl) +set(CODEGEN codegen) + +if(CC_GP) + set(CODETYPE trustzone) + set(UUID f68fd704-6eb1-4d14-b218-722850eb3ef0) + add_definitions(-DPATH="/data/${UUID}.sec") +endif() + +if (NOT DEFINED SSL_PATH) + set(SSL_PATH /opt/intel/sgxssl) +endif() + +if(CC_SGX) + set(CODETYPE sgx) + add_definitions(-DPATH="${CMAKE_CURRENT_BINARY_DIR}/enclave/enclave.signed.so") +endif() + +if(CC_PL) + set(CODETYPE penglai) + add_definitions(-DPATH="${CMAKE_CURRENT_SOURCE_DIR}/enclave/penglai-ELF") +endif() + +add_subdirectory(${CURRENT_ROOT_PATH}/enclave) +add_subdirectory(${CURRENT_ROOT_PATH}/host) diff --git a/wallfacer2.0/secgear_da/da.edl b/wallfacer2.0/secgear_da/da.edl new file mode 100644 index 00000000..5d5470ec --- /dev/null +++ b/wallfacer2.0/secgear_da/da.edl @@ -0,0 +1,31 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * secGear is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + +enclave { + include "secgear_urts.h" + from "secgear_tstdc.edl" import *; + from "secgear_tssl.edl" import *; + from "secgear_pthread.edl" import*; + trusted { + public int get_string([out, size=32]char *buf); + + // 初始化数据表 + public int InitCustomerItem(uint64_t customer_items_addr, size_t cust_size); + + // 查询数据 + public int GetData([in, size=32]int32_t* FieldIndex, size_t field_len, uint64_t item_addr, uint64_t res_item_addr,[out,size=16]size_t* res_len); + + }; + untrusted { + void print(uint64_t c); + }; +}; diff --git a/wallfacer2.0/secgear_da/enclave/CMakeLists.txt b/wallfacer2.0/secgear_da/enclave/CMakeLists.txt new file mode 100644 index 00000000..d5749bd6 --- /dev/null +++ b/wallfacer2.0/secgear_da/enclave/CMakeLists.txt @@ -0,0 +1,234 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. +# secGear is licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR +# PURPOSE. +# See the Mulan PSL v2 for more details. + +#set auto code prefix +set(PREFIX da) + +#set sign key +set(PEM Enclave_private.pem) + +#set sign tool +set(SIGN_TOOL ${LOCAL_ROOT_PATH}/tools/sign_tool/sign_tool.sh) + +#set enclave src code +set(SOURCE_FILES ${CMAKE_CURRENT_SOURCE_DIR}/da.cpp) + +#set log level +set(PRINT_LEVEL 3) +add_definitions(-DPRINT_LEVEL=${PRINT_LEVEL}) + +if(CC_GP) + #set signed output + set(OUTPUT ${UUID}.sec) + #set whilelist. default: /vendor/bin/teec_hello + set(WHITE_LIST_0 /vendor/bin/helloworld) + set(WHITE_LIST_OWNER root) + set(WHITE_LIST_1 /vendor/bin/secgear_helloworld) + set(WHITELIST WHITE_LIST_0 WHITE_LIST_1) + + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp) +endif() + +if(CC_SGX) + set(OUTPUT enclave.signed.so) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SDK_PATH}/include --search-path ${SSL_PATH}/include) +endif() + +if(CC_PL) + set(OUTPUT penglai-ELF) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/penglai) +endif() + +set(COMMON_C_FLAGS "-W -Wall -Werror -fno-short-enums -fno-omit-frame-pointer -fstack-protector \ + -Wstack-protector --param ssp-buffer-size=4 -frecord-gcc-switches -Wextra -nostdinc -nodefaultlibs \ + -fno-peephole -fno-peephole2 -Wno-main -Wno-error=unused-parameter \ + -Wno-error=unused-but-set-variable -Wno-error=format-truncation=") + +set(COMMON_C_LINK_FLAGS "-Wl,-z,now -Wl,-z,relro -Wl,-z,noexecstack -Wl,-nostdlib -nodefaultlibs -nostartfiles") + +if(CC_GP) + + set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -march=armv8-a ") + set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s -fPIC") + set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-s") + + set(ITRUSTEE_TEEDIR ${SDK_PATH}/) + set(ITRUSTEE_LIBC ${SDK_PATH}/thirdparty/open_source/musl/libc) + + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${CMAKE_BINARY_DIR}/lib/) + endif() + + add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES}) + + target_include_directories( ${PREFIX} PRIVATE + ${CMAKE_CURRENT_BINARY_DIR} + ${CMAKE_BINARY_DIR}/inc + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/gp + ${LOCAL_ROOT_PATH}/inc/enclave_inc + ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp + ${ITRUSTEE_TEEDIR}/include/TA + ${ITRUSTEE_TEEDIR}/include/TA/huawei_ext + ${ITRUSTEE_LIBC}/arch/aarch64 + ${ITRUSTEE_LIBC}/ + ${ITRUSTEE_LIBC}/arch/arm/bits + ${ITRUSTEE_LIBC}/arch/generic + ${ITRUSTEE_LIBC}/arch/arm + ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp/itrustee) + + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${PREFIX} PRIVATE + ${CMAKE_BINARY_DIR}/lib/) + endif() + + foreach(WHITE_LIST ${WHITELIST}) + add_definitions(-D${WHITE_LIST}="${${WHITE_LIST}}") + endforeach(WHITE_LIST) + add_definitions(-DWHITE_LIST_OWNER="${WHITE_LIST_OWNER}") + + target_link_libraries(${PREFIX} -lsecgear_tee) + + #for trustzone compiling, you should connact us to get config and private_key.pem for test, so we will not sign and install binary in this example # + # add_custom_command(TARGET ${PREFIX} + # POST_BUILD + # COMMAND bash ${SIGN_TOOL} -d sign -x trustzone -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -c ${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt -m ${CMAKE_CURRENT_SOURCE_DIR}/config_cloud.ini -o ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT}) + + # install(FILES ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT} + # DESTINATION /data + # PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) + +endif() + +if(CC_SGX) + set(SGX_DIR ${SDK_PATH}) + set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -m64 -fvisibility=hidden") + set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s") + set(LINK_LIBRARY_PATH ${SGX_DIR}/lib64) + + set(OPENSSL_LIBRARY_PATH ${SSL_PATH}/lib64) # openssl动态库 + + if(CC_SIM) + set(Trts_Library_Name sgx_trts_sim) + set(Service_Library_Name sgx_tservice_sim) + else() + set(Trts_Library_Name sgx_trts) + set(Service_Library_Name sgx_tservice) + endif() + + set(Crypto_Library_Name sgx_tcrypto) + + set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-z,defs -Wl,-pie -Bstatic -Bsymbolic -eenclave_entry \ + -Wl,--export-dynamic -Wl,--defsym,__ImageBase=0 -Wl,--gc-sections -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/Enclave.lds") + + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories( + ${LINK_LIBRARY_PATH} + ${OPENSSL_LIBRARY_PATH} + ) + endif() + + add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES}) + + target_include_directories(${PREFIX} PRIVATE + ${CMAKE_CURRENT_BINARY_DIR} + ${SGX_DIR}/include/tlibc + ${SGX_DIR}/include/libcxx + ${SGX_DIR}/include + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/sgx + ${SSL_PATH}/include #openssl静态库 + ${CURRENT_ROOT_PATH}/include + ) + + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${PREFIX} PRIVATE + ${LINK_LIBRARY_PATH} + ${OPENSSL_LIBRARY_PATH} + ${CURRENT_ROOT_PATH}/include + ) + endif() + + target_link_libraries(${PREFIX} -Wl,--whole-archive ${Trts_Library_Name} -lsgx_tsgxssl -Wl,--no-whole-archive + -Wl,--start-group + -lsgx_tstdc -lsgx_tcxx -lsgx_tsgxssl -lsgx_tsgxssl_crypto -lsgx_usgxssl + -lsgx_tcrypto -lsgx_pthread + -l${Crypto_Library_Name} -l${Service_Library_Name} + -Wl,--end-group) + add_custom_command(TARGET ${PREFIX} + POST_BUILD + COMMAND umask 0177 + COMMAND openssl genrsa -3 -out ${PEM} 3072 + COMMAND bash ${SIGN_TOOL} -d sign -x sgx -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -k ${PEM} -o ${OUTPUT} -c ${CMAKE_CURRENT_SOURCE_DIR}/Enclave.config.xml) +endif() + +if(NOT DEFINED CC_PL) + set_target_properties(${PREFIX} PROPERTIES SKIP_BUILD_RPATH TRUE) +endif() + +if(CC_PL) + set(SDK_LIB_DIR ${SDK_PATH}/lib) + set(SDK_INCLUDE_DIR ${SDK_LIB_DIR}/app/include) + set(SDK_APP_LIB ${SDK_LIB_DIR}/libpenglai-enclave-eapp.a) + set(MUSL_LIB_DIR ${SDK_PATH}/musl/lib) + set(MUSL_LIBC ${MUSL_LIB_DIR}/libc.a) + set(GCC_LIB ${SDK_LIB_DIR}/libgcc.a) + set(SECGEAR_TEE_LIB ${CMAKE_BINARY_DIR}/lib/libsecgear_tee.a) + + set(SOURCE_C_OBJS "") + foreach(SOURCE_FILE ${SOURCE_FILES}) + STRING(REGEX REPLACE ".+/(.+)\\..*" "\\1" SOURCE_FILE_NAME ${SOURCE_FILE}) + set(SOURCE_OBJ ${CMAKE_CURRENT_BINARY_DIR}/${SOURCE_FILE_NAME}.o) + add_custom_command( + OUTPUT ${SOURCE_OBJ} + DEPENDS ${SOURCE_FILES} + COMMAND gcc -Wall -I${SDK_INCLUDE_DIR} -I${CMAKE_CURRENT_BINARY_DIR} -I${CMAKE_BINARY_DIR}/inc + -I${LOCAL_ROOT_PATH}/inc/host_inc -I${LOCAL_ROOT_PATH}/inc/host_inc/penglai -I${LOCAL_ROOT_PATH}/inc/enclave_inc + -I${LOCAL_ROOT_PATH}/inc/enclave_inc/penglai -c -o ${SOURCE_OBJ} ${SOURCE_FILE} + COMMENT "generate SOURCE_OBJ" + ) + list(APPEND SOURCE_C_OBJS ${SOURCE_OBJ}) + endforeach() + + set(APP_C_OBJ ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.o) + add_custom_command( + OUTPUT ${APP_C_OBJ} + DEPENDS ${AUTO_FILES} + COMMAND gcc -Wall -I${SDK_INCLUDE_DIR} -I${CMAKE_CURRENT_BINARY_DIR} -I${CMAKE_BINARY_DIR}/inc + -I${LOCAL_ROOT_PATH}/inc/host_inc -I${LOCAL_ROOT_PATH}/inc/host_inc/penglai -I${LOCAL_ROOT_PATH}/inc/enclave_inc + -I${LOCAL_ROOT_PATH}/inc/enclave_inc/penglai -c -o ${APP_C_OBJ} ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c + COMMENT "generate APP_C_OBJ" + ) + + add_custom_command( + OUTPUT ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} + DEPENDS ${APP_C_OBJ} ${SOURCE_C_OBJS} ${SDK_APP_LIB} ${MUSL_LIBC} ${GCC_LIB} + COMMAND ld -static -L${SDK_LIB_DIR} -L${MUSL_LIB_DIR} -L/usr/lib64 -lpenglai-enclave-eapp -lsecgear_tee -lc + -o ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} ${APP_C_OBJ} ${SOURCE_C_OBJS} ${SDK_APP_LIB} ${SECGEAR_TEE_LIB} + ${MUSL_LIBC} ${GCC_LIB} -T ${SDK_PATH}/app.lds + COMMAND chmod -x ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} + COMMENT "generate penglai-ELF" + ) + add_custom_target( + ${OUTPUT} ALL + DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} + COMMENT "makefile target penglai-ELF" + ) + +endif() diff --git a/wallfacer2.0/secgear_da/enclave/Enclave.config.xml b/wallfacer2.0/secgear_da/enclave/Enclave.config.xml new file mode 100644 index 00000000..eec08410 --- /dev/null +++ b/wallfacer2.0/secgear_da/enclave/Enclave.config.xml @@ -0,0 +1,12 @@ + + 0 + 0 + 0x400000 + 0x1000000 + 10 + 1 + + 0 + 0 + 0xFFFFFFFF + diff --git a/wallfacer2.0/secgear_da/enclave/Enclave.lds b/wallfacer2.0/secgear_da/enclave/Enclave.lds new file mode 100644 index 00000000..ab77e647 --- /dev/null +++ b/wallfacer2.0/secgear_da/enclave/Enclave.lds @@ -0,0 +1,11 @@ +enclave.so +{ + global: + g_global_data_sim; + g_global_data; + enclave_entry; + g_peak_heap_used; + local: + *; +}; + diff --git a/wallfacer2.0/secgear_da/enclave/config_cloud.ini b/wallfacer2.0/secgear_da/enclave/config_cloud.ini new file mode 100644 index 00000000..8c70225e --- /dev/null +++ b/wallfacer2.0/secgear_da/enclave/config_cloud.ini @@ -0,0 +1,60 @@ +[signSecPrivateCfg] +;;; +;private key length for signing TA: +;[fixed value] +;256 ECDSA Alg +;2048/4096 RSA Alg +secSignKeyLen = 4096 +;;; +;[fixed value] +;0 means SHA256 hash type +;1 means SHA512 hash type +secHashType = 0 +;;; +; [fixed value] +;0 means padding type is pkcs1v15 +;1 means padding type is PSS +;[fixed value] +secPaddingType = 1 +;;; +;[fixed value] +;RSA alg +;ECDSA alg +;SM2 alg +secSignAlg = RSA +;;; +;public key for encrypt TA +secEncryptKey = rsa_public_key_cloud.pem +;;; +;public key length +secEncryptKeyLen = 3072 + +[signSecPublicCfg] +;;; +;[fixed value] +; sec sign key type +;0 means debug +;1 means release +secReleaseType = 1 +;;; +;0 means TA not installed by OTRP +;1 means TA installed by OTRP +secOtrpFlag = 0 +;;; +;0 means not sign +;1 means signed by local private +;2 means signed using native sign tool; +;3 means signed by CI +;[fixed value] +secSignType = 1 +;;; +;server address for signing TA +secSignServerIp = +;;; +;private key for signing TA +;[private key owned by yourself] +secSignKey = /home/TA_cert/private_key.pem +;;; +;config file +;[signed config file by Huawei] +configPath = /home/TA_cert/secgear-app1/config diff --git a/wallfacer2.0/secgear_da/enclave/da.cpp b/wallfacer2.0/secgear_da/enclave/da.cpp new file mode 100644 index 00000000..13cdbf85 --- /dev/null +++ b/wallfacer2.0/secgear_da/enclave/da.cpp @@ -0,0 +1,261 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * secGear is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + + +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "common.h" +#include "tpch.h" + +#include "da_t.h" +using namespace std; + +#define TA_HELLO_WORLD "secgear hello world!" +#define BUF_MAX 32 + +const uint8_t userkey[16] = { // AES密钥生成参数 + '1', '2', '3', '4', + '5', '6', '7', '8', + '9', '0', '1', '2', + '3', '4', '5', '6' +}; +// 分组加密 +uint8_t aes_in[16] = {0}, aes_out[16] = {0}; + +// 加解密秘钥 +AES_KEY encrypt_key, decrypt_key; + +// 相关数据结构定义 +CustomerItem* customer_items; // 数据指针 +size_t customer_items_size = 0; +CustomerBucket customer_bucket; // 缓存桶 +AccessCounter ac_counter; // 访问频次计数器 + + +int get_string(char *buf) +{ + strncpy(buf, TA_HELLO_WORLD, strlen(TA_HELLO_WORLD) + 1); + return 0; +} + + +// 加密 +void AES_Encrypt(KEY &Key) +{ + uint8_t *value = (uint8_t *)Key.val_ptr; // 获取value值 + AES_set_encrypt_key(userkey, 128, &encrypt_key); // 生成128bit加密秘钥 + for (size_t i = 0;i < Key.val_size;i+=16) { + memcpy(aes_in, value+i, 16); // 取16字节 + AES_ecb_encrypt(aes_in, aes_out, &encrypt_key, AES_ENCRYPT); // 加密 + memcpy(value+i, aes_out, 16); // 拷贝回去 + } +} +// 解密 +void AES_Decrypt(KEY Key, uint8_t *buf) +{ + uint8_t *value = (uint8_t *)Key.val_ptr; + AES_set_decrypt_key(userkey, 128, &decrypt_key); // 生成128bit解密密钥 + for (size_t i = 0;i < Key.val_size;i+=16) { + memcpy(aes_in, value+i,16); // 取16字节 + AES_ecb_encrypt(aes_in, aes_out, &decrypt_key, AES_DECRYPT); // 解密 + memcpy(buf+i, aes_out, 16); // 拷贝到buf + } +} +// char* 转string +string toString(char* arr) +{ + string str = string(arr); + return str; +} + +/** +* 初始化函数 +* @param customer_items_addr customer表在不可信内存中的地址 +* @param item_num customer表的大小 +*/ +int InitCustomerItem(uint64_t customer_items_addr, size_t cust_size) +{ + + customer_items = (CustomerItem*)customer_items_addr; + customer_items_size = cust_size; + return 0; +} + +/** +* 从表中搜索数据 +* @param FieldIndex 查找字段 +* @param item 查找条件 +* @param res_item 结果集合 +* @param res_len 返回结果长度 +*/ +int SearchFromTable(int FieldIndex, CustomerItem* item, CustomerItem* res_item, size_t* res_len) +{ + Variant var_tar, var_src; + int type_id; + switch(FieldIndex) { + case C_CUSTKEY_COUNTER: var_tar = item->CustomerKey; break; + case C_NAME_COUNTER: var_tar = toString(item->Name); break; + case C_ADDRESS_COUNTER: var_tar = toString(item->Address); break; + case C_NATION_COUNTER: var_tar = item->Nation; break; + case C_PHONE_COUNTER: var_tar = toString(item->Phone); break; + case C_ACCTBAL_COUNTER: var_tar = toString(item->Mktsegment); break; + case C_COMMENT_COUNTER: var_tar = toString(item->Comment); break; + default: break; + + } + type_id = var_tar.index(); + // 查找 + for (size_t i = 0;i < customer_items_size;i++) { + switch (FieldIndex) { + case C_CUSTKEY_COUNTER: var_src = customer_items[i].CustomerKey; break; + case C_NAME_COUNTER: var_src = customer_items[i].Name; break; + case C_ADDRESS_COUNTER: var_src = customer_items[i].Address; break; + case C_NATION_COUNTER: var_src = customer_items[i].Nation; break; + case C_PHONE_COUNTER: var_src = customer_items[i].Phone; break; + case C_ACCTBAL_COUNTER: var_src = customer_items[i].Acctbal; break; + case C_COMMENT_COUNTER: var_src = customer_items[i].Comment; break; + default: break; + } + if (var_src == var_tar) { + print(1); + memcpy(&res_item[res_len[0]++], &customer_items[i], sizeof(CustomerItem)); + } + } + return 0; +} + + +/** +* 从桶中搜索数据 +* @param FieldIndex 查找字段 +* @param item 查找条件 +* @param res_item 结果集合 +* @param res_len 返回结果长度 +*/ +int SearchFromBucket(int FieldIndex, CustomerItem* item, CustomerItem* res_item, size_t* res_len) +{ + Variant var_tar, var_src; // 比较变量 + int type_id; // 数据类型 + + switch(FieldIndex) { + case C_CUSTKEY_COUNTER: var_tar = item->CustomerKey; break; + case C_NAME_COUNTER: var_tar = toString(item->Name); break; + case C_ADDRESS_COUNTER: var_tar = toString(item->Address); break; + case C_NATION_COUNTER: var_tar = item->Nation; break; + case C_PHONE_COUNTER: var_tar = toString(item->Phone); break; + case C_ACCTBAL_COUNTER: var_tar = toString(item->Mktsegment); break; + case C_COMMENT_COUNTER: var_tar = toString(item->Comment); break; + default: break; + } + type_id = var_tar.index(); + + // 先在桶里找 + for (BucketItem::iterator it = customer_bucket[FieldIndex].begin();it != customer_bucket[FieldIndex].end(); it++) { + var_src = it->first; + // 如果相等 + if (var_tar == var_src) { + print(12580); + res_len[0] = it->second.size(); + for (int i = 0;i < it->second.size();i++) { + memcpy(&res_item[it->second[i]], &customer_items[it->second[i]], sizeof(CustomerItem)); + } + + } + } + // 找不到再去表里搜 + if (res_len[0] == 0) { + SearchFromTable(FieldIndex, item, res_item, res_len); + } + + return 0; +} + + +/** +* 根据计数器调整桶 +* +*/ +void AdjustBucket() +{ + string str; + // 开始往桶里面丢,桶的个数与字段个数相同,桶里面应该记录<字段值,[主码索引]> + for (size_t i = 0;i <= C_COMMENT_COUNTER;i++) { + // 如果该字段计数器中有内容,就开始构建桶 + if (ac_counter[i].size() != 0) { + for (Counter::iterator it = ac_counter[i].begin(); it != ac_counter[i].end(); it++) { + if (it->second > 0) { + int index = it->first; + switch (i) { + case C_CUSTKEY_COUNTER: customer_bucket[i][customer_items[index].CustomerKey].push_back(it->first); break; // bucketitem + case C_NAME_COUNTER: customer_bucket[i][customer_items[index].Name].push_back(it->first); break; // bucketitem + case C_ADDRESS_COUNTER: customer_bucket[i][customer_items[index].Address].push_back(it->first); break; // bucketitem + case C_NATION_COUNTER: customer_bucket[i][customer_items[index].Nation].push_back(it->first); break; // bucketitem + case C_PHONE_COUNTER: customer_bucket[i][customer_items[index].Phone].push_back(it->first); break; // bucketitem + case C_ACCTBAL_COUNTER: customer_bucket[i][customer_items[index].Acctbal].push_back(it->first); break; // bucketitem + case C_MKTSEGMENT_COUNTER: customer_bucket[i][customer_items[index].Mktsegment].push_back(it->first); break; // bucketitem + case C_COMMENT_COUNTER: customer_bucket[i][customer_items[index].Comment].push_back(it->first); break; // bucketitem + default: break; + } + } + } + } + } +} + +/** +* 查询函数 +* @param FieldList 要查询的字段名称(字段编号) +* @param field_len 要查询的字段个数 +* @param item_addr 查询关键字的地址 +* @param res_item_addr 返回结果集的地址 +* @param res_len 返回结果集合的大小 +*/ +int GetData(int32_t* FieldIndex, size_t field_len, uint64_t item_addr, uint64_t res_item_addr, size_t* res_len) +{ + // 获取查询条件指针 + CustomerItem* item = (CustomerItem*)item_addr; + + // 获取返回结果指针 + CustomerItem* res_item = (CustomerItem*)res_item_addr; + + // 开始查询 + SearchFromBucket(FieldIndex[0], item, res_item, res_len); + + // 根据查找结果更新计数器的值 + for (size_t counter_i = 0;counter_i < field_len;counter_i++) { + for (size_t i = 0;i < res_len[0];i++) { + ac_counter[FieldIndex[counter_i]][res_item->CustomerKey]++; + } + } + + // 根据计数器内容调整桶 + AdjustBucket(); + + return 0; +} + diff --git a/wallfacer2.0/secgear_da/enclave/manifest.txt b/wallfacer2.0/secgear_da/enclave/manifest.txt new file mode 100644 index 00000000..d78354e6 --- /dev/null +++ b/wallfacer2.0/secgear_da/enclave/manifest.txt @@ -0,0 +1,7 @@ +gpd.ta.appID: f68fd704-6eb1-4d14-b218-722850eb3ef0 +gpd.ta.service_name: rsa-demo +gpd.ta.singleInstance: true +gpd.ta.multiSession: false +gpd.ta.instanceKeepAlive: false +gpd.ta.dataSize: 819200 +gpd.ta.stackSize: 40960 diff --git a/wallfacer2.0/secgear_da/host/CMakeLists.txt b/wallfacer2.0/secgear_da/host/CMakeLists.txt new file mode 100644 index 00000000..299a1df7 --- /dev/null +++ b/wallfacer2.0/secgear_da/host/CMakeLists.txt @@ -0,0 +1,130 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. +# secGear is licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR +# PURPOSE. +# See the Mulan PSL v2 for more details. + +#set auto code prefix +set(PREFIX da) +#set host exec name +set(OUTPUT secgear_da) +#set host src code +set(SOURCE_FILE ${CMAKE_CURRENT_SOURCE_DIR}/main.cpp) + +#set auto code +if(CC_GP) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp) +endif() + +if(CC_SGX) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} + --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx + --search-path ${SDK_PATH}/include + --search-path ${SSL_PATH}/include) +endif() + +if(CC_PL) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/penglai) +endif() + +set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIE") +set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s") + +if(CC_GP) + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() + add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) + target_include_directories(${OUTPUT} PRIVATE + ${CMAKE_BINARY_DIR}/inc + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/gp + ${CMAKE_CURRENT_BINARY_DIR}) + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() +endif() + +if(CC_SGX) + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY} + ${SSL_PATH}/lib64 + ) + endif() + add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) + target_include_directories(${OUTPUT} PRIVATE + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/sgx + ${CMAKE_CURRENT_BINARY_DIR} + ${CURRENT_ROOT_PATH}/include/) + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${OUTPUT} PRIVATE + ${CMAKE_LIBRARY_OUTPUT_DIRECTORY} + ${SSL_PATH}/lib64 + ${CURRENT_ROOT_PATH}/include/ + ) + endif() +endif() + +if(CC_PL) + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() + add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) + target_include_directories(${OUTPUT} PRIVATE + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/penglai + ${CMAKE_CURRENT_BINARY_DIR} + ) + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() +endif() + +if(CC_SIM) + target_link_libraries(${OUTPUT} secgearsim pthread sgx_usgxssl) # 链接动态库 +else() + target_link_libraries(${OUTPUT} secgear pthread sgx_usgxssl) +endif() +set_target_properties(${OUTPUT} PROPERTIES SKIP_BUILD_RPATH TRUE) + +if(CC_GP) + #itrustee install whitelist /vender/bin/teec_hello + install(TARGETS ${OUTPUT} + RUNTIME + DESTINATION /vendor/bin/ + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ + WORLD_EXECUTE WORLD_READ) +endif() + +if(CC_SGX) + install(TARGETS ${OUTPUT} + RUNTIME + DESTINATION ${CMAKE_BINARY_DIR}/bin/ + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ + WORLD_EXECUTE WORLD_READ) +endif() + +if(CC_PL) + install(TARGETS ${OUTPUT} + RUNTIME + DESTINATION ${CMAKE_BINARY_DIR}/bin/ + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ + WORLD_EXECUTE WORLD_READ) +endif() diff --git a/wallfacer2.0/secgear_da/host/main.cpp b/wallfacer2.0/secgear_da/host/main.cpp new file mode 100644 index 00000000..08f512e5 --- /dev/null +++ b/wallfacer2.0/secgear_da/host/main.cpp @@ -0,0 +1,205 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * secGear is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + +#include +#include +#include +#include +#include + +#include "enclave.h" +#include "da_u.h" +#include "common.h" +#include "tpch.h" + +#include +using namespace std; + +// #define RSA_PUBLIC_KEY_FILE "pubkey.pem" +clock_t start, stop; // 时间参数 +unsigned long long begin2, end2, total = 0; // CPU时钟周期数 +unsigned long long begin1, end1, total1 = 0; // CPU时钟周期数 +cc_enclave_t global_eid = {}; // 全局enclave_id +cc_enclave_result_t res = CC_FAIL; // enclave状态结果 +uint8_t buf[VALUE_SIZE] = {0}; // 无符号缓冲区 +char temp[VALUE_SIZE + 1]; // 字符串缓冲区 +int retval = 0; // ecall函数返回值 + +// 数据加密后存储在非安全区中,首地址传入TEE中,无需ocall直接访问 +CustomerItem *customer_items = new CustomerItem[MAX_ITEM_NUM + 1]; + +// 测量CPU时钟周期数 +static __inline__ unsigned long long rdtsc(void) +{ + unsigned hi, lo; + __asm__ __volatile__ ("rdtsc" : "=a"(lo),"=d"(hi)); + return ( (unsigned long long)lo)|( ((unsigned long long)hi)<<32 ); +} + +// 创建enclave +int CreateEnclave() +{ + int retval = 0; + const char *path = PATH; + + + char real_p[PATH_MAX]; + /* check file exists, if not exist then use absolute path */ + if (realpath(path, real_p) == NULL) { + if (getcwd(real_p, sizeof(real_p)) == NULL) { + printf("Cannot find enclave.sign.so"); + return res; + } + if (PATH_MAX - strlen(real_p) <= strlen("/enclave.signed.so")) { + printf("Failed to strcat enclave.sign.so path"); + return res; + } + (void)strcat(real_p, "/enclave.signed.so"); + } + // 创建飞地 + res = cc_enclave_create( + real_p, + AUTO_ENCLAVE_TYPE, + 0, + SECGEAR_DEBUG_FLAG, + NULL, + 0, + &global_eid); + return res; +} +// 销毁enclave +void DestoryEnclave() +{ + int retval = 0; + res = cc_enclave_destroy(&global_eid); + if(res != CC_SUCCESS) { + printf("host destroy enclave error\n"); + } else { + printf("host destroy enclave success\n"); + } +} + +// 打印查询结果 +void print_res(CustomerItem *res_item, size_t res_len) +{ + for (size_t i = 0;i < res_len;i++) { + cout << "=========================================\n"; + cout << i + 1 << ":" << endl; + cout << "Key: " << res_item[i].CustomerKey << endl; + cout << "Name: "<< res_item[i].Name << endl; + cout << "Address: " << res_item[i].Address << endl; + cout << "Nation: " << res_item[i].Nation << endl; + cout << "Phone: " << res_item[i].Phone << endl; + cout << "MktSegment: " << res_item[i].Mktsegment << endl; + cout << "Comment: " << res_item[i].Comment << endl; + } +} + +// 生成数据 +void generate_data() +{ + // 生成测试数据 + for (int i = 0;i <= MAX_ITEM_NUM;i++) { + string temp = "hello"; + temp += to_string(rand()%10); + customer_items[i].CustomerKey = i; + customer_items[i].Nation = rand()%10 + 1; + memcpy(customer_items[i].Comment, temp.c_str(), temp.length()); + memcpy(customer_items[i].Name, temp.c_str(), temp.length()); + memcpy(customer_items[i].Address, temp.c_str(), temp.length()); + memcpy(customer_items[i].Phone, temp.c_str(), temp.length()); + memcpy(customer_items[i].Acctbal, temp.c_str(), temp.length()); + memcpy(customer_items[i].Mktsegment, temp.c_str(), temp.length()); + } +} + +// 查询数据 +void get_data(int32_t* FieldList, size_t field_len, CustomerItem* item, CustomerItem* res_item, size_t* res_len) +{ + res = GetData(&global_eid, + &retval, + FieldList, // 字段 + field_len, // 查询条件字段个数 + (uint64_t)item, // 查询条件 + (uint64_t)res_item, // 查询结果返回 + res_len // 查询结果个数 + ); + + if (res != CC_SUCCESS || retval != 0) { + cout << "Search failed\n"; + } else { + cout << "Search success\n"; + print_res(res_item, res_len[0]); + } + memset(res_len, 0, sizeof(size_t)); + +} + +// 打印测试函数(ocall-function) +void print(uint64_t c) { + std::cout << c << std::endl; +} + + +int main() +{ + // 生成数据 + generate_data(); + // 创建飞地 + if (CreateEnclave() != 0) { + std::cout << "Create enclave failed\n"; + return -1; + } + // 初始化数据 + res = InitCustomerItem(&global_eid, + &retval, + (uint64_t)customer_items, + MAX_ITEM_NUM); + if (res != CC_SUCCESS || retval != 0) { + cout << "Initiation failed\n"; + return res; + } else { + cout << "Init success\n"; + } + // 设置查询条件(测试用例) + CustomerItem* item = new CustomerItem(); // 暂存查询条件 + int32_t FieldList[32] = {0}; // 查询字段列表 + FieldList[0] = 3; // 查询字段名称 + size_t res_len[2] = {0}; // 返回结果长度 + size_t field_len = 1; // 查询字段个数 + + item->CustomerKey = 101; + memcpy(item->Name, "C_NAME", 6); + memcpy(item->Address, "hello3", 6); + item->Nation = 4; + + // 返回结果集合 + CustomerItem* res_item = new CustomerItem[MAX_BUF_SIZE]; + // 查询数据 + begin1 = rdtsc(); + get_data(FieldList, field_len, item, res_item, res_len); + end1 = rdtsc(); + + // 再次执行查询任务 + begin2 = rdtsc(); + get_data(FieldList, field_len, item, res_item, res_len); + end2 = rdtsc(); + + + cout << "第一次查询CPU cycles (get data from table): " << end1 - begin1 << endl; + cout << "第二次查询CPU cycles (get data from bucket): " << end2 - begin2 << endl; + // 销毁飞地 + DestoryEnclave(); + + + return res; +} diff --git a/wallfacer2.0/secgear_da/host/test.cpp b/wallfacer2.0/secgear_da/host/test.cpp new file mode 100644 index 00000000..3c013033 --- /dev/null +++ b/wallfacer2.0/secgear_da/host/test.cpp @@ -0,0 +1,133 @@ +#include "tpch.h" +#include +#include +#define MAX_ITEM_NUM 1000000 +using namespace std; + +static __inline__ unsigned long long rdtsc(void) +{ + unsigned hi, lo; + __asm__ __volatile__ ("rdtsc" : "=a"(lo),"=d"(hi)); + return ( (unsigned long long)lo)|( ((unsigned long long)hi)<< 32 ); +} + +int main() +{ + unsigned long long int begin, stop,total=0; + CustomerItem *items = new CustomerItem[MAX_ITEM_NUM + 1]; // ???????????????????????TEE????TEE????ocall?????? + CustomerBucket cust_bucket; // ????? + clock_t start, end; + double during = 0; + Variant var; + for (int i = 1;i <= MAX_ITEM_NUM;i++) { + items[i].CustomerKey = i; + items[i].Comment = "hello" + to_string(i); + items[i].Name = "hello" + to_string(i); + items[i].Address = "hello" + to_string(i); + items[i].Phone = "hello" + to_string(i); + items[i].Acctbal = "hello" + to_string(i); + items[i].Mktsegment = "hello" + to_string(i); + + } + // ????????? + items[1].Comment = "hello"; + items[10].Comment = "hello"; + for (int i = 500000;i <= 600000;i++) { + items[i].Comment == "hello"; + } + + Variant var1 = "hello"; + CustomerItem item = items[10]; + + // ???????????????? ?????????????????? + AccessCounter ac_counter; + // ??????????? + ac_counter[C_COMMENT_COUNTER][item.CustomerKey]++; // ?????????? + ac_counter[C_CUSTKEY_COUNTER][item.CustomerKey]++; + ac_counter[C_COMMENT_COUNTER][1] = 10; + // ??????????????????????? + + for (size_t i = 0;i < ac_counter.size(); i++) { + cout << "Field: " << FieldNameList[i] << endl; + if (ac_counter.size() != 0) { + for (Counter::iterator it = ac_counter[i].begin(); it != ac_counter[i].end(); it++) { + cout << "primary key = " << it->first << " " << "counter = " << it->second << "; "; + } + cout << "\n==============\n"; + } + } + + // ????????????????????????????????????????? + for (size_t i = 0; i <= C_COMMENT_COUNTER; i++) { + if (ac_counter[i].size()) { // ???????????????????? + for (Counter::iterator it = ac_counter[i].begin(); it != ac_counter[i].end(); it++) { + if (it->second != 0) { // ??????????????1 + int index = it->first; + switch (i) + { + case C_CUSTKEY_COUNTER: cust_bucket[i][items[index].CustomerKey].push_back(it->first); break; // bucketitem + case C_NAME_COUNTER: cust_bucket[i][items[index].Name].push_back(it->first); break; // bucketitem + case C_ADDRESS_COUNTER: cust_bucket[i][items[index].Address].push_back(it->first); break; // bucketitem + case C_NATION_COUNTER: cust_bucket[i][items[index].Nation].push_back(it->first); break; // bucketitem + case C_PHONE_COUNTER: cust_bucket[i][items[index].Phone].push_back(it->first); break; // bucketitem + case C_ACCTBAL_COUNTER: cust_bucket[i][items[index].Acctbal].push_back(it->first); break; // bucketitem + case C_MKTSEGMENT_COUNTER: cust_bucket[i][items[index].Mktsegment].push_back(it->first); break; // bucketitem + case C_COMMENT_COUNTER: cust_bucket[i][items[index].Comment].push_back(it->first); break; // bucketitem + default: break; + } + + } + } + } + } + start = clock(); + // ??bucket???? + begin = rdtsc(); + for (BucketItem::iterator it = cust_bucket[C_COMMENT_COUNTER].begin();it != cust_bucket[C_COMMENT_COUNTER].end(); it++) { + var = it->first; + int type_id = var.index(); + /* + switch (type_id) + { + case 0: int32_t va = std::get<0>(var); + case 1: string va = std::get<1>(var); + case 2: double va = std::get<2>(var) + default: break; + } + */ + // string str = std::get<1>(var); + if (var == var1) { + // cout << it->second.size() << endl; + cout << it->second.size() << " "; + for (auto ii: it->second) { + // cout << ii << " "; + } + } + } + stop = rdtsc(); + end = clock(); + during = (double)(end - start) / CLOCKS_PER_SEC; + cout << "???: " << during << endl; + cout << "CPU?????????: "<< stop - begin << endl; + + + start = clock(); + begin = rdtsc(); + vector res; + for (int i = 1;i <= MAX_ITEM_NUM;i++) { + var = items[i].Comment; + if (var == var1) { + // cout << items[i].CustomerKey << " "; + res.push_back(items[i].CustomerKey); + } + + } + cout << res.size() << " "; + stop = rdtsc(); + end = clock(); + during = (double)(end - start) / CLOCKS_PER_SEC; + cout << "???: " << during << endl; + cout << "CPU?????????" << stop - begin << endl; + + return 0; +} \ No newline at end of file diff --git a/wallfacer2.0/secgear_da/include/common.h b/wallfacer2.0/secgear_da/include/common.h new file mode 100644 index 00000000..ea54200f --- /dev/null +++ b/wallfacer2.0/secgear_da/include/common.h @@ -0,0 +1,31 @@ +#ifndef COMMON_H +#define COMMON_H + +#define VALUE_SIZE 128 +#define TEST_ITEM_SIZE 100 +using namespace std; + +// 键(存储在TEE中) +typedef struct KEY { + int key_val; // 键 + uint8_t *val_ptr; // 指针 + size_t val_size; // value长度 + size_t hash_value; // hash(这里可以选一种hash函数替换成HMAC) +} KEY; + +// 值(加密存储在REE中) +typedef struct VALUE { + uint8_t *value; + size_t val_len; +} VALUE; + +// 键值对数据 +typedef struct KV { + int32_t key_val; + uint8_t value[VALUE_SIZE]; + size_t value_len; +} KV; + + + +#endif \ No newline at end of file diff --git a/wallfacer2.0/secgear_da/include/tpch.h b/wallfacer2.0/secgear_da/include/tpch.h new file mode 100644 index 00000000..efa59800 --- /dev/null +++ b/wallfacer2.0/secgear_da/include/tpch.h @@ -0,0 +1,105 @@ +#ifndef TPCH_H +#define TPCH_H + +#include +#include +#include +#include +#include + +/* +定义长度 +*/ +#define MAX_ITEM_NUM 10000 +#define BUF_SIZE_16 16 +#define BUF_SIZE_32 32 +#define BUF_SIZE_64 64 +#define BUF_SIZE_128 128 +#define MAX_BUF_SIZE 10001 + + +using namespace std; +/* +* Customer表字段名称 +*/ +#define C_CUSTKEY_FIELD "C_CUSTKEY" +#define C_NAME_FIELD "C_NAME" +#define C_ADDRESS_FIELD "C_ADDRESS" +#define C_NATION_FIELD "C_NATION" +#define C_PHONE_FIELD "C_PHONE" +#define C_ACCTBAL_FIELD "C_ACCTBAL" +#define C_MKTSEGMENT_FIELD "C_MKTSEGMENT" +#define C_COMMENT_FIELD "C_COMMENT" + +/* +* 使用列主序存储,在相应的列查到数据之后可以通过下标索引获取其他字段数据 +*/ +enum CustomerDesc { + C_NAME = 0, + C_ADDRESS, + C_PHONE, + C_ACCTBAL, + C_MKTSEGMENT, + C_COMMENT +}; +typedef array String_32; + +/* +* 按照字段名称为计数器构建下标索引 +*/ +enum CustomerCounterIndex { + C_CUSTKEY_COUNTER = 0, + C_NAME_COUNTER, + C_ADDRESS_COUNTER, + C_NATION_COUNTER, + C_PHONE_COUNTER, + C_ACCTBAL_COUNTER, + C_MKTSEGMENT_COUNTER, + C_COMMENT_COUNTER +}; + +// 字段名称集合 +std::array FieldNameList = {"C_CUSTKEY", "C_NAME", "C_ADDRESS", "C_NATION", "C_PHONE", "C_ACCTBAL","C_MKTSEGMENT", "C_COMMENT"}; +/* +* 数据条目 +*/ +typedef struct CustomerItem { + int32_t CustomerKey; + int32_t Nation; + char Name[BUF_SIZE_16 + 1]; + char Address[BUF_SIZE_128 + 1]; + char Phone[BUF_SIZE_16 + 1]; + char Acctbal[BUF_SIZE_128 + 1]; + char Mktsegment[BUF_SIZE_128 + 1]; + char Comment[BUF_SIZE_128 + 1]; +} CustomerItem; + +// 访问频次计数器 +typedef std::map Counter; +typedef std::array AccessCounter; + +// 自定义Variant类型,包括int(0), string(1), double(2)三种变量类型 +typedef std::variant Variant; + +// 缓存桶, 用来存储<字段名称, 主键> +typedef std::map > BucketItem; +typedef std::array CustomerBucket; + +////////////////////////////////////////////////////////////////////// +// 主码属性 +typedef struct Customer { + map > CustomerKey; +} Customer; + +// 非主属性 +typedef struct CustomerField { + map > Name; + map > Address; + map > Nation; + map > Phone; + map > Acctbal; + map > Mktsegment; + map > Comment; +} CustomerField; + +#endif \ No newline at end of file -- Gitee From e053b2ceb4730a4afd3295942a8ae8244d413c1b Mon Sep 17 00:00:00 2001 From: axel Date: Sun, 28 Apr 2024 02:05:30 +0000 Subject: [PATCH 3/5] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20wall?= =?UTF-8?q?facer2.0/secgear=5Fda?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- wallfacer2.0/secgear_da/CMakeLists.txt | 44 --- wallfacer2.0/secgear_da/da.edl | 31 --- .../secgear_da/enclave/CMakeLists.txt | 234 ---------------- .../secgear_da/enclave/Enclave.config.xml | 12 - wallfacer2.0/secgear_da/enclave/Enclave.lds | 11 - .../secgear_da/enclave/config_cloud.ini | 60 ---- wallfacer2.0/secgear_da/enclave/da.cpp | 261 ------------------ wallfacer2.0/secgear_da/enclave/manifest.txt | 7 - wallfacer2.0/secgear_da/host/CMakeLists.txt | 130 --------- wallfacer2.0/secgear_da/host/main.cpp | 205 -------------- wallfacer2.0/secgear_da/host/test.cpp | 133 --------- wallfacer2.0/secgear_da/include/common.h | 31 --- wallfacer2.0/secgear_da/include/tpch.h | 105 ------- 13 files changed, 1264 deletions(-) delete mode 100644 wallfacer2.0/secgear_da/CMakeLists.txt delete mode 100644 wallfacer2.0/secgear_da/da.edl delete mode 100644 wallfacer2.0/secgear_da/enclave/CMakeLists.txt delete mode 100644 wallfacer2.0/secgear_da/enclave/Enclave.config.xml delete mode 100644 wallfacer2.0/secgear_da/enclave/Enclave.lds delete mode 100644 wallfacer2.0/secgear_da/enclave/config_cloud.ini delete mode 100644 wallfacer2.0/secgear_da/enclave/da.cpp delete mode 100644 wallfacer2.0/secgear_da/enclave/manifest.txt delete mode 100644 wallfacer2.0/secgear_da/host/CMakeLists.txt delete mode 100644 wallfacer2.0/secgear_da/host/main.cpp delete mode 100644 wallfacer2.0/secgear_da/host/test.cpp delete mode 100644 wallfacer2.0/secgear_da/include/common.h delete mode 100644 wallfacer2.0/secgear_da/include/tpch.h diff --git a/wallfacer2.0/secgear_da/CMakeLists.txt b/wallfacer2.0/secgear_da/CMakeLists.txt deleted file mode 100644 index c731a8c9..00000000 --- a/wallfacer2.0/secgear_da/CMakeLists.txt +++ /dev/null @@ -1,44 +0,0 @@ -# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. -# secGear is licensed under the Mulan PSL v2. -# You can use this software according to the terms and conditions of the Mulan PSL v2. -# You may obtain a copy of Mulan PSL v2 at: -# http://license.coscl.org.cn/MulanPSL2 -# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR -# PURPOSE. -# See the Mulan PSL v2 for more details. - -project(HelloWorld CXX) - -# set(CMAKE_C_STANDARD 99) -set(CMAKE_CXX_STANDARD 17) - - -set(CURRENT_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR}) - -#set edl name -set(EDL_FILE da.edl) -set(CODEGEN codegen) - -if(CC_GP) - set(CODETYPE trustzone) - set(UUID f68fd704-6eb1-4d14-b218-722850eb3ef0) - add_definitions(-DPATH="/data/${UUID}.sec") -endif() - -if (NOT DEFINED SSL_PATH) - set(SSL_PATH /opt/intel/sgxssl) -endif() - -if(CC_SGX) - set(CODETYPE sgx) - add_definitions(-DPATH="${CMAKE_CURRENT_BINARY_DIR}/enclave/enclave.signed.so") -endif() - -if(CC_PL) - set(CODETYPE penglai) - add_definitions(-DPATH="${CMAKE_CURRENT_SOURCE_DIR}/enclave/penglai-ELF") -endif() - -add_subdirectory(${CURRENT_ROOT_PATH}/enclave) -add_subdirectory(${CURRENT_ROOT_PATH}/host) diff --git a/wallfacer2.0/secgear_da/da.edl b/wallfacer2.0/secgear_da/da.edl deleted file mode 100644 index 5d5470ec..00000000 --- a/wallfacer2.0/secgear_da/da.edl +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. - * secGear is licensed under the Mulan PSL v2. - * You can use this software according to the terms and conditions of the Mulan PSL v2. - * You may obtain a copy of Mulan PSL v2 at: - * http://license.coscl.org.cn/MulanPSL2 - * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR - * PURPOSE. - * See the Mulan PSL v2 for more details. - */ - -enclave { - include "secgear_urts.h" - from "secgear_tstdc.edl" import *; - from "secgear_tssl.edl" import *; - from "secgear_pthread.edl" import*; - trusted { - public int get_string([out, size=32]char *buf); - - // 初始化数据表 - public int InitCustomerItem(uint64_t customer_items_addr, size_t cust_size); - - // 查询数据 - public int GetData([in, size=32]int32_t* FieldIndex, size_t field_len, uint64_t item_addr, uint64_t res_item_addr,[out,size=16]size_t* res_len); - - }; - untrusted { - void print(uint64_t c); - }; -}; diff --git a/wallfacer2.0/secgear_da/enclave/CMakeLists.txt b/wallfacer2.0/secgear_da/enclave/CMakeLists.txt deleted file mode 100644 index d5749bd6..00000000 --- a/wallfacer2.0/secgear_da/enclave/CMakeLists.txt +++ /dev/null @@ -1,234 +0,0 @@ -# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. -# secGear is licensed under the Mulan PSL v2. -# You can use this software according to the terms and conditions of the Mulan PSL v2. -# You may obtain a copy of Mulan PSL v2 at: -# http://license.coscl.org.cn/MulanPSL2 -# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR -# PURPOSE. -# See the Mulan PSL v2 for more details. - -#set auto code prefix -set(PREFIX da) - -#set sign key -set(PEM Enclave_private.pem) - -#set sign tool -set(SIGN_TOOL ${LOCAL_ROOT_PATH}/tools/sign_tool/sign_tool.sh) - -#set enclave src code -set(SOURCE_FILES ${CMAKE_CURRENT_SOURCE_DIR}/da.cpp) - -#set log level -set(PRINT_LEVEL 3) -add_definitions(-DPRINT_LEVEL=${PRINT_LEVEL}) - -if(CC_GP) - #set signed output - set(OUTPUT ${UUID}.sec) - #set whilelist. default: /vendor/bin/teec_hello - set(WHITE_LIST_0 /vendor/bin/helloworld) - set(WHITE_LIST_OWNER root) - set(WHITE_LIST_1 /vendor/bin/secgear_helloworld) - set(WHITELIST WHITE_LIST_0 WHITE_LIST_1) - - set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) - add_custom_command(OUTPUT ${AUTO_FILES} - DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} - COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp) -endif() - -if(CC_SGX) - set(OUTPUT enclave.signed.so) - set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c) - add_custom_command(OUTPUT ${AUTO_FILES} - DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} - COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SDK_PATH}/include --search-path ${SSL_PATH}/include) -endif() - -if(CC_PL) - set(OUTPUT penglai-ELF) - set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) - add_custom_command(OUTPUT ${AUTO_FILES} - DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} - COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/penglai) -endif() - -set(COMMON_C_FLAGS "-W -Wall -Werror -fno-short-enums -fno-omit-frame-pointer -fstack-protector \ - -Wstack-protector --param ssp-buffer-size=4 -frecord-gcc-switches -Wextra -nostdinc -nodefaultlibs \ - -fno-peephole -fno-peephole2 -Wno-main -Wno-error=unused-parameter \ - -Wno-error=unused-but-set-variable -Wno-error=format-truncation=") - -set(COMMON_C_LINK_FLAGS "-Wl,-z,now -Wl,-z,relro -Wl,-z,noexecstack -Wl,-nostdlib -nodefaultlibs -nostartfiles") - -if(CC_GP) - - set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -march=armv8-a ") - set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s -fPIC") - set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-s") - - set(ITRUSTEE_TEEDIR ${SDK_PATH}/) - set(ITRUSTEE_LIBC ${SDK_PATH}/thirdparty/open_source/musl/libc) - - if(${CMAKE_VERSION} VERSION_LESS "3.13.0") - link_directories(${CMAKE_BINARY_DIR}/lib/) - endif() - - add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES}) - - target_include_directories( ${PREFIX} PRIVATE - ${CMAKE_CURRENT_BINARY_DIR} - ${CMAKE_BINARY_DIR}/inc - ${LOCAL_ROOT_PATH}/inc/host_inc - ${LOCAL_ROOT_PATH}/inc/host_inc/gp - ${LOCAL_ROOT_PATH}/inc/enclave_inc - ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp - ${ITRUSTEE_TEEDIR}/include/TA - ${ITRUSTEE_TEEDIR}/include/TA/huawei_ext - ${ITRUSTEE_LIBC}/arch/aarch64 - ${ITRUSTEE_LIBC}/ - ${ITRUSTEE_LIBC}/arch/arm/bits - ${ITRUSTEE_LIBC}/arch/generic - ${ITRUSTEE_LIBC}/arch/arm - ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp/itrustee) - - if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") - target_link_directories(${PREFIX} PRIVATE - ${CMAKE_BINARY_DIR}/lib/) - endif() - - foreach(WHITE_LIST ${WHITELIST}) - add_definitions(-D${WHITE_LIST}="${${WHITE_LIST}}") - endforeach(WHITE_LIST) - add_definitions(-DWHITE_LIST_OWNER="${WHITE_LIST_OWNER}") - - target_link_libraries(${PREFIX} -lsecgear_tee) - - #for trustzone compiling, you should connact us to get config and private_key.pem for test, so we will not sign and install binary in this example # - # add_custom_command(TARGET ${PREFIX} - # POST_BUILD - # COMMAND bash ${SIGN_TOOL} -d sign -x trustzone -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -c ${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt -m ${CMAKE_CURRENT_SOURCE_DIR}/config_cloud.ini -o ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT}) - - # install(FILES ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT} - # DESTINATION /data - # PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) - -endif() - -if(CC_SGX) - set(SGX_DIR ${SDK_PATH}) - set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -m64 -fvisibility=hidden") - set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s") - set(LINK_LIBRARY_PATH ${SGX_DIR}/lib64) - - set(OPENSSL_LIBRARY_PATH ${SSL_PATH}/lib64) # openssl动态库 - - if(CC_SIM) - set(Trts_Library_Name sgx_trts_sim) - set(Service_Library_Name sgx_tservice_sim) - else() - set(Trts_Library_Name sgx_trts) - set(Service_Library_Name sgx_tservice) - endif() - - set(Crypto_Library_Name sgx_tcrypto) - - set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-z,defs -Wl,-pie -Bstatic -Bsymbolic -eenclave_entry \ - -Wl,--export-dynamic -Wl,--defsym,__ImageBase=0 -Wl,--gc-sections -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/Enclave.lds") - - if(${CMAKE_VERSION} VERSION_LESS "3.13.0") - link_directories( - ${LINK_LIBRARY_PATH} - ${OPENSSL_LIBRARY_PATH} - ) - endif() - - add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES}) - - target_include_directories(${PREFIX} PRIVATE - ${CMAKE_CURRENT_BINARY_DIR} - ${SGX_DIR}/include/tlibc - ${SGX_DIR}/include/libcxx - ${SGX_DIR}/include - ${LOCAL_ROOT_PATH}/inc/host_inc - ${LOCAL_ROOT_PATH}/inc/host_inc/sgx - ${SSL_PATH}/include #openssl静态库 - ${CURRENT_ROOT_PATH}/include - ) - - if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") - target_link_directories(${PREFIX} PRIVATE - ${LINK_LIBRARY_PATH} - ${OPENSSL_LIBRARY_PATH} - ${CURRENT_ROOT_PATH}/include - ) - endif() - - target_link_libraries(${PREFIX} -Wl,--whole-archive ${Trts_Library_Name} -lsgx_tsgxssl -Wl,--no-whole-archive - -Wl,--start-group - -lsgx_tstdc -lsgx_tcxx -lsgx_tsgxssl -lsgx_tsgxssl_crypto -lsgx_usgxssl - -lsgx_tcrypto -lsgx_pthread - -l${Crypto_Library_Name} -l${Service_Library_Name} - -Wl,--end-group) - add_custom_command(TARGET ${PREFIX} - POST_BUILD - COMMAND umask 0177 - COMMAND openssl genrsa -3 -out ${PEM} 3072 - COMMAND bash ${SIGN_TOOL} -d sign -x sgx -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -k ${PEM} -o ${OUTPUT} -c ${CMAKE_CURRENT_SOURCE_DIR}/Enclave.config.xml) -endif() - -if(NOT DEFINED CC_PL) - set_target_properties(${PREFIX} PROPERTIES SKIP_BUILD_RPATH TRUE) -endif() - -if(CC_PL) - set(SDK_LIB_DIR ${SDK_PATH}/lib) - set(SDK_INCLUDE_DIR ${SDK_LIB_DIR}/app/include) - set(SDK_APP_LIB ${SDK_LIB_DIR}/libpenglai-enclave-eapp.a) - set(MUSL_LIB_DIR ${SDK_PATH}/musl/lib) - set(MUSL_LIBC ${MUSL_LIB_DIR}/libc.a) - set(GCC_LIB ${SDK_LIB_DIR}/libgcc.a) - set(SECGEAR_TEE_LIB ${CMAKE_BINARY_DIR}/lib/libsecgear_tee.a) - - set(SOURCE_C_OBJS "") - foreach(SOURCE_FILE ${SOURCE_FILES}) - STRING(REGEX REPLACE ".+/(.+)\\..*" "\\1" SOURCE_FILE_NAME ${SOURCE_FILE}) - set(SOURCE_OBJ ${CMAKE_CURRENT_BINARY_DIR}/${SOURCE_FILE_NAME}.o) - add_custom_command( - OUTPUT ${SOURCE_OBJ} - DEPENDS ${SOURCE_FILES} - COMMAND gcc -Wall -I${SDK_INCLUDE_DIR} -I${CMAKE_CURRENT_BINARY_DIR} -I${CMAKE_BINARY_DIR}/inc - -I${LOCAL_ROOT_PATH}/inc/host_inc -I${LOCAL_ROOT_PATH}/inc/host_inc/penglai -I${LOCAL_ROOT_PATH}/inc/enclave_inc - -I${LOCAL_ROOT_PATH}/inc/enclave_inc/penglai -c -o ${SOURCE_OBJ} ${SOURCE_FILE} - COMMENT "generate SOURCE_OBJ" - ) - list(APPEND SOURCE_C_OBJS ${SOURCE_OBJ}) - endforeach() - - set(APP_C_OBJ ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.o) - add_custom_command( - OUTPUT ${APP_C_OBJ} - DEPENDS ${AUTO_FILES} - COMMAND gcc -Wall -I${SDK_INCLUDE_DIR} -I${CMAKE_CURRENT_BINARY_DIR} -I${CMAKE_BINARY_DIR}/inc - -I${LOCAL_ROOT_PATH}/inc/host_inc -I${LOCAL_ROOT_PATH}/inc/host_inc/penglai -I${LOCAL_ROOT_PATH}/inc/enclave_inc - -I${LOCAL_ROOT_PATH}/inc/enclave_inc/penglai -c -o ${APP_C_OBJ} ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c - COMMENT "generate APP_C_OBJ" - ) - - add_custom_command( - OUTPUT ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} - DEPENDS ${APP_C_OBJ} ${SOURCE_C_OBJS} ${SDK_APP_LIB} ${MUSL_LIBC} ${GCC_LIB} - COMMAND ld -static -L${SDK_LIB_DIR} -L${MUSL_LIB_DIR} -L/usr/lib64 -lpenglai-enclave-eapp -lsecgear_tee -lc - -o ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} ${APP_C_OBJ} ${SOURCE_C_OBJS} ${SDK_APP_LIB} ${SECGEAR_TEE_LIB} - ${MUSL_LIBC} ${GCC_LIB} -T ${SDK_PATH}/app.lds - COMMAND chmod -x ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} - COMMENT "generate penglai-ELF" - ) - add_custom_target( - ${OUTPUT} ALL - DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} - COMMENT "makefile target penglai-ELF" - ) - -endif() diff --git a/wallfacer2.0/secgear_da/enclave/Enclave.config.xml b/wallfacer2.0/secgear_da/enclave/Enclave.config.xml deleted file mode 100644 index eec08410..00000000 --- a/wallfacer2.0/secgear_da/enclave/Enclave.config.xml +++ /dev/null @@ -1,12 +0,0 @@ - - 0 - 0 - 0x400000 - 0x1000000 - 10 - 1 - - 0 - 0 - 0xFFFFFFFF - diff --git a/wallfacer2.0/secgear_da/enclave/Enclave.lds b/wallfacer2.0/secgear_da/enclave/Enclave.lds deleted file mode 100644 index ab77e647..00000000 --- a/wallfacer2.0/secgear_da/enclave/Enclave.lds +++ /dev/null @@ -1,11 +0,0 @@ -enclave.so -{ - global: - g_global_data_sim; - g_global_data; - enclave_entry; - g_peak_heap_used; - local: - *; -}; - diff --git a/wallfacer2.0/secgear_da/enclave/config_cloud.ini b/wallfacer2.0/secgear_da/enclave/config_cloud.ini deleted file mode 100644 index 8c70225e..00000000 --- a/wallfacer2.0/secgear_da/enclave/config_cloud.ini +++ /dev/null @@ -1,60 +0,0 @@ -[signSecPrivateCfg] -;;; -;private key length for signing TA: -;[fixed value] -;256 ECDSA Alg -;2048/4096 RSA Alg -secSignKeyLen = 4096 -;;; -;[fixed value] -;0 means SHA256 hash type -;1 means SHA512 hash type -secHashType = 0 -;;; -; [fixed value] -;0 means padding type is pkcs1v15 -;1 means padding type is PSS -;[fixed value] -secPaddingType = 1 -;;; -;[fixed value] -;RSA alg -;ECDSA alg -;SM2 alg -secSignAlg = RSA -;;; -;public key for encrypt TA -secEncryptKey = rsa_public_key_cloud.pem -;;; -;public key length -secEncryptKeyLen = 3072 - -[signSecPublicCfg] -;;; -;[fixed value] -; sec sign key type -;0 means debug -;1 means release -secReleaseType = 1 -;;; -;0 means TA not installed by OTRP -;1 means TA installed by OTRP -secOtrpFlag = 0 -;;; -;0 means not sign -;1 means signed by local private -;2 means signed using native sign tool; -;3 means signed by CI -;[fixed value] -secSignType = 1 -;;; -;server address for signing TA -secSignServerIp = -;;; -;private key for signing TA -;[private key owned by yourself] -secSignKey = /home/TA_cert/private_key.pem -;;; -;config file -;[signed config file by Huawei] -configPath = /home/TA_cert/secgear-app1/config diff --git a/wallfacer2.0/secgear_da/enclave/da.cpp b/wallfacer2.0/secgear_da/enclave/da.cpp deleted file mode 100644 index 13cdbf85..00000000 --- a/wallfacer2.0/secgear_da/enclave/da.cpp +++ /dev/null @@ -1,261 +0,0 @@ -/* - * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. - * secGear is licensed under the Mulan PSL v2. - * You can use this software according to the terms and conditions of the Mulan PSL v2. - * You may obtain a copy of Mulan PSL v2 at: - * http://license.coscl.org.cn/MulanPSL2 - * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR - * PURPOSE. - * See the Mulan PSL v2 for more details. - */ - - -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include - -#include "common.h" -#include "tpch.h" - -#include "da_t.h" -using namespace std; - -#define TA_HELLO_WORLD "secgear hello world!" -#define BUF_MAX 32 - -const uint8_t userkey[16] = { // AES密钥生成参数 - '1', '2', '3', '4', - '5', '6', '7', '8', - '9', '0', '1', '2', - '3', '4', '5', '6' -}; -// 分组加密 -uint8_t aes_in[16] = {0}, aes_out[16] = {0}; - -// 加解密秘钥 -AES_KEY encrypt_key, decrypt_key; - -// 相关数据结构定义 -CustomerItem* customer_items; // 数据指针 -size_t customer_items_size = 0; -CustomerBucket customer_bucket; // 缓存桶 -AccessCounter ac_counter; // 访问频次计数器 - - -int get_string(char *buf) -{ - strncpy(buf, TA_HELLO_WORLD, strlen(TA_HELLO_WORLD) + 1); - return 0; -} - - -// 加密 -void AES_Encrypt(KEY &Key) -{ - uint8_t *value = (uint8_t *)Key.val_ptr; // 获取value值 - AES_set_encrypt_key(userkey, 128, &encrypt_key); // 生成128bit加密秘钥 - for (size_t i = 0;i < Key.val_size;i+=16) { - memcpy(aes_in, value+i, 16); // 取16字节 - AES_ecb_encrypt(aes_in, aes_out, &encrypt_key, AES_ENCRYPT); // 加密 - memcpy(value+i, aes_out, 16); // 拷贝回去 - } -} -// 解密 -void AES_Decrypt(KEY Key, uint8_t *buf) -{ - uint8_t *value = (uint8_t *)Key.val_ptr; - AES_set_decrypt_key(userkey, 128, &decrypt_key); // 生成128bit解密密钥 - for (size_t i = 0;i < Key.val_size;i+=16) { - memcpy(aes_in, value+i,16); // 取16字节 - AES_ecb_encrypt(aes_in, aes_out, &decrypt_key, AES_DECRYPT); // 解密 - memcpy(buf+i, aes_out, 16); // 拷贝到buf - } -} -// char* 转string -string toString(char* arr) -{ - string str = string(arr); - return str; -} - -/** -* 初始化函数 -* @param customer_items_addr customer表在不可信内存中的地址 -* @param item_num customer表的大小 -*/ -int InitCustomerItem(uint64_t customer_items_addr, size_t cust_size) -{ - - customer_items = (CustomerItem*)customer_items_addr; - customer_items_size = cust_size; - return 0; -} - -/** -* 从表中搜索数据 -* @param FieldIndex 查找字段 -* @param item 查找条件 -* @param res_item 结果集合 -* @param res_len 返回结果长度 -*/ -int SearchFromTable(int FieldIndex, CustomerItem* item, CustomerItem* res_item, size_t* res_len) -{ - Variant var_tar, var_src; - int type_id; - switch(FieldIndex) { - case C_CUSTKEY_COUNTER: var_tar = item->CustomerKey; break; - case C_NAME_COUNTER: var_tar = toString(item->Name); break; - case C_ADDRESS_COUNTER: var_tar = toString(item->Address); break; - case C_NATION_COUNTER: var_tar = item->Nation; break; - case C_PHONE_COUNTER: var_tar = toString(item->Phone); break; - case C_ACCTBAL_COUNTER: var_tar = toString(item->Mktsegment); break; - case C_COMMENT_COUNTER: var_tar = toString(item->Comment); break; - default: break; - - } - type_id = var_tar.index(); - // 查找 - for (size_t i = 0;i < customer_items_size;i++) { - switch (FieldIndex) { - case C_CUSTKEY_COUNTER: var_src = customer_items[i].CustomerKey; break; - case C_NAME_COUNTER: var_src = customer_items[i].Name; break; - case C_ADDRESS_COUNTER: var_src = customer_items[i].Address; break; - case C_NATION_COUNTER: var_src = customer_items[i].Nation; break; - case C_PHONE_COUNTER: var_src = customer_items[i].Phone; break; - case C_ACCTBAL_COUNTER: var_src = customer_items[i].Acctbal; break; - case C_COMMENT_COUNTER: var_src = customer_items[i].Comment; break; - default: break; - } - if (var_src == var_tar) { - print(1); - memcpy(&res_item[res_len[0]++], &customer_items[i], sizeof(CustomerItem)); - } - } - return 0; -} - - -/** -* 从桶中搜索数据 -* @param FieldIndex 查找字段 -* @param item 查找条件 -* @param res_item 结果集合 -* @param res_len 返回结果长度 -*/ -int SearchFromBucket(int FieldIndex, CustomerItem* item, CustomerItem* res_item, size_t* res_len) -{ - Variant var_tar, var_src; // 比较变量 - int type_id; // 数据类型 - - switch(FieldIndex) { - case C_CUSTKEY_COUNTER: var_tar = item->CustomerKey; break; - case C_NAME_COUNTER: var_tar = toString(item->Name); break; - case C_ADDRESS_COUNTER: var_tar = toString(item->Address); break; - case C_NATION_COUNTER: var_tar = item->Nation; break; - case C_PHONE_COUNTER: var_tar = toString(item->Phone); break; - case C_ACCTBAL_COUNTER: var_tar = toString(item->Mktsegment); break; - case C_COMMENT_COUNTER: var_tar = toString(item->Comment); break; - default: break; - } - type_id = var_tar.index(); - - // 先在桶里找 - for (BucketItem::iterator it = customer_bucket[FieldIndex].begin();it != customer_bucket[FieldIndex].end(); it++) { - var_src = it->first; - // 如果相等 - if (var_tar == var_src) { - print(12580); - res_len[0] = it->second.size(); - for (int i = 0;i < it->second.size();i++) { - memcpy(&res_item[it->second[i]], &customer_items[it->second[i]], sizeof(CustomerItem)); - } - - } - } - // 找不到再去表里搜 - if (res_len[0] == 0) { - SearchFromTable(FieldIndex, item, res_item, res_len); - } - - return 0; -} - - -/** -* 根据计数器调整桶 -* -*/ -void AdjustBucket() -{ - string str; - // 开始往桶里面丢,桶的个数与字段个数相同,桶里面应该记录<字段值,[主码索引]> - for (size_t i = 0;i <= C_COMMENT_COUNTER;i++) { - // 如果该字段计数器中有内容,就开始构建桶 - if (ac_counter[i].size() != 0) { - for (Counter::iterator it = ac_counter[i].begin(); it != ac_counter[i].end(); it++) { - if (it->second > 0) { - int index = it->first; - switch (i) { - case C_CUSTKEY_COUNTER: customer_bucket[i][customer_items[index].CustomerKey].push_back(it->first); break; // bucketitem - case C_NAME_COUNTER: customer_bucket[i][customer_items[index].Name].push_back(it->first); break; // bucketitem - case C_ADDRESS_COUNTER: customer_bucket[i][customer_items[index].Address].push_back(it->first); break; // bucketitem - case C_NATION_COUNTER: customer_bucket[i][customer_items[index].Nation].push_back(it->first); break; // bucketitem - case C_PHONE_COUNTER: customer_bucket[i][customer_items[index].Phone].push_back(it->first); break; // bucketitem - case C_ACCTBAL_COUNTER: customer_bucket[i][customer_items[index].Acctbal].push_back(it->first); break; // bucketitem - case C_MKTSEGMENT_COUNTER: customer_bucket[i][customer_items[index].Mktsegment].push_back(it->first); break; // bucketitem - case C_COMMENT_COUNTER: customer_bucket[i][customer_items[index].Comment].push_back(it->first); break; // bucketitem - default: break; - } - } - } - } - } -} - -/** -* 查询函数 -* @param FieldList 要查询的字段名称(字段编号) -* @param field_len 要查询的字段个数 -* @param item_addr 查询关键字的地址 -* @param res_item_addr 返回结果集的地址 -* @param res_len 返回结果集合的大小 -*/ -int GetData(int32_t* FieldIndex, size_t field_len, uint64_t item_addr, uint64_t res_item_addr, size_t* res_len) -{ - // 获取查询条件指针 - CustomerItem* item = (CustomerItem*)item_addr; - - // 获取返回结果指针 - CustomerItem* res_item = (CustomerItem*)res_item_addr; - - // 开始查询 - SearchFromBucket(FieldIndex[0], item, res_item, res_len); - - // 根据查找结果更新计数器的值 - for (size_t counter_i = 0;counter_i < field_len;counter_i++) { - for (size_t i = 0;i < res_len[0];i++) { - ac_counter[FieldIndex[counter_i]][res_item->CustomerKey]++; - } - } - - // 根据计数器内容调整桶 - AdjustBucket(); - - return 0; -} - diff --git a/wallfacer2.0/secgear_da/enclave/manifest.txt b/wallfacer2.0/secgear_da/enclave/manifest.txt deleted file mode 100644 index d78354e6..00000000 --- a/wallfacer2.0/secgear_da/enclave/manifest.txt +++ /dev/null @@ -1,7 +0,0 @@ -gpd.ta.appID: f68fd704-6eb1-4d14-b218-722850eb3ef0 -gpd.ta.service_name: rsa-demo -gpd.ta.singleInstance: true -gpd.ta.multiSession: false -gpd.ta.instanceKeepAlive: false -gpd.ta.dataSize: 819200 -gpd.ta.stackSize: 40960 diff --git a/wallfacer2.0/secgear_da/host/CMakeLists.txt b/wallfacer2.0/secgear_da/host/CMakeLists.txt deleted file mode 100644 index 299a1df7..00000000 --- a/wallfacer2.0/secgear_da/host/CMakeLists.txt +++ /dev/null @@ -1,130 +0,0 @@ -# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. -# secGear is licensed under the Mulan PSL v2. -# You can use this software according to the terms and conditions of the Mulan PSL v2. -# You may obtain a copy of Mulan PSL v2 at: -# http://license.coscl.org.cn/MulanPSL2 -# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR -# PURPOSE. -# See the Mulan PSL v2 for more details. - -#set auto code prefix -set(PREFIX da) -#set host exec name -set(OUTPUT secgear_da) -#set host src code -set(SOURCE_FILE ${CMAKE_CURRENT_SOURCE_DIR}/main.cpp) - -#set auto code -if(CC_GP) - set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) - add_custom_command(OUTPUT ${AUTO_FILES} - DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} - COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp) -endif() - -if(CC_SGX) - set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c) - add_custom_command(OUTPUT ${AUTO_FILES} - DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} - COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} - --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx - --search-path ${SDK_PATH}/include - --search-path ${SSL_PATH}/include) -endif() - -if(CC_PL) - set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c) - add_custom_command(OUTPUT ${AUTO_FILES} - DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} - COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/penglai) -endif() - -set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIE") -set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s") - -if(CC_GP) - if(${CMAKE_VERSION} VERSION_LESS "3.13.0") - link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) - endif() - add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) - target_include_directories(${OUTPUT} PRIVATE - ${CMAKE_BINARY_DIR}/inc - ${LOCAL_ROOT_PATH}/inc/host_inc - ${LOCAL_ROOT_PATH}/inc/host_inc/gp - ${CMAKE_CURRENT_BINARY_DIR}) - if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") - target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) - endif() -endif() - -if(CC_SGX) - if(${CMAKE_VERSION} VERSION_LESS "3.13.0") - link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY} - ${SSL_PATH}/lib64 - ) - endif() - add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) - target_include_directories(${OUTPUT} PRIVATE - ${LOCAL_ROOT_PATH}/inc/host_inc - ${LOCAL_ROOT_PATH}/inc/host_inc/sgx - ${CMAKE_CURRENT_BINARY_DIR} - ${CURRENT_ROOT_PATH}/include/) - if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") - target_link_directories(${OUTPUT} PRIVATE - ${CMAKE_LIBRARY_OUTPUT_DIRECTORY} - ${SSL_PATH}/lib64 - ${CURRENT_ROOT_PATH}/include/ - ) - endif() -endif() - -if(CC_PL) - if(${CMAKE_VERSION} VERSION_LESS "3.13.0") - link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) - endif() - add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) - target_include_directories(${OUTPUT} PRIVATE - ${LOCAL_ROOT_PATH}/inc/host_inc - ${LOCAL_ROOT_PATH}/inc/host_inc/penglai - ${CMAKE_CURRENT_BINARY_DIR} - ) - if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") - target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) - endif() -endif() - -if(CC_SIM) - target_link_libraries(${OUTPUT} secgearsim pthread sgx_usgxssl) # 链接动态库 -else() - target_link_libraries(${OUTPUT} secgear pthread sgx_usgxssl) -endif() -set_target_properties(${OUTPUT} PROPERTIES SKIP_BUILD_RPATH TRUE) - -if(CC_GP) - #itrustee install whitelist /vender/bin/teec_hello - install(TARGETS ${OUTPUT} - RUNTIME - DESTINATION /vendor/bin/ - PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ - GROUP_EXECUTE GROUP_READ - WORLD_EXECUTE WORLD_READ) -endif() - -if(CC_SGX) - install(TARGETS ${OUTPUT} - RUNTIME - DESTINATION ${CMAKE_BINARY_DIR}/bin/ - PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ - GROUP_EXECUTE GROUP_READ - WORLD_EXECUTE WORLD_READ) -endif() - -if(CC_PL) - install(TARGETS ${OUTPUT} - RUNTIME - DESTINATION ${CMAKE_BINARY_DIR}/bin/ - PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ - GROUP_EXECUTE GROUP_READ - WORLD_EXECUTE WORLD_READ) -endif() diff --git a/wallfacer2.0/secgear_da/host/main.cpp b/wallfacer2.0/secgear_da/host/main.cpp deleted file mode 100644 index 08f512e5..00000000 --- a/wallfacer2.0/secgear_da/host/main.cpp +++ /dev/null @@ -1,205 +0,0 @@ -/* - * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. - * secGear is licensed under the Mulan PSL v2. - * You can use this software according to the terms and conditions of the Mulan PSL v2. - * You may obtain a copy of Mulan PSL v2 at: - * http://license.coscl.org.cn/MulanPSL2 - * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR - * PURPOSE. - * See the Mulan PSL v2 for more details. - */ - -#include -#include -#include -#include -#include - -#include "enclave.h" -#include "da_u.h" -#include "common.h" -#include "tpch.h" - -#include -using namespace std; - -// #define RSA_PUBLIC_KEY_FILE "pubkey.pem" -clock_t start, stop; // 时间参数 -unsigned long long begin2, end2, total = 0; // CPU时钟周期数 -unsigned long long begin1, end1, total1 = 0; // CPU时钟周期数 -cc_enclave_t global_eid = {}; // 全局enclave_id -cc_enclave_result_t res = CC_FAIL; // enclave状态结果 -uint8_t buf[VALUE_SIZE] = {0}; // 无符号缓冲区 -char temp[VALUE_SIZE + 1]; // 字符串缓冲区 -int retval = 0; // ecall函数返回值 - -// 数据加密后存储在非安全区中,首地址传入TEE中,无需ocall直接访问 -CustomerItem *customer_items = new CustomerItem[MAX_ITEM_NUM + 1]; - -// 测量CPU时钟周期数 -static __inline__ unsigned long long rdtsc(void) -{ - unsigned hi, lo; - __asm__ __volatile__ ("rdtsc" : "=a"(lo),"=d"(hi)); - return ( (unsigned long long)lo)|( ((unsigned long long)hi)<<32 ); -} - -// 创建enclave -int CreateEnclave() -{ - int retval = 0; - const char *path = PATH; - - - char real_p[PATH_MAX]; - /* check file exists, if not exist then use absolute path */ - if (realpath(path, real_p) == NULL) { - if (getcwd(real_p, sizeof(real_p)) == NULL) { - printf("Cannot find enclave.sign.so"); - return res; - } - if (PATH_MAX - strlen(real_p) <= strlen("/enclave.signed.so")) { - printf("Failed to strcat enclave.sign.so path"); - return res; - } - (void)strcat(real_p, "/enclave.signed.so"); - } - // 创建飞地 - res = cc_enclave_create( - real_p, - AUTO_ENCLAVE_TYPE, - 0, - SECGEAR_DEBUG_FLAG, - NULL, - 0, - &global_eid); - return res; -} -// 销毁enclave -void DestoryEnclave() -{ - int retval = 0; - res = cc_enclave_destroy(&global_eid); - if(res != CC_SUCCESS) { - printf("host destroy enclave error\n"); - } else { - printf("host destroy enclave success\n"); - } -} - -// 打印查询结果 -void print_res(CustomerItem *res_item, size_t res_len) -{ - for (size_t i = 0;i < res_len;i++) { - cout << "=========================================\n"; - cout << i + 1 << ":" << endl; - cout << "Key: " << res_item[i].CustomerKey << endl; - cout << "Name: "<< res_item[i].Name << endl; - cout << "Address: " << res_item[i].Address << endl; - cout << "Nation: " << res_item[i].Nation << endl; - cout << "Phone: " << res_item[i].Phone << endl; - cout << "MktSegment: " << res_item[i].Mktsegment << endl; - cout << "Comment: " << res_item[i].Comment << endl; - } -} - -// 生成数据 -void generate_data() -{ - // 生成测试数据 - for (int i = 0;i <= MAX_ITEM_NUM;i++) { - string temp = "hello"; - temp += to_string(rand()%10); - customer_items[i].CustomerKey = i; - customer_items[i].Nation = rand()%10 + 1; - memcpy(customer_items[i].Comment, temp.c_str(), temp.length()); - memcpy(customer_items[i].Name, temp.c_str(), temp.length()); - memcpy(customer_items[i].Address, temp.c_str(), temp.length()); - memcpy(customer_items[i].Phone, temp.c_str(), temp.length()); - memcpy(customer_items[i].Acctbal, temp.c_str(), temp.length()); - memcpy(customer_items[i].Mktsegment, temp.c_str(), temp.length()); - } -} - -// 查询数据 -void get_data(int32_t* FieldList, size_t field_len, CustomerItem* item, CustomerItem* res_item, size_t* res_len) -{ - res = GetData(&global_eid, - &retval, - FieldList, // 字段 - field_len, // 查询条件字段个数 - (uint64_t)item, // 查询条件 - (uint64_t)res_item, // 查询结果返回 - res_len // 查询结果个数 - ); - - if (res != CC_SUCCESS || retval != 0) { - cout << "Search failed\n"; - } else { - cout << "Search success\n"; - print_res(res_item, res_len[0]); - } - memset(res_len, 0, sizeof(size_t)); - -} - -// 打印测试函数(ocall-function) -void print(uint64_t c) { - std::cout << c << std::endl; -} - - -int main() -{ - // 生成数据 - generate_data(); - // 创建飞地 - if (CreateEnclave() != 0) { - std::cout << "Create enclave failed\n"; - return -1; - } - // 初始化数据 - res = InitCustomerItem(&global_eid, - &retval, - (uint64_t)customer_items, - MAX_ITEM_NUM); - if (res != CC_SUCCESS || retval != 0) { - cout << "Initiation failed\n"; - return res; - } else { - cout << "Init success\n"; - } - // 设置查询条件(测试用例) - CustomerItem* item = new CustomerItem(); // 暂存查询条件 - int32_t FieldList[32] = {0}; // 查询字段列表 - FieldList[0] = 3; // 查询字段名称 - size_t res_len[2] = {0}; // 返回结果长度 - size_t field_len = 1; // 查询字段个数 - - item->CustomerKey = 101; - memcpy(item->Name, "C_NAME", 6); - memcpy(item->Address, "hello3", 6); - item->Nation = 4; - - // 返回结果集合 - CustomerItem* res_item = new CustomerItem[MAX_BUF_SIZE]; - // 查询数据 - begin1 = rdtsc(); - get_data(FieldList, field_len, item, res_item, res_len); - end1 = rdtsc(); - - // 再次执行查询任务 - begin2 = rdtsc(); - get_data(FieldList, field_len, item, res_item, res_len); - end2 = rdtsc(); - - - cout << "第一次查询CPU cycles (get data from table): " << end1 - begin1 << endl; - cout << "第二次查询CPU cycles (get data from bucket): " << end2 - begin2 << endl; - // 销毁飞地 - DestoryEnclave(); - - - return res; -} diff --git a/wallfacer2.0/secgear_da/host/test.cpp b/wallfacer2.0/secgear_da/host/test.cpp deleted file mode 100644 index 3c013033..00000000 --- a/wallfacer2.0/secgear_da/host/test.cpp +++ /dev/null @@ -1,133 +0,0 @@ -#include "tpch.h" -#include -#include -#define MAX_ITEM_NUM 1000000 -using namespace std; - -static __inline__ unsigned long long rdtsc(void) -{ - unsigned hi, lo; - __asm__ __volatile__ ("rdtsc" : "=a"(lo),"=d"(hi)); - return ( (unsigned long long)lo)|( ((unsigned long long)hi)<< 32 ); -} - -int main() -{ - unsigned long long int begin, stop,total=0; - CustomerItem *items = new CustomerItem[MAX_ITEM_NUM + 1]; // ???????????????????????TEE????TEE????ocall?????? - CustomerBucket cust_bucket; // ????? - clock_t start, end; - double during = 0; - Variant var; - for (int i = 1;i <= MAX_ITEM_NUM;i++) { - items[i].CustomerKey = i; - items[i].Comment = "hello" + to_string(i); - items[i].Name = "hello" + to_string(i); - items[i].Address = "hello" + to_string(i); - items[i].Phone = "hello" + to_string(i); - items[i].Acctbal = "hello" + to_string(i); - items[i].Mktsegment = "hello" + to_string(i); - - } - // ????????? - items[1].Comment = "hello"; - items[10].Comment = "hello"; - for (int i = 500000;i <= 600000;i++) { - items[i].Comment == "hello"; - } - - Variant var1 = "hello"; - CustomerItem item = items[10]; - - // ???????????????? ?????????????????? - AccessCounter ac_counter; - // ??????????? - ac_counter[C_COMMENT_COUNTER][item.CustomerKey]++; // ?????????? - ac_counter[C_CUSTKEY_COUNTER][item.CustomerKey]++; - ac_counter[C_COMMENT_COUNTER][1] = 10; - // ??????????????????????? - - for (size_t i = 0;i < ac_counter.size(); i++) { - cout << "Field: " << FieldNameList[i] << endl; - if (ac_counter.size() != 0) { - for (Counter::iterator it = ac_counter[i].begin(); it != ac_counter[i].end(); it++) { - cout << "primary key = " << it->first << " " << "counter = " << it->second << "; "; - } - cout << "\n==============\n"; - } - } - - // ????????????????????????????????????????? - for (size_t i = 0; i <= C_COMMENT_COUNTER; i++) { - if (ac_counter[i].size()) { // ???????????????????? - for (Counter::iterator it = ac_counter[i].begin(); it != ac_counter[i].end(); it++) { - if (it->second != 0) { // ??????????????1 - int index = it->first; - switch (i) - { - case C_CUSTKEY_COUNTER: cust_bucket[i][items[index].CustomerKey].push_back(it->first); break; // bucketitem - case C_NAME_COUNTER: cust_bucket[i][items[index].Name].push_back(it->first); break; // bucketitem - case C_ADDRESS_COUNTER: cust_bucket[i][items[index].Address].push_back(it->first); break; // bucketitem - case C_NATION_COUNTER: cust_bucket[i][items[index].Nation].push_back(it->first); break; // bucketitem - case C_PHONE_COUNTER: cust_bucket[i][items[index].Phone].push_back(it->first); break; // bucketitem - case C_ACCTBAL_COUNTER: cust_bucket[i][items[index].Acctbal].push_back(it->first); break; // bucketitem - case C_MKTSEGMENT_COUNTER: cust_bucket[i][items[index].Mktsegment].push_back(it->first); break; // bucketitem - case C_COMMENT_COUNTER: cust_bucket[i][items[index].Comment].push_back(it->first); break; // bucketitem - default: break; - } - - } - } - } - } - start = clock(); - // ??bucket???? - begin = rdtsc(); - for (BucketItem::iterator it = cust_bucket[C_COMMENT_COUNTER].begin();it != cust_bucket[C_COMMENT_COUNTER].end(); it++) { - var = it->first; - int type_id = var.index(); - /* - switch (type_id) - { - case 0: int32_t va = std::get<0>(var); - case 1: string va = std::get<1>(var); - case 2: double va = std::get<2>(var) - default: break; - } - */ - // string str = std::get<1>(var); - if (var == var1) { - // cout << it->second.size() << endl; - cout << it->second.size() << " "; - for (auto ii: it->second) { - // cout << ii << " "; - } - } - } - stop = rdtsc(); - end = clock(); - during = (double)(end - start) / CLOCKS_PER_SEC; - cout << "???: " << during << endl; - cout << "CPU?????????: "<< stop - begin << endl; - - - start = clock(); - begin = rdtsc(); - vector res; - for (int i = 1;i <= MAX_ITEM_NUM;i++) { - var = items[i].Comment; - if (var == var1) { - // cout << items[i].CustomerKey << " "; - res.push_back(items[i].CustomerKey); - } - - } - cout << res.size() << " "; - stop = rdtsc(); - end = clock(); - during = (double)(end - start) / CLOCKS_PER_SEC; - cout << "???: " << during << endl; - cout << "CPU?????????" << stop - begin << endl; - - return 0; -} \ No newline at end of file diff --git a/wallfacer2.0/secgear_da/include/common.h b/wallfacer2.0/secgear_da/include/common.h deleted file mode 100644 index ea54200f..00000000 --- a/wallfacer2.0/secgear_da/include/common.h +++ /dev/null @@ -1,31 +0,0 @@ -#ifndef COMMON_H -#define COMMON_H - -#define VALUE_SIZE 128 -#define TEST_ITEM_SIZE 100 -using namespace std; - -// 键(存储在TEE中) -typedef struct KEY { - int key_val; // 键 - uint8_t *val_ptr; // 指针 - size_t val_size; // value长度 - size_t hash_value; // hash(这里可以选一种hash函数替换成HMAC) -} KEY; - -// 值(加密存储在REE中) -typedef struct VALUE { - uint8_t *value; - size_t val_len; -} VALUE; - -// 键值对数据 -typedef struct KV { - int32_t key_val; - uint8_t value[VALUE_SIZE]; - size_t value_len; -} KV; - - - -#endif \ No newline at end of file diff --git a/wallfacer2.0/secgear_da/include/tpch.h b/wallfacer2.0/secgear_da/include/tpch.h deleted file mode 100644 index efa59800..00000000 --- a/wallfacer2.0/secgear_da/include/tpch.h +++ /dev/null @@ -1,105 +0,0 @@ -#ifndef TPCH_H -#define TPCH_H - -#include -#include -#include -#include -#include - -/* -定义长度 -*/ -#define MAX_ITEM_NUM 10000 -#define BUF_SIZE_16 16 -#define BUF_SIZE_32 32 -#define BUF_SIZE_64 64 -#define BUF_SIZE_128 128 -#define MAX_BUF_SIZE 10001 - - -using namespace std; -/* -* Customer表字段名称 -*/ -#define C_CUSTKEY_FIELD "C_CUSTKEY" -#define C_NAME_FIELD "C_NAME" -#define C_ADDRESS_FIELD "C_ADDRESS" -#define C_NATION_FIELD "C_NATION" -#define C_PHONE_FIELD "C_PHONE" -#define C_ACCTBAL_FIELD "C_ACCTBAL" -#define C_MKTSEGMENT_FIELD "C_MKTSEGMENT" -#define C_COMMENT_FIELD "C_COMMENT" - -/* -* 使用列主序存储,在相应的列查到数据之后可以通过下标索引获取其他字段数据 -*/ -enum CustomerDesc { - C_NAME = 0, - C_ADDRESS, - C_PHONE, - C_ACCTBAL, - C_MKTSEGMENT, - C_COMMENT -}; -typedef array String_32; - -/* -* 按照字段名称为计数器构建下标索引 -*/ -enum CustomerCounterIndex { - C_CUSTKEY_COUNTER = 0, - C_NAME_COUNTER, - C_ADDRESS_COUNTER, - C_NATION_COUNTER, - C_PHONE_COUNTER, - C_ACCTBAL_COUNTER, - C_MKTSEGMENT_COUNTER, - C_COMMENT_COUNTER -}; - -// 字段名称集合 -std::array FieldNameList = {"C_CUSTKEY", "C_NAME", "C_ADDRESS", "C_NATION", "C_PHONE", "C_ACCTBAL","C_MKTSEGMENT", "C_COMMENT"}; -/* -* 数据条目 -*/ -typedef struct CustomerItem { - int32_t CustomerKey; - int32_t Nation; - char Name[BUF_SIZE_16 + 1]; - char Address[BUF_SIZE_128 + 1]; - char Phone[BUF_SIZE_16 + 1]; - char Acctbal[BUF_SIZE_128 + 1]; - char Mktsegment[BUF_SIZE_128 + 1]; - char Comment[BUF_SIZE_128 + 1]; -} CustomerItem; - -// 访问频次计数器 -typedef std::map Counter; -typedef std::array AccessCounter; - -// 自定义Variant类型,包括int(0), string(1), double(2)三种变量类型 -typedef std::variant Variant; - -// 缓存桶, 用来存储<字段名称, 主键> -typedef std::map > BucketItem; -typedef std::array CustomerBucket; - -////////////////////////////////////////////////////////////////////// -// 主码属性 -typedef struct Customer { - map > CustomerKey; -} Customer; - -// 非主属性 -typedef struct CustomerField { - map > Name; - map > Address; - map > Nation; - map > Phone; - map > Acctbal; - map > Mktsegment; - map > Comment; -} CustomerField; - -#endif \ No newline at end of file -- Gitee From 8d6277daac51cfd88704602d9b059d1f23f11194 Mon Sep 17 00:00:00 2001 From: axel Date: Sun, 28 Apr 2024 02:05:51 +0000 Subject: [PATCH 4/5] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20wall?= =?UTF-8?q?facer2.0/secgear=5Fkv?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- wallfacer2.0/secgear_kv/CMakeLists.txt | 44 ---- .../secgear_kv/enclave/CMakeLists.txt | 234 ------------------ .../secgear_kv/enclave/Enclave.config.xml | 12 - wallfacer2.0/secgear_kv/enclave/Enclave.lds | 11 - .../secgear_kv/enclave/config_cloud.ini | 60 ----- wallfacer2.0/secgear_kv/enclave/kv.cpp | 164 ------------ wallfacer2.0/secgear_kv/enclave/manifest.txt | 7 - wallfacer2.0/secgear_kv/host/CMakeLists.txt | 130 ---------- wallfacer2.0/secgear_kv/host/main.cpp | 178 ------------- wallfacer2.0/secgear_kv/include/common.h | 29 --- wallfacer2.0/secgear_kv/kv.edl | 38 --- 11 files changed, 907 deletions(-) delete mode 100644 wallfacer2.0/secgear_kv/CMakeLists.txt delete mode 100644 wallfacer2.0/secgear_kv/enclave/CMakeLists.txt delete mode 100644 wallfacer2.0/secgear_kv/enclave/Enclave.config.xml delete mode 100644 wallfacer2.0/secgear_kv/enclave/Enclave.lds delete mode 100644 wallfacer2.0/secgear_kv/enclave/config_cloud.ini delete mode 100644 wallfacer2.0/secgear_kv/enclave/kv.cpp delete mode 100644 wallfacer2.0/secgear_kv/enclave/manifest.txt delete mode 100644 wallfacer2.0/secgear_kv/host/CMakeLists.txt delete mode 100644 wallfacer2.0/secgear_kv/host/main.cpp delete mode 100644 wallfacer2.0/secgear_kv/include/common.h delete mode 100644 wallfacer2.0/secgear_kv/kv.edl diff --git a/wallfacer2.0/secgear_kv/CMakeLists.txt b/wallfacer2.0/secgear_kv/CMakeLists.txt deleted file mode 100644 index d73ecd9e..00000000 --- a/wallfacer2.0/secgear_kv/CMakeLists.txt +++ /dev/null @@ -1,44 +0,0 @@ -# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. -# secGear is licensed under the Mulan PSL v2. -# You can use this software according to the terms and conditions of the Mulan PSL v2. -# You may obtain a copy of Mulan PSL v2 at: -# http://license.coscl.org.cn/MulanPSL2 -# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR -# PURPOSE. -# See the Mulan PSL v2 for more details. - -project(HelloWorld CXX) - -# set(CMAKE_C_STANDARD 99) -set(CMAKE_CXX_STANDARD 17) - - -set(CURRENT_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR}) - -#set edl name -set(EDL_FILE kv.edl) -set(CODEGEN codegen) - -if(CC_GP) - set(CODETYPE trustzone) - set(UUID f68fd704-6eb1-4d14-b218-722850eb3ef0) - add_definitions(-DPATH="/data/${UUID}.sec") -endif() - -if (NOT DEFINED SSL_PATH) - set(SSL_PATH /opt/intel/sgxssl) -endif() - -if(CC_SGX) - set(CODETYPE sgx) - add_definitions(-DPATH="${CMAKE_CURRENT_BINARY_DIR}/enclave/enclave.signed.so") -endif() - -if(CC_PL) - set(CODETYPE penglai) - add_definitions(-DPATH="${CMAKE_CURRENT_SOURCE_DIR}/enclave/penglai-ELF") -endif() - -add_subdirectory(${CURRENT_ROOT_PATH}/enclave) -add_subdirectory(${CURRENT_ROOT_PATH}/host) diff --git a/wallfacer2.0/secgear_kv/enclave/CMakeLists.txt b/wallfacer2.0/secgear_kv/enclave/CMakeLists.txt deleted file mode 100644 index cafed093..00000000 --- a/wallfacer2.0/secgear_kv/enclave/CMakeLists.txt +++ /dev/null @@ -1,234 +0,0 @@ -# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. -# secGear is licensed under the Mulan PSL v2. -# You can use this software according to the terms and conditions of the Mulan PSL v2. -# You may obtain a copy of Mulan PSL v2 at: -# http://license.coscl.org.cn/MulanPSL2 -# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR -# PURPOSE. -# See the Mulan PSL v2 for more details. - -#set auto code prefix -set(PREFIX kv) - -#set sign key -set(PEM Enclave_private.pem) - -#set sign tool -set(SIGN_TOOL ${LOCAL_ROOT_PATH}/tools/sign_tool/sign_tool.sh) - -#set enclave src code -set(SOURCE_FILES ${CMAKE_CURRENT_SOURCE_DIR}/kv.cpp) - -#set log level -set(PRINT_LEVEL 3) -add_definitions(-DPRINT_LEVEL=${PRINT_LEVEL}) - -if(CC_GP) - #set signed output - set(OUTPUT ${UUID}.sec) - #set whilelist. default: /vendor/bin/teec_hello - set(WHITE_LIST_0 /vendor/bin/helloworld) - set(WHITE_LIST_OWNER root) - set(WHITE_LIST_1 /vendor/bin/secgear_helloworld) - set(WHITELIST WHITE_LIST_0 WHITE_LIST_1) - - set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) - add_custom_command(OUTPUT ${AUTO_FILES} - DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} - COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp) -endif() - -if(CC_SGX) - set(OUTPUT enclave.signed.so) - set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c) - add_custom_command(OUTPUT ${AUTO_FILES} - DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} - COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SDK_PATH}/include --search-path ${SSL_PATH}/include) -endif() - -if(CC_PL) - set(OUTPUT penglai-ELF) - set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) - add_custom_command(OUTPUT ${AUTO_FILES} - DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} - COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/penglai) -endif() - -set(COMMON_C_FLAGS "-W -Wall -Werror -fno-short-enums -fno-omit-frame-pointer -fstack-protector \ - -Wstack-protector --param ssp-buffer-size=4 -frecord-gcc-switches -Wextra -nostdinc -nodefaultlibs \ - -fno-peephole -fno-peephole2 -Wno-main -Wno-error=unused-parameter \ - -Wno-error=unused-but-set-variable -Wno-error=format-truncation=") - -set(COMMON_C_LINK_FLAGS "-Wl,-z,now -Wl,-z,relro -Wl,-z,noexecstack -Wl,-nostdlib -nodefaultlibs -nostartfiles") - -if(CC_GP) - - set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -march=armv8-a ") - set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s -fPIC") - set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-s") - - set(ITRUSTEE_TEEDIR ${SDK_PATH}/) - set(ITRUSTEE_LIBC ${SDK_PATH}/thirdparty/open_source/musl/libc) - - if(${CMAKE_VERSION} VERSION_LESS "3.13.0") - link_directories(${CMAKE_BINARY_DIR}/lib/) - endif() - - add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES}) - - target_include_directories( ${PREFIX} PRIVATE - ${CMAKE_CURRENT_BINARY_DIR} - ${CMAKE_BINARY_DIR}/inc - ${LOCAL_ROOT_PATH}/inc/host_inc - ${LOCAL_ROOT_PATH}/inc/host_inc/gp - ${LOCAL_ROOT_PATH}/inc/enclave_inc - ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp - ${ITRUSTEE_TEEDIR}/include/TA - ${ITRUSTEE_TEEDIR}/include/TA/huawei_ext - ${ITRUSTEE_LIBC}/arch/aarch64 - ${ITRUSTEE_LIBC}/ - ${ITRUSTEE_LIBC}/arch/arm/bits - ${ITRUSTEE_LIBC}/arch/generic - ${ITRUSTEE_LIBC}/arch/arm - ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp/itrustee) - - if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") - target_link_directories(${PREFIX} PRIVATE - ${CMAKE_BINARY_DIR}/lib/) - endif() - - foreach(WHITE_LIST ${WHITELIST}) - add_definitions(-D${WHITE_LIST}="${${WHITE_LIST}}") - endforeach(WHITE_LIST) - add_definitions(-DWHITE_LIST_OWNER="${WHITE_LIST_OWNER}") - - target_link_libraries(${PREFIX} -lsecgear_tee) - - #for trustzone compiling, you should connact us to get config and private_key.pem for test, so we will not sign and install binary in this example # - # add_custom_command(TARGET ${PREFIX} - # POST_BUILD - # COMMAND bash ${SIGN_TOOL} -d sign -x trustzone -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -c ${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt -m ${CMAKE_CURRENT_SOURCE_DIR}/config_cloud.ini -o ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT}) - - # install(FILES ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT} - # DESTINATION /data - # PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) - -endif() - -if(CC_SGX) - set(SGX_DIR ${SDK_PATH}) - set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -m64 -fvisibility=hidden") - set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s") - set(LINK_LIBRARY_PATH ${SGX_DIR}/lib64) - - set(OPENSSL_LIBRARY_PATH ${SSL_PATH}/lib64) # openssl动态库 - - if(CC_SIM) - set(Trts_Library_Name sgx_trts_sim) - set(Service_Library_Name sgx_tservice_sim) - else() - set(Trts_Library_Name sgx_trts) - set(Service_Library_Name sgx_tservice) - endif() - - set(Crypto_Library_Name sgx_tcrypto) - - set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-z,defs -Wl,-pie -Bstatic -Bsymbolic -eenclave_entry \ - -Wl,--export-dynamic -Wl,--defsym,__ImageBase=0 -Wl,--gc-sections -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/Enclave.lds") - - if(${CMAKE_VERSION} VERSION_LESS "3.13.0") - link_directories( - ${LINK_LIBRARY_PATH} - ${OPENSSL_LIBRARY_PATH} - ) - endif() - - add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES}) - - target_include_directories(${PREFIX} PRIVATE - ${CMAKE_CURRENT_BINARY_DIR} - ${SGX_DIR}/include/tlibc - ${SGX_DIR}/include/libcxx - ${SGX_DIR}/include - ${LOCAL_ROOT_PATH}/inc/host_inc - ${LOCAL_ROOT_PATH}/inc/host_inc/sgx - ${SSL_PATH}/include #openssl静态库 - ${CURRENT_ROOT_PATH}/include - ) - - if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") - target_link_directories(${PREFIX} PRIVATE - ${LINK_LIBRARY_PATH} - ${OPENSSL_LIBRARY_PATH} - ${CURRENT_ROOT_PATH}/include - ) - endif() - - target_link_libraries(${PREFIX} -Wl,--whole-archive ${Trts_Library_Name} -lsgx_tsgxssl -Wl,--no-whole-archive - -Wl,--start-group - -lsgx_tstdc -lsgx_tcxx -lsgx_tsgxssl -lsgx_tsgxssl_crypto -lsgx_usgxssl - -lsgx_tcrypto -lsgx_pthread - -l${Crypto_Library_Name} -l${Service_Library_Name} - -Wl,--end-group) - add_custom_command(TARGET ${PREFIX} - POST_BUILD - COMMAND umask 0177 - COMMAND openssl genrsa -3 -out ${PEM} 3072 - COMMAND bash ${SIGN_TOOL} -d sign -x sgx -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -k ${PEM} -o ${OUTPUT} -c ${CMAKE_CURRENT_SOURCE_DIR}/Enclave.config.xml) -endif() - -if(NOT DEFINED CC_PL) - set_target_properties(${PREFIX} PROPERTIES SKIP_BUILD_RPATH TRUE) -endif() - -if(CC_PL) - set(SDK_LIB_DIR ${SDK_PATH}/lib) - set(SDK_INCLUDE_DIR ${SDK_LIB_DIR}/app/include) - set(SDK_APP_LIB ${SDK_LIB_DIR}/libpenglai-enclave-eapp.a) - set(MUSL_LIB_DIR ${SDK_PATH}/musl/lib) - set(MUSL_LIBC ${MUSL_LIB_DIR}/libc.a) - set(GCC_LIB ${SDK_LIB_DIR}/libgcc.a) - set(SECGEAR_TEE_LIB ${CMAKE_BINARY_DIR}/lib/libsecgear_tee.a) - - set(SOURCE_C_OBJS "") - foreach(SOURCE_FILE ${SOURCE_FILES}) - STRING(REGEX REPLACE ".+/(.+)\\..*" "\\1" SOURCE_FILE_NAME ${SOURCE_FILE}) - set(SOURCE_OBJ ${CMAKE_CURRENT_BINARY_DIR}/${SOURCE_FILE_NAME}.o) - add_custom_command( - OUTPUT ${SOURCE_OBJ} - DEPENDS ${SOURCE_FILES} - COMMAND gcc -Wall -I${SDK_INCLUDE_DIR} -I${CMAKE_CURRENT_BINARY_DIR} -I${CMAKE_BINARY_DIR}/inc - -I${LOCAL_ROOT_PATH}/inc/host_inc -I${LOCAL_ROOT_PATH}/inc/host_inc/penglai -I${LOCAL_ROOT_PATH}/inc/enclave_inc - -I${LOCAL_ROOT_PATH}/inc/enclave_inc/penglai -c -o ${SOURCE_OBJ} ${SOURCE_FILE} - COMMENT "generate SOURCE_OBJ" - ) - list(APPEND SOURCE_C_OBJS ${SOURCE_OBJ}) - endforeach() - - set(APP_C_OBJ ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.o) - add_custom_command( - OUTPUT ${APP_C_OBJ} - DEPENDS ${AUTO_FILES} - COMMAND gcc -Wall -I${SDK_INCLUDE_DIR} -I${CMAKE_CURRENT_BINARY_DIR} -I${CMAKE_BINARY_DIR}/inc - -I${LOCAL_ROOT_PATH}/inc/host_inc -I${LOCAL_ROOT_PATH}/inc/host_inc/penglai -I${LOCAL_ROOT_PATH}/inc/enclave_inc - -I${LOCAL_ROOT_PATH}/inc/enclave_inc/penglai -c -o ${APP_C_OBJ} ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c - COMMENT "generate APP_C_OBJ" - ) - - add_custom_command( - OUTPUT ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} - DEPENDS ${APP_C_OBJ} ${SOURCE_C_OBJS} ${SDK_APP_LIB} ${MUSL_LIBC} ${GCC_LIB} - COMMAND ld -static -L${SDK_LIB_DIR} -L${MUSL_LIB_DIR} -L/usr/lib64 -lpenglai-enclave-eapp -lsecgear_tee -lc - -o ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} ${APP_C_OBJ} ${SOURCE_C_OBJS} ${SDK_APP_LIB} ${SECGEAR_TEE_LIB} - ${MUSL_LIBC} ${GCC_LIB} -T ${SDK_PATH}/app.lds - COMMAND chmod -x ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} - COMMENT "generate penglai-ELF" - ) - add_custom_target( - ${OUTPUT} ALL - DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} - COMMENT "makefile target penglai-ELF" - ) - -endif() diff --git a/wallfacer2.0/secgear_kv/enclave/Enclave.config.xml b/wallfacer2.0/secgear_kv/enclave/Enclave.config.xml deleted file mode 100644 index bd60be70..00000000 --- a/wallfacer2.0/secgear_kv/enclave/Enclave.config.xml +++ /dev/null @@ -1,12 +0,0 @@ - - 0 - 0 - 0x400000 - 0x100000000 - 10 - 1 - - 0 - 0 - 0xFFFFFFFF - diff --git a/wallfacer2.0/secgear_kv/enclave/Enclave.lds b/wallfacer2.0/secgear_kv/enclave/Enclave.lds deleted file mode 100644 index ab77e647..00000000 --- a/wallfacer2.0/secgear_kv/enclave/Enclave.lds +++ /dev/null @@ -1,11 +0,0 @@ -enclave.so -{ - global: - g_global_data_sim; - g_global_data; - enclave_entry; - g_peak_heap_used; - local: - *; -}; - diff --git a/wallfacer2.0/secgear_kv/enclave/config_cloud.ini b/wallfacer2.0/secgear_kv/enclave/config_cloud.ini deleted file mode 100644 index 8c70225e..00000000 --- a/wallfacer2.0/secgear_kv/enclave/config_cloud.ini +++ /dev/null @@ -1,60 +0,0 @@ -[signSecPrivateCfg] -;;; -;private key length for signing TA: -;[fixed value] -;256 ECDSA Alg -;2048/4096 RSA Alg -secSignKeyLen = 4096 -;;; -;[fixed value] -;0 means SHA256 hash type -;1 means SHA512 hash type -secHashType = 0 -;;; -; [fixed value] -;0 means padding type is pkcs1v15 -;1 means padding type is PSS -;[fixed value] -secPaddingType = 1 -;;; -;[fixed value] -;RSA alg -;ECDSA alg -;SM2 alg -secSignAlg = RSA -;;; -;public key for encrypt TA -secEncryptKey = rsa_public_key_cloud.pem -;;; -;public key length -secEncryptKeyLen = 3072 - -[signSecPublicCfg] -;;; -;[fixed value] -; sec sign key type -;0 means debug -;1 means release -secReleaseType = 1 -;;; -;0 means TA not installed by OTRP -;1 means TA installed by OTRP -secOtrpFlag = 0 -;;; -;0 means not sign -;1 means signed by local private -;2 means signed using native sign tool; -;3 means signed by CI -;[fixed value] -secSignType = 1 -;;; -;server address for signing TA -secSignServerIp = -;;; -;private key for signing TA -;[private key owned by yourself] -secSignKey = /home/TA_cert/private_key.pem -;;; -;config file -;[signed config file by Huawei] -configPath = /home/TA_cert/secgear-app1/config diff --git a/wallfacer2.0/secgear_kv/enclave/kv.cpp b/wallfacer2.0/secgear_kv/enclave/kv.cpp deleted file mode 100644 index 1f61621c..00000000 --- a/wallfacer2.0/secgear_kv/enclave/kv.cpp +++ /dev/null @@ -1,164 +0,0 @@ -/* - * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. - * secGear is licensed under the Mulan PSL v2. - * You can use this software according to the terms and conditions of the Mulan PSL v2. - * You may obtain a copy of Mulan PSL v2 at: - * http://license.coscl.org.cn/MulanPSL2 - * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR - * PURPOSE. - * See the Mulan PSL v2 for more details. - */ - - -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include "common.h" -#include "kv_t.h" -using namespace std; - -#define TA_HELLO_WORLD "secgear hello world!" -#define BUF_MAX 32 - -const uint8_t userkey[16] = { // AES密钥生成参数 - '1', '2', '3', '4', - '5', '6', '7', '8', - '9', '0', '1', '2', - '3', '4', '5', '6' -}; -// 分组加密 -uint8_t aes_in[16] = {0}, aes_out[16] = {0}; - -// 加解密秘钥 -AES_KEY encrypt_key, decrypt_key; - -vector KeyVec; // 键值对列表 -list KeyList; -hash strHash; // 字符串hash函数 - -int get_string(char *buf) -{ - strncpy(buf, TA_HELLO_WORLD, strlen(TA_HELLO_WORLD) + 1); - return 0; -} -// 加密 -void AES_Encrypt(KEY &Key) -{ - uint8_t *value = (uint8_t *)Key.val_ptr; // 获取value值 - AES_set_encrypt_key(userkey, 128, &encrypt_key); // 生成128bit加密秘钥 - for (size_t i = 0;i < Key.val_size;i+=16) { - memcpy(aes_in, value+i, 16); // 取16字节 - AES_ecb_encrypt(aes_in, aes_out, &encrypt_key, AES_ENCRYPT); // 加密 - memcpy(value+i, aes_out, 16); // 拷贝回去 - } -} -// 解密 -void AES_Decrypt(KEY Key, uint8_t *buf) -{ - uint8_t *value = (uint8_t *)Key.val_ptr; - AES_set_decrypt_key(userkey, 128, &decrypt_key); // 生成128bit解密密钥 - for (size_t i = 0;i < Key.val_size;i+=16) { - memcpy(aes_in, value+i,16); // 取16字节 - AES_ecb_encrypt(aes_in, aes_out, &decrypt_key, AES_DECRYPT); // 解密 - memcpy(buf+i, aes_out, 16); // 拷贝到buf - } -} - -int search_key(int key_val) -{ - for (int i = 0;i < KeyVec.size();i++) { - if (KeyVec[i].key_val == key_val) { // 查找到key - return i; - } - } - return -1; -} - -/** - * @param key_val 键信息 - * @param val_addr 值在不可信内存中的地址 - * @param val_len 值的长度 -*/ -int Set_KV(int key_val, uint64_t val_addr, size_t val_len) -{ - // 初始化键值对信息 - KEY Key; // 新建一个KEY变量 - Key.key_val = key_val; // 初始化key值 - Key.val_ptr = (uint8_t*)val_addr; // 初始化value指针 - Key.val_size = val_len; // 值的长度 - - // 计算hash值,实现完整性保护 - char *str = new char[VALUE_SIZE + 1]; // 转为char* - memcpy(str, Key.val_ptr, val_len); - string value_str = str; // 转为string - - Key.hash_value = strHash(value_str); // 计算hash值 - - // 对不可信内存中的value内容进行加密(AES-ECB模式) - // AES_Encrypt(Key); - - // 是否已存在键相同的键值对映射 - int index = search_key(key_val); - // 不存在 - if (index < 0) { - // 将Key插入列表 - KeyVec.push_back(Key); - } - else { - KeyVec[index] = Key; - } - return 0; -} -/** - * @param key_val 键信息 - * @param value_val 返回值 -*/ -int Get_KV(int key_val, uint8_t* value_val) -{ - // 查找键值对下标 - int index = search_key(key_val); - if (index < 0) return -1; - - // 解密 - // AES_Decrypt(KeyVec[index], value_val); - // 转为string计算hash - char *str = new char[VALUE_SIZE + 1]; // 转为char* - memcpy(str, value_val, KeyVec[index].val_size); - // 计算hash值 - string value_str = str; - size_t hashval = strHash(value_str); - // 校验完整性 - if (KeyVec[index].hash_value != hashval) { - memset(value_val, '0', KeyVec[index].val_size); - } - return 0; -} -/** - * @param key_val 键信息 - * @return 是否删除成功 -*/ -int Delete_KV(int key_val) -{ - int index = search_key(key_val); - if (index < 0) return -1; - // 删除键为1的键值对并回收内存 - KeyVec.erase(KeyVec.begin() + index); - // KeyVec.erase(remove(KeyVec.begin(), KeyVec.end(), Key)); - - return 0; -} \ No newline at end of file diff --git a/wallfacer2.0/secgear_kv/enclave/manifest.txt b/wallfacer2.0/secgear_kv/enclave/manifest.txt deleted file mode 100644 index d78354e6..00000000 --- a/wallfacer2.0/secgear_kv/enclave/manifest.txt +++ /dev/null @@ -1,7 +0,0 @@ -gpd.ta.appID: f68fd704-6eb1-4d14-b218-722850eb3ef0 -gpd.ta.service_name: rsa-demo -gpd.ta.singleInstance: true -gpd.ta.multiSession: false -gpd.ta.instanceKeepAlive: false -gpd.ta.dataSize: 819200 -gpd.ta.stackSize: 40960 diff --git a/wallfacer2.0/secgear_kv/host/CMakeLists.txt b/wallfacer2.0/secgear_kv/host/CMakeLists.txt deleted file mode 100644 index 7f0bcb6d..00000000 --- a/wallfacer2.0/secgear_kv/host/CMakeLists.txt +++ /dev/null @@ -1,130 +0,0 @@ -# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. -# secGear is licensed under the Mulan PSL v2. -# You can use this software according to the terms and conditions of the Mulan PSL v2. -# You may obtain a copy of Mulan PSL v2 at: -# http://license.coscl.org.cn/MulanPSL2 -# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR -# PURPOSE. -# See the Mulan PSL v2 for more details. - -#set auto code prefix -set(PREFIX kv) -#set host exec name -set(OUTPUT secgear_kv) -#set host src code -set(SOURCE_FILE ${CMAKE_CURRENT_SOURCE_DIR}/main.cpp) - -#set auto code -if(CC_GP) - set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) - add_custom_command(OUTPUT ${AUTO_FILES} - DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} - COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp) -endif() - -if(CC_SGX) - set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c) - add_custom_command(OUTPUT ${AUTO_FILES} - DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} - COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} - --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx - --search-path ${SDK_PATH}/include - --search-path ${SSL_PATH}/include) -endif() - -if(CC_PL) - set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c) - add_custom_command(OUTPUT ${AUTO_FILES} - DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} - COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/penglai) -endif() - -set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIE") -set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s") - -if(CC_GP) - if(${CMAKE_VERSION} VERSION_LESS "3.13.0") - link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) - endif() - add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) - target_include_directories(${OUTPUT} PRIVATE - ${CMAKE_BINARY_DIR}/inc - ${LOCAL_ROOT_PATH}/inc/host_inc - ${LOCAL_ROOT_PATH}/inc/host_inc/gp - ${CMAKE_CURRENT_BINARY_DIR}) - if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") - target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) - endif() -endif() - -if(CC_SGX) - if(${CMAKE_VERSION} VERSION_LESS "3.13.0") - link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY} - ${SSL_PATH}/lib64 - ) - endif() - add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) - target_include_directories(${OUTPUT} PRIVATE - ${LOCAL_ROOT_PATH}/inc/host_inc - ${LOCAL_ROOT_PATH}/inc/host_inc/sgx - ${CMAKE_CURRENT_BINARY_DIR} - ${CURRENT_ROOT_PATH}/include/) - if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") - target_link_directories(${OUTPUT} PRIVATE - ${CMAKE_LIBRARY_OUTPUT_DIRECTORY} - ${SSL_PATH}/lib64 - ${CURRENT_ROOT_PATH}/include/ - ) - endif() -endif() - -if(CC_PL) - if(${CMAKE_VERSION} VERSION_LESS "3.13.0") - link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) - endif() - add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) - target_include_directories(${OUTPUT} PRIVATE - ${LOCAL_ROOT_PATH}/inc/host_inc - ${LOCAL_ROOT_PATH}/inc/host_inc/penglai - ${CMAKE_CURRENT_BINARY_DIR} - ) - if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") - target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) - endif() -endif() - -if(CC_SIM) - target_link_libraries(${OUTPUT} secgearsim pthread sgx_usgxssl) # 链接动态库 -else() - target_link_libraries(${OUTPUT} secgear pthread sgx_usgxssl) -endif() -set_target_properties(${OUTPUT} PROPERTIES SKIP_BUILD_RPATH TRUE) - -if(CC_GP) - #itrustee install whitelist /vender/bin/teec_hello - install(TARGETS ${OUTPUT} - RUNTIME - DESTINATION /vendor/bin/ - PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ - GROUP_EXECUTE GROUP_READ - WORLD_EXECUTE WORLD_READ) -endif() - -if(CC_SGX) - install(TARGETS ${OUTPUT} - RUNTIME - DESTINATION ${CMAKE_BINARY_DIR}/bin/ - PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ - GROUP_EXECUTE GROUP_READ - WORLD_EXECUTE WORLD_READ) -endif() - -if(CC_PL) - install(TARGETS ${OUTPUT} - RUNTIME - DESTINATION ${CMAKE_BINARY_DIR}/bin/ - PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ - GROUP_EXECUTE GROUP_READ - WORLD_EXECUTE WORLD_READ) -endif() diff --git a/wallfacer2.0/secgear_kv/host/main.cpp b/wallfacer2.0/secgear_kv/host/main.cpp deleted file mode 100644 index ee31dd43..00000000 --- a/wallfacer2.0/secgear_kv/host/main.cpp +++ /dev/null @@ -1,178 +0,0 @@ -/* - * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. - * secGear is licensed under the Mulan PSL v2. - * You can use this software according to the terms and conditions of the Mulan PSL v2. - * You may obtain a copy of Mulan PSL v2 at: - * http://license.coscl.org.cn/MulanPSL2 - * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR - * PURPOSE. - * See the Mulan PSL v2 for more details. - */ - -#include -#include -#include -#include -#include - -#include "enclave.h" -#include "kv_u.h" -#include "common.h" - -#include -using namespace std; - -// #define RSA_PUBLIC_KEY_FILE "pubkey.pem" -clock_t start, stop; // 时间参数 - -cc_enclave_t global_eid = {}; // 全局enclave_id -cc_enclave_result_t res = CC_FAIL; // enclave状态结果 -uint8_t buf[VALUE_SIZE] = {0}; // 缓冲区 -char temp[VALUE_SIZE + 1]; -int retval = 0; -// 创建enclave -int CreateEnclave() -{ - int retval = 0; - const char *path = PATH; - - - char real_p[PATH_MAX]; - /* check file exists, if not exist then use absolute path */ - if (realpath(path, real_p) == NULL) { - if (getcwd(real_p, sizeof(real_p)) == NULL) { - printf("Cannot find enclave.sign.so"); - return res; - } - if (PATH_MAX - strlen(real_p) <= strlen("/enclave.signed.so")) { - printf("Failed to strcat enclave.sign.so path"); - return res; - } - (void)strcat(real_p, "/enclave.signed.so"); - } - // 创建飞地 - res = cc_enclave_create( - real_p, - AUTO_ENCLAVE_TYPE, - 0, - SECGEAR_DEBUG_FLAG, - NULL, - 0, - &global_eid); - return res; -} -// 销毁enclave -void DestoryEnclave() -{ - res = cc_enclave_destroy(&global_eid); - if(res != CC_SUCCESS) { - printf("host destroy enclave error\n"); - } else { - printf("host destroy enclave success\n"); - } -} -// 打印测试函数(ocall-function) -void print(uint64_t c) { - std::cout << c << std::endl; -} - -// 添加键值对 -int Set(int key, char *value_str) -{ - VALUE Value; - Value.value = new uint8_t[VALUE_SIZE]; - memcpy(Value.value, value_str, strlen(value_str)); - Value.val_len = strlen(value_str); // 获取value长度 - uint64_t val_addr = (uint64_t)Value.value; // 获取value地址 - - // 发起ecall插入键值对值 - res = Set_KV(&global_eid, // enclave_id - &retval, // 返回值 - key, // key - val_addr, // value地址 - Value.val_len // value长度 - ); - if (res != CC_SUCCESS || retval != 0) { - std::cout << "Set KV failed!\n"; - return -1; - } - return 0; -} -// 获取键值对 -int Get(int key) -{ - uint8_t *value_val = new uint8_t[VALUE_SIZE]; - // 发起ecall查询键值对 - res = Get_KV(&global_eid, // enclave_id - &retval, // 返回值 - key, // key - value_val // value值 - ); - if (res != CC_SUCCESS || retval != 0) { - std::cout << "Get KV failed!\n"; - return -1; - } - std::cout << key << ": " << value_val << std::endl; - return 0; -} - -int Delete(int key_val) -{ - // 发起ecall删除键值对 - res = Delete_KV(&global_eid, - &retval, - key_val); - if (res != CC_SUCCESS || retval != 0) { - std::cout << "Delete KV failed!\n"; - return -1; - } - return 0; -} - -int main() -{ - double set_during, get_during; - - int retval; - // 创建飞地 - if (CreateEnclave() != 0) { - std::cout << "Create enclave failed\n"; - return -1; - } - start = clock(); - for (int j = 0;j < TEST_ITEM_SIZE;j++) { - - char sv[VALUE_SIZE + 1] = {'\0'}; - for (int i = 0;i < VALUE_SIZE;i++) { - sv[i] = 'a' + rand()%26; - } - // 发起ecall 建立键值对映射信息 - // cout << sv << endl; - if (Set(j, sv) < 0) { - cout << j << endl; - break; - } - // Set(j, sv); - } - stop = clock(); - set_during = double(stop - start) /CLOCKS_PER_SEC; - - - start = clock(); - // 发起ecall 查询键值对信息 - for (int i = 0;i < TEST_ITEM_SIZE;i++) { - Get(i); - - } - stop = clock(); - get_during = double(stop- start) / CLOCKS_PER_SEC; - - - cout << "Set消耗时间: " << set_during << 's' << endl; - cout << "Get消耗时间: " << get_during << 's' << endl; - - // 发起ecall 删除键值对 - - return res; -} diff --git a/wallfacer2.0/secgear_kv/include/common.h b/wallfacer2.0/secgear_kv/include/common.h deleted file mode 100644 index d8a984db..00000000 --- a/wallfacer2.0/secgear_kv/include/common.h +++ /dev/null @@ -1,29 +0,0 @@ -#ifndef COMMON_H -#define COMMON_H - -#define VALUE_SIZE 128 -#define TEST_ITEM_SIZE 1000000 -using namespace std; - -// 键(存储在TEE中) -typedef struct KEY { - int key_val; // 键 - uint8_t *val_ptr; // 指针 - size_t val_size; // value长度 - size_t hash_value; // hash(这里可以选一种hash函数替换成HMAC) -} KEY; - -// 值(加密存储在REE中) -typedef struct VALUE { - uint8_t *value; - size_t val_len; -} VALUE; - -// 键值对数据 -typedef struct KV { - int32_t key_val; - uint8_t value[VALUE_SIZE]; - size_t value_len; -} KV; - -#endif \ No newline at end of file diff --git a/wallfacer2.0/secgear_kv/kv.edl b/wallfacer2.0/secgear_kv/kv.edl deleted file mode 100644 index e1bddff3..00000000 --- a/wallfacer2.0/secgear_kv/kv.edl +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. - * secGear is licensed under the Mulan PSL v2. - * You can use this software according to the terms and conditions of the Mulan PSL v2. - * You may obtain a copy of Mulan PSL v2 at: - * http://license.coscl.org.cn/MulanPSL2 - * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR - * PURPOSE. - * See the Mulan PSL v2 for more details. - */ - -enclave { - include "secgear_urts.h" - from "secgear_tstdc.edl" import *; - from "secgear_tssl.edl" import *; - from "secgear_pthread.edl" import*; - trusted { - public int get_string([out, size=32]char *buf); - - public int Set_KV(int key_val, uint64_t val_addr, size_t val_len); - - public int Get_KV(int key_val, [out, size=128]uint8_t *buf); - - public int Delete_KV(int key_val); - - // public int GenerateRSAKey([out, size=key_len]char* out_pri_key, [out, size=key_len]char* out_pub_key, size_t key_len); - - // public int GenerateECCKey([out, size=key_len]char* out_pri_key,[out, size=key_len]char* out_pub_key, size_t key_len); - - // public int AES_ECB_Encrypt([out, size=16]uint8_t *user_key, [out, size=16]uint8_t *aes_in, [in, size=16]uint8_t *aes_out); - - // public int AES_ECB_Decrypt([out, size=16]uint8_t *user_key, [out, size=16]uint8_t *aes_in, [in, size=16]uint8_t *aes_out); - }; - untrusted { - void print(uint64_t c); - }; -}; -- Gitee From a3e147dd0f683d0398761e404a4433c7c0f2d2a5 Mon Sep 17 00:00:00 2001 From: axel Date: Sun, 28 Apr 2024 10:19:10 +0800 Subject: [PATCH 5/5] =?UTF-8?q?commit=20wallfacer2.0-2=E3=80=814?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- wallfacer2.0/secgear_da/CMakeLists.txt | 44 +++ wallfacer2.0/secgear_da/da.edl | 31 +++ .../secgear_da/enclave/CMakeLists.txt | 234 ++++++++++++++++ .../secgear_da/enclave/Enclave.config.xml | 12 + wallfacer2.0/secgear_da/enclave/Enclave.lds | 11 + .../secgear_da/enclave/config_cloud.ini | 60 ++++ wallfacer2.0/secgear_da/enclave/da.cpp | 261 ++++++++++++++++++ wallfacer2.0/secgear_da/enclave/manifest.txt | 7 + wallfacer2.0/secgear_da/host/CMakeLists.txt | 130 +++++++++ wallfacer2.0/secgear_da/host/main.cpp | 205 ++++++++++++++ wallfacer2.0/secgear_da/host/test.cpp | 133 +++++++++ wallfacer2.0/secgear_da/include/common.h | 31 +++ wallfacer2.0/secgear_da/include/tpch.h | 105 +++++++ wallfacer2.0/secgear_kv/CMakeLists.txt | 44 +++ .../secgear_kv/enclave/CMakeLists.txt | 234 ++++++++++++++++ .../secgear_kv/enclave/Enclave.config.xml | 12 + wallfacer2.0/secgear_kv/enclave/Enclave.lds | 11 + .../secgear_kv/enclave/config_cloud.ini | 60 ++++ wallfacer2.0/secgear_kv/enclave/kv.cpp | 164 +++++++++++ wallfacer2.0/secgear_kv/enclave/manifest.txt | 7 + wallfacer2.0/secgear_kv/host/CMakeLists.txt | 130 +++++++++ wallfacer2.0/secgear_kv/host/main.cpp | 178 ++++++++++++ wallfacer2.0/secgear_kv/include/common.h | 29 ++ wallfacer2.0/secgear_kv/kv.edl | 38 +++ 24 files changed, 2171 insertions(+) create mode 100644 wallfacer2.0/secgear_da/CMakeLists.txt create mode 100644 wallfacer2.0/secgear_da/da.edl create mode 100644 wallfacer2.0/secgear_da/enclave/CMakeLists.txt create mode 100644 wallfacer2.0/secgear_da/enclave/Enclave.config.xml create mode 100644 wallfacer2.0/secgear_da/enclave/Enclave.lds create mode 100644 wallfacer2.0/secgear_da/enclave/config_cloud.ini create mode 100644 wallfacer2.0/secgear_da/enclave/da.cpp create mode 100644 wallfacer2.0/secgear_da/enclave/manifest.txt create mode 100644 wallfacer2.0/secgear_da/host/CMakeLists.txt create mode 100644 wallfacer2.0/secgear_da/host/main.cpp create mode 100644 wallfacer2.0/secgear_da/host/test.cpp create mode 100644 wallfacer2.0/secgear_da/include/common.h create mode 100644 wallfacer2.0/secgear_da/include/tpch.h create mode 100644 wallfacer2.0/secgear_kv/CMakeLists.txt create mode 100644 wallfacer2.0/secgear_kv/enclave/CMakeLists.txt create mode 100644 wallfacer2.0/secgear_kv/enclave/Enclave.config.xml create mode 100644 wallfacer2.0/secgear_kv/enclave/Enclave.lds create mode 100644 wallfacer2.0/secgear_kv/enclave/config_cloud.ini create mode 100644 wallfacer2.0/secgear_kv/enclave/kv.cpp create mode 100644 wallfacer2.0/secgear_kv/enclave/manifest.txt create mode 100644 wallfacer2.0/secgear_kv/host/CMakeLists.txt create mode 100644 wallfacer2.0/secgear_kv/host/main.cpp create mode 100644 wallfacer2.0/secgear_kv/include/common.h create mode 100644 wallfacer2.0/secgear_kv/kv.edl diff --git a/wallfacer2.0/secgear_da/CMakeLists.txt b/wallfacer2.0/secgear_da/CMakeLists.txt new file mode 100644 index 00000000..c731a8c9 --- /dev/null +++ b/wallfacer2.0/secgear_da/CMakeLists.txt @@ -0,0 +1,44 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. +# secGear is licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR +# PURPOSE. +# See the Mulan PSL v2 for more details. + +project(HelloWorld CXX) + +# set(CMAKE_C_STANDARD 99) +set(CMAKE_CXX_STANDARD 17) + + +set(CURRENT_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR}) + +#set edl name +set(EDL_FILE da.edl) +set(CODEGEN codegen) + +if(CC_GP) + set(CODETYPE trustzone) + set(UUID f68fd704-6eb1-4d14-b218-722850eb3ef0) + add_definitions(-DPATH="/data/${UUID}.sec") +endif() + +if (NOT DEFINED SSL_PATH) + set(SSL_PATH /opt/intel/sgxssl) +endif() + +if(CC_SGX) + set(CODETYPE sgx) + add_definitions(-DPATH="${CMAKE_CURRENT_BINARY_DIR}/enclave/enclave.signed.so") +endif() + +if(CC_PL) + set(CODETYPE penglai) + add_definitions(-DPATH="${CMAKE_CURRENT_SOURCE_DIR}/enclave/penglai-ELF") +endif() + +add_subdirectory(${CURRENT_ROOT_PATH}/enclave) +add_subdirectory(${CURRENT_ROOT_PATH}/host) diff --git a/wallfacer2.0/secgear_da/da.edl b/wallfacer2.0/secgear_da/da.edl new file mode 100644 index 00000000..5d5470ec --- /dev/null +++ b/wallfacer2.0/secgear_da/da.edl @@ -0,0 +1,31 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * secGear is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + +enclave { + include "secgear_urts.h" + from "secgear_tstdc.edl" import *; + from "secgear_tssl.edl" import *; + from "secgear_pthread.edl" import*; + trusted { + public int get_string([out, size=32]char *buf); + + // 初始化数据表 + public int InitCustomerItem(uint64_t customer_items_addr, size_t cust_size); + + // 查询数据 + public int GetData([in, size=32]int32_t* FieldIndex, size_t field_len, uint64_t item_addr, uint64_t res_item_addr,[out,size=16]size_t* res_len); + + }; + untrusted { + void print(uint64_t c); + }; +}; diff --git a/wallfacer2.0/secgear_da/enclave/CMakeLists.txt b/wallfacer2.0/secgear_da/enclave/CMakeLists.txt new file mode 100644 index 00000000..d5749bd6 --- /dev/null +++ b/wallfacer2.0/secgear_da/enclave/CMakeLists.txt @@ -0,0 +1,234 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. +# secGear is licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR +# PURPOSE. +# See the Mulan PSL v2 for more details. + +#set auto code prefix +set(PREFIX da) + +#set sign key +set(PEM Enclave_private.pem) + +#set sign tool +set(SIGN_TOOL ${LOCAL_ROOT_PATH}/tools/sign_tool/sign_tool.sh) + +#set enclave src code +set(SOURCE_FILES ${CMAKE_CURRENT_SOURCE_DIR}/da.cpp) + +#set log level +set(PRINT_LEVEL 3) +add_definitions(-DPRINT_LEVEL=${PRINT_LEVEL}) + +if(CC_GP) + #set signed output + set(OUTPUT ${UUID}.sec) + #set whilelist. default: /vendor/bin/teec_hello + set(WHITE_LIST_0 /vendor/bin/helloworld) + set(WHITE_LIST_OWNER root) + set(WHITE_LIST_1 /vendor/bin/secgear_helloworld) + set(WHITELIST WHITE_LIST_0 WHITE_LIST_1) + + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp) +endif() + +if(CC_SGX) + set(OUTPUT enclave.signed.so) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SDK_PATH}/include --search-path ${SSL_PATH}/include) +endif() + +if(CC_PL) + set(OUTPUT penglai-ELF) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/penglai) +endif() + +set(COMMON_C_FLAGS "-W -Wall -Werror -fno-short-enums -fno-omit-frame-pointer -fstack-protector \ + -Wstack-protector --param ssp-buffer-size=4 -frecord-gcc-switches -Wextra -nostdinc -nodefaultlibs \ + -fno-peephole -fno-peephole2 -Wno-main -Wno-error=unused-parameter \ + -Wno-error=unused-but-set-variable -Wno-error=format-truncation=") + +set(COMMON_C_LINK_FLAGS "-Wl,-z,now -Wl,-z,relro -Wl,-z,noexecstack -Wl,-nostdlib -nodefaultlibs -nostartfiles") + +if(CC_GP) + + set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -march=armv8-a ") + set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s -fPIC") + set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-s") + + set(ITRUSTEE_TEEDIR ${SDK_PATH}/) + set(ITRUSTEE_LIBC ${SDK_PATH}/thirdparty/open_source/musl/libc) + + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${CMAKE_BINARY_DIR}/lib/) + endif() + + add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES}) + + target_include_directories( ${PREFIX} PRIVATE + ${CMAKE_CURRENT_BINARY_DIR} + ${CMAKE_BINARY_DIR}/inc + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/gp + ${LOCAL_ROOT_PATH}/inc/enclave_inc + ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp + ${ITRUSTEE_TEEDIR}/include/TA + ${ITRUSTEE_TEEDIR}/include/TA/huawei_ext + ${ITRUSTEE_LIBC}/arch/aarch64 + ${ITRUSTEE_LIBC}/ + ${ITRUSTEE_LIBC}/arch/arm/bits + ${ITRUSTEE_LIBC}/arch/generic + ${ITRUSTEE_LIBC}/arch/arm + ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp/itrustee) + + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${PREFIX} PRIVATE + ${CMAKE_BINARY_DIR}/lib/) + endif() + + foreach(WHITE_LIST ${WHITELIST}) + add_definitions(-D${WHITE_LIST}="${${WHITE_LIST}}") + endforeach(WHITE_LIST) + add_definitions(-DWHITE_LIST_OWNER="${WHITE_LIST_OWNER}") + + target_link_libraries(${PREFIX} -lsecgear_tee) + + #for trustzone compiling, you should connact us to get config and private_key.pem for test, so we will not sign and install binary in this example # + # add_custom_command(TARGET ${PREFIX} + # POST_BUILD + # COMMAND bash ${SIGN_TOOL} -d sign -x trustzone -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -c ${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt -m ${CMAKE_CURRENT_SOURCE_DIR}/config_cloud.ini -o ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT}) + + # install(FILES ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT} + # DESTINATION /data + # PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) + +endif() + +if(CC_SGX) + set(SGX_DIR ${SDK_PATH}) + set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -m64 -fvisibility=hidden") + set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s") + set(LINK_LIBRARY_PATH ${SGX_DIR}/lib64) + + set(OPENSSL_LIBRARY_PATH ${SSL_PATH}/lib64) # openssl动态库 + + if(CC_SIM) + set(Trts_Library_Name sgx_trts_sim) + set(Service_Library_Name sgx_tservice_sim) + else() + set(Trts_Library_Name sgx_trts) + set(Service_Library_Name sgx_tservice) + endif() + + set(Crypto_Library_Name sgx_tcrypto) + + set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-z,defs -Wl,-pie -Bstatic -Bsymbolic -eenclave_entry \ + -Wl,--export-dynamic -Wl,--defsym,__ImageBase=0 -Wl,--gc-sections -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/Enclave.lds") + + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories( + ${LINK_LIBRARY_PATH} + ${OPENSSL_LIBRARY_PATH} + ) + endif() + + add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES}) + + target_include_directories(${PREFIX} PRIVATE + ${CMAKE_CURRENT_BINARY_DIR} + ${SGX_DIR}/include/tlibc + ${SGX_DIR}/include/libcxx + ${SGX_DIR}/include + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/sgx + ${SSL_PATH}/include #openssl静态库 + ${CURRENT_ROOT_PATH}/include + ) + + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${PREFIX} PRIVATE + ${LINK_LIBRARY_PATH} + ${OPENSSL_LIBRARY_PATH} + ${CURRENT_ROOT_PATH}/include + ) + endif() + + target_link_libraries(${PREFIX} -Wl,--whole-archive ${Trts_Library_Name} -lsgx_tsgxssl -Wl,--no-whole-archive + -Wl,--start-group + -lsgx_tstdc -lsgx_tcxx -lsgx_tsgxssl -lsgx_tsgxssl_crypto -lsgx_usgxssl + -lsgx_tcrypto -lsgx_pthread + -l${Crypto_Library_Name} -l${Service_Library_Name} + -Wl,--end-group) + add_custom_command(TARGET ${PREFIX} + POST_BUILD + COMMAND umask 0177 + COMMAND openssl genrsa -3 -out ${PEM} 3072 + COMMAND bash ${SIGN_TOOL} -d sign -x sgx -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -k ${PEM} -o ${OUTPUT} -c ${CMAKE_CURRENT_SOURCE_DIR}/Enclave.config.xml) +endif() + +if(NOT DEFINED CC_PL) + set_target_properties(${PREFIX} PROPERTIES SKIP_BUILD_RPATH TRUE) +endif() + +if(CC_PL) + set(SDK_LIB_DIR ${SDK_PATH}/lib) + set(SDK_INCLUDE_DIR ${SDK_LIB_DIR}/app/include) + set(SDK_APP_LIB ${SDK_LIB_DIR}/libpenglai-enclave-eapp.a) + set(MUSL_LIB_DIR ${SDK_PATH}/musl/lib) + set(MUSL_LIBC ${MUSL_LIB_DIR}/libc.a) + set(GCC_LIB ${SDK_LIB_DIR}/libgcc.a) + set(SECGEAR_TEE_LIB ${CMAKE_BINARY_DIR}/lib/libsecgear_tee.a) + + set(SOURCE_C_OBJS "") + foreach(SOURCE_FILE ${SOURCE_FILES}) + STRING(REGEX REPLACE ".+/(.+)\\..*" "\\1" SOURCE_FILE_NAME ${SOURCE_FILE}) + set(SOURCE_OBJ ${CMAKE_CURRENT_BINARY_DIR}/${SOURCE_FILE_NAME}.o) + add_custom_command( + OUTPUT ${SOURCE_OBJ} + DEPENDS ${SOURCE_FILES} + COMMAND gcc -Wall -I${SDK_INCLUDE_DIR} -I${CMAKE_CURRENT_BINARY_DIR} -I${CMAKE_BINARY_DIR}/inc + -I${LOCAL_ROOT_PATH}/inc/host_inc -I${LOCAL_ROOT_PATH}/inc/host_inc/penglai -I${LOCAL_ROOT_PATH}/inc/enclave_inc + -I${LOCAL_ROOT_PATH}/inc/enclave_inc/penglai -c -o ${SOURCE_OBJ} ${SOURCE_FILE} + COMMENT "generate SOURCE_OBJ" + ) + list(APPEND SOURCE_C_OBJS ${SOURCE_OBJ}) + endforeach() + + set(APP_C_OBJ ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.o) + add_custom_command( + OUTPUT ${APP_C_OBJ} + DEPENDS ${AUTO_FILES} + COMMAND gcc -Wall -I${SDK_INCLUDE_DIR} -I${CMAKE_CURRENT_BINARY_DIR} -I${CMAKE_BINARY_DIR}/inc + -I${LOCAL_ROOT_PATH}/inc/host_inc -I${LOCAL_ROOT_PATH}/inc/host_inc/penglai -I${LOCAL_ROOT_PATH}/inc/enclave_inc + -I${LOCAL_ROOT_PATH}/inc/enclave_inc/penglai -c -o ${APP_C_OBJ} ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c + COMMENT "generate APP_C_OBJ" + ) + + add_custom_command( + OUTPUT ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} + DEPENDS ${APP_C_OBJ} ${SOURCE_C_OBJS} ${SDK_APP_LIB} ${MUSL_LIBC} ${GCC_LIB} + COMMAND ld -static -L${SDK_LIB_DIR} -L${MUSL_LIB_DIR} -L/usr/lib64 -lpenglai-enclave-eapp -lsecgear_tee -lc + -o ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} ${APP_C_OBJ} ${SOURCE_C_OBJS} ${SDK_APP_LIB} ${SECGEAR_TEE_LIB} + ${MUSL_LIBC} ${GCC_LIB} -T ${SDK_PATH}/app.lds + COMMAND chmod -x ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} + COMMENT "generate penglai-ELF" + ) + add_custom_target( + ${OUTPUT} ALL + DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} + COMMENT "makefile target penglai-ELF" + ) + +endif() diff --git a/wallfacer2.0/secgear_da/enclave/Enclave.config.xml b/wallfacer2.0/secgear_da/enclave/Enclave.config.xml new file mode 100644 index 00000000..eec08410 --- /dev/null +++ b/wallfacer2.0/secgear_da/enclave/Enclave.config.xml @@ -0,0 +1,12 @@ + + 0 + 0 + 0x400000 + 0x1000000 + 10 + 1 + + 0 + 0 + 0xFFFFFFFF + diff --git a/wallfacer2.0/secgear_da/enclave/Enclave.lds b/wallfacer2.0/secgear_da/enclave/Enclave.lds new file mode 100644 index 00000000..ab77e647 --- /dev/null +++ b/wallfacer2.0/secgear_da/enclave/Enclave.lds @@ -0,0 +1,11 @@ +enclave.so +{ + global: + g_global_data_sim; + g_global_data; + enclave_entry; + g_peak_heap_used; + local: + *; +}; + diff --git a/wallfacer2.0/secgear_da/enclave/config_cloud.ini b/wallfacer2.0/secgear_da/enclave/config_cloud.ini new file mode 100644 index 00000000..8c70225e --- /dev/null +++ b/wallfacer2.0/secgear_da/enclave/config_cloud.ini @@ -0,0 +1,60 @@ +[signSecPrivateCfg] +;;; +;private key length for signing TA: +;[fixed value] +;256 ECDSA Alg +;2048/4096 RSA Alg +secSignKeyLen = 4096 +;;; +;[fixed value] +;0 means SHA256 hash type +;1 means SHA512 hash type +secHashType = 0 +;;; +; [fixed value] +;0 means padding type is pkcs1v15 +;1 means padding type is PSS +;[fixed value] +secPaddingType = 1 +;;; +;[fixed value] +;RSA alg +;ECDSA alg +;SM2 alg +secSignAlg = RSA +;;; +;public key for encrypt TA +secEncryptKey = rsa_public_key_cloud.pem +;;; +;public key length +secEncryptKeyLen = 3072 + +[signSecPublicCfg] +;;; +;[fixed value] +; sec sign key type +;0 means debug +;1 means release +secReleaseType = 1 +;;; +;0 means TA not installed by OTRP +;1 means TA installed by OTRP +secOtrpFlag = 0 +;;; +;0 means not sign +;1 means signed by local private +;2 means signed using native sign tool; +;3 means signed by CI +;[fixed value] +secSignType = 1 +;;; +;server address for signing TA +secSignServerIp = +;;; +;private key for signing TA +;[private key owned by yourself] +secSignKey = /home/TA_cert/private_key.pem +;;; +;config file +;[signed config file by Huawei] +configPath = /home/TA_cert/secgear-app1/config diff --git a/wallfacer2.0/secgear_da/enclave/da.cpp b/wallfacer2.0/secgear_da/enclave/da.cpp new file mode 100644 index 00000000..13cdbf85 --- /dev/null +++ b/wallfacer2.0/secgear_da/enclave/da.cpp @@ -0,0 +1,261 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * secGear is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + + +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "common.h" +#include "tpch.h" + +#include "da_t.h" +using namespace std; + +#define TA_HELLO_WORLD "secgear hello world!" +#define BUF_MAX 32 + +const uint8_t userkey[16] = { // AES密钥生成参数 + '1', '2', '3', '4', + '5', '6', '7', '8', + '9', '0', '1', '2', + '3', '4', '5', '6' +}; +// 分组加密 +uint8_t aes_in[16] = {0}, aes_out[16] = {0}; + +// 加解密秘钥 +AES_KEY encrypt_key, decrypt_key; + +// 相关数据结构定义 +CustomerItem* customer_items; // 数据指针 +size_t customer_items_size = 0; +CustomerBucket customer_bucket; // 缓存桶 +AccessCounter ac_counter; // 访问频次计数器 + + +int get_string(char *buf) +{ + strncpy(buf, TA_HELLO_WORLD, strlen(TA_HELLO_WORLD) + 1); + return 0; +} + + +// 加密 +void AES_Encrypt(KEY &Key) +{ + uint8_t *value = (uint8_t *)Key.val_ptr; // 获取value值 + AES_set_encrypt_key(userkey, 128, &encrypt_key); // 生成128bit加密秘钥 + for (size_t i = 0;i < Key.val_size;i+=16) { + memcpy(aes_in, value+i, 16); // 取16字节 + AES_ecb_encrypt(aes_in, aes_out, &encrypt_key, AES_ENCRYPT); // 加密 + memcpy(value+i, aes_out, 16); // 拷贝回去 + } +} +// 解密 +void AES_Decrypt(KEY Key, uint8_t *buf) +{ + uint8_t *value = (uint8_t *)Key.val_ptr; + AES_set_decrypt_key(userkey, 128, &decrypt_key); // 生成128bit解密密钥 + for (size_t i = 0;i < Key.val_size;i+=16) { + memcpy(aes_in, value+i,16); // 取16字节 + AES_ecb_encrypt(aes_in, aes_out, &decrypt_key, AES_DECRYPT); // 解密 + memcpy(buf+i, aes_out, 16); // 拷贝到buf + } +} +// char* 转string +string toString(char* arr) +{ + string str = string(arr); + return str; +} + +/** +* 初始化函数 +* @param customer_items_addr customer表在不可信内存中的地址 +* @param item_num customer表的大小 +*/ +int InitCustomerItem(uint64_t customer_items_addr, size_t cust_size) +{ + + customer_items = (CustomerItem*)customer_items_addr; + customer_items_size = cust_size; + return 0; +} + +/** +* 从表中搜索数据 +* @param FieldIndex 查找字段 +* @param item 查找条件 +* @param res_item 结果集合 +* @param res_len 返回结果长度 +*/ +int SearchFromTable(int FieldIndex, CustomerItem* item, CustomerItem* res_item, size_t* res_len) +{ + Variant var_tar, var_src; + int type_id; + switch(FieldIndex) { + case C_CUSTKEY_COUNTER: var_tar = item->CustomerKey; break; + case C_NAME_COUNTER: var_tar = toString(item->Name); break; + case C_ADDRESS_COUNTER: var_tar = toString(item->Address); break; + case C_NATION_COUNTER: var_tar = item->Nation; break; + case C_PHONE_COUNTER: var_tar = toString(item->Phone); break; + case C_ACCTBAL_COUNTER: var_tar = toString(item->Mktsegment); break; + case C_COMMENT_COUNTER: var_tar = toString(item->Comment); break; + default: break; + + } + type_id = var_tar.index(); + // 查找 + for (size_t i = 0;i < customer_items_size;i++) { + switch (FieldIndex) { + case C_CUSTKEY_COUNTER: var_src = customer_items[i].CustomerKey; break; + case C_NAME_COUNTER: var_src = customer_items[i].Name; break; + case C_ADDRESS_COUNTER: var_src = customer_items[i].Address; break; + case C_NATION_COUNTER: var_src = customer_items[i].Nation; break; + case C_PHONE_COUNTER: var_src = customer_items[i].Phone; break; + case C_ACCTBAL_COUNTER: var_src = customer_items[i].Acctbal; break; + case C_COMMENT_COUNTER: var_src = customer_items[i].Comment; break; + default: break; + } + if (var_src == var_tar) { + print(1); + memcpy(&res_item[res_len[0]++], &customer_items[i], sizeof(CustomerItem)); + } + } + return 0; +} + + +/** +* 从桶中搜索数据 +* @param FieldIndex 查找字段 +* @param item 查找条件 +* @param res_item 结果集合 +* @param res_len 返回结果长度 +*/ +int SearchFromBucket(int FieldIndex, CustomerItem* item, CustomerItem* res_item, size_t* res_len) +{ + Variant var_tar, var_src; // 比较变量 + int type_id; // 数据类型 + + switch(FieldIndex) { + case C_CUSTKEY_COUNTER: var_tar = item->CustomerKey; break; + case C_NAME_COUNTER: var_tar = toString(item->Name); break; + case C_ADDRESS_COUNTER: var_tar = toString(item->Address); break; + case C_NATION_COUNTER: var_tar = item->Nation; break; + case C_PHONE_COUNTER: var_tar = toString(item->Phone); break; + case C_ACCTBAL_COUNTER: var_tar = toString(item->Mktsegment); break; + case C_COMMENT_COUNTER: var_tar = toString(item->Comment); break; + default: break; + } + type_id = var_tar.index(); + + // 先在桶里找 + for (BucketItem::iterator it = customer_bucket[FieldIndex].begin();it != customer_bucket[FieldIndex].end(); it++) { + var_src = it->first; + // 如果相等 + if (var_tar == var_src) { + print(12580); + res_len[0] = it->second.size(); + for (int i = 0;i < it->second.size();i++) { + memcpy(&res_item[it->second[i]], &customer_items[it->second[i]], sizeof(CustomerItem)); + } + + } + } + // 找不到再去表里搜 + if (res_len[0] == 0) { + SearchFromTable(FieldIndex, item, res_item, res_len); + } + + return 0; +} + + +/** +* 根据计数器调整桶 +* +*/ +void AdjustBucket() +{ + string str; + // 开始往桶里面丢,桶的个数与字段个数相同,桶里面应该记录<字段值,[主码索引]> + for (size_t i = 0;i <= C_COMMENT_COUNTER;i++) { + // 如果该字段计数器中有内容,就开始构建桶 + if (ac_counter[i].size() != 0) { + for (Counter::iterator it = ac_counter[i].begin(); it != ac_counter[i].end(); it++) { + if (it->second > 0) { + int index = it->first; + switch (i) { + case C_CUSTKEY_COUNTER: customer_bucket[i][customer_items[index].CustomerKey].push_back(it->first); break; // bucketitem + case C_NAME_COUNTER: customer_bucket[i][customer_items[index].Name].push_back(it->first); break; // bucketitem + case C_ADDRESS_COUNTER: customer_bucket[i][customer_items[index].Address].push_back(it->first); break; // bucketitem + case C_NATION_COUNTER: customer_bucket[i][customer_items[index].Nation].push_back(it->first); break; // bucketitem + case C_PHONE_COUNTER: customer_bucket[i][customer_items[index].Phone].push_back(it->first); break; // bucketitem + case C_ACCTBAL_COUNTER: customer_bucket[i][customer_items[index].Acctbal].push_back(it->first); break; // bucketitem + case C_MKTSEGMENT_COUNTER: customer_bucket[i][customer_items[index].Mktsegment].push_back(it->first); break; // bucketitem + case C_COMMENT_COUNTER: customer_bucket[i][customer_items[index].Comment].push_back(it->first); break; // bucketitem + default: break; + } + } + } + } + } +} + +/** +* 查询函数 +* @param FieldList 要查询的字段名称(字段编号) +* @param field_len 要查询的字段个数 +* @param item_addr 查询关键字的地址 +* @param res_item_addr 返回结果集的地址 +* @param res_len 返回结果集合的大小 +*/ +int GetData(int32_t* FieldIndex, size_t field_len, uint64_t item_addr, uint64_t res_item_addr, size_t* res_len) +{ + // 获取查询条件指针 + CustomerItem* item = (CustomerItem*)item_addr; + + // 获取返回结果指针 + CustomerItem* res_item = (CustomerItem*)res_item_addr; + + // 开始查询 + SearchFromBucket(FieldIndex[0], item, res_item, res_len); + + // 根据查找结果更新计数器的值 + for (size_t counter_i = 0;counter_i < field_len;counter_i++) { + for (size_t i = 0;i < res_len[0];i++) { + ac_counter[FieldIndex[counter_i]][res_item->CustomerKey]++; + } + } + + // 根据计数器内容调整桶 + AdjustBucket(); + + return 0; +} + diff --git a/wallfacer2.0/secgear_da/enclave/manifest.txt b/wallfacer2.0/secgear_da/enclave/manifest.txt new file mode 100644 index 00000000..d78354e6 --- /dev/null +++ b/wallfacer2.0/secgear_da/enclave/manifest.txt @@ -0,0 +1,7 @@ +gpd.ta.appID: f68fd704-6eb1-4d14-b218-722850eb3ef0 +gpd.ta.service_name: rsa-demo +gpd.ta.singleInstance: true +gpd.ta.multiSession: false +gpd.ta.instanceKeepAlive: false +gpd.ta.dataSize: 819200 +gpd.ta.stackSize: 40960 diff --git a/wallfacer2.0/secgear_da/host/CMakeLists.txt b/wallfacer2.0/secgear_da/host/CMakeLists.txt new file mode 100644 index 00000000..299a1df7 --- /dev/null +++ b/wallfacer2.0/secgear_da/host/CMakeLists.txt @@ -0,0 +1,130 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. +# secGear is licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR +# PURPOSE. +# See the Mulan PSL v2 for more details. + +#set auto code prefix +set(PREFIX da) +#set host exec name +set(OUTPUT secgear_da) +#set host src code +set(SOURCE_FILE ${CMAKE_CURRENT_SOURCE_DIR}/main.cpp) + +#set auto code +if(CC_GP) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp) +endif() + +if(CC_SGX) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} + --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx + --search-path ${SDK_PATH}/include + --search-path ${SSL_PATH}/include) +endif() + +if(CC_PL) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/penglai) +endif() + +set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIE") +set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s") + +if(CC_GP) + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() + add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) + target_include_directories(${OUTPUT} PRIVATE + ${CMAKE_BINARY_DIR}/inc + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/gp + ${CMAKE_CURRENT_BINARY_DIR}) + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() +endif() + +if(CC_SGX) + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY} + ${SSL_PATH}/lib64 + ) + endif() + add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) + target_include_directories(${OUTPUT} PRIVATE + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/sgx + ${CMAKE_CURRENT_BINARY_DIR} + ${CURRENT_ROOT_PATH}/include/) + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${OUTPUT} PRIVATE + ${CMAKE_LIBRARY_OUTPUT_DIRECTORY} + ${SSL_PATH}/lib64 + ${CURRENT_ROOT_PATH}/include/ + ) + endif() +endif() + +if(CC_PL) + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() + add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) + target_include_directories(${OUTPUT} PRIVATE + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/penglai + ${CMAKE_CURRENT_BINARY_DIR} + ) + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() +endif() + +if(CC_SIM) + target_link_libraries(${OUTPUT} secgearsim pthread sgx_usgxssl) # 链接动态库 +else() + target_link_libraries(${OUTPUT} secgear pthread sgx_usgxssl) +endif() +set_target_properties(${OUTPUT} PROPERTIES SKIP_BUILD_RPATH TRUE) + +if(CC_GP) + #itrustee install whitelist /vender/bin/teec_hello + install(TARGETS ${OUTPUT} + RUNTIME + DESTINATION /vendor/bin/ + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ + WORLD_EXECUTE WORLD_READ) +endif() + +if(CC_SGX) + install(TARGETS ${OUTPUT} + RUNTIME + DESTINATION ${CMAKE_BINARY_DIR}/bin/ + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ + WORLD_EXECUTE WORLD_READ) +endif() + +if(CC_PL) + install(TARGETS ${OUTPUT} + RUNTIME + DESTINATION ${CMAKE_BINARY_DIR}/bin/ + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ + WORLD_EXECUTE WORLD_READ) +endif() diff --git a/wallfacer2.0/secgear_da/host/main.cpp b/wallfacer2.0/secgear_da/host/main.cpp new file mode 100644 index 00000000..08f512e5 --- /dev/null +++ b/wallfacer2.0/secgear_da/host/main.cpp @@ -0,0 +1,205 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * secGear is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + +#include +#include +#include +#include +#include + +#include "enclave.h" +#include "da_u.h" +#include "common.h" +#include "tpch.h" + +#include +using namespace std; + +// #define RSA_PUBLIC_KEY_FILE "pubkey.pem" +clock_t start, stop; // 时间参数 +unsigned long long begin2, end2, total = 0; // CPU时钟周期数 +unsigned long long begin1, end1, total1 = 0; // CPU时钟周期数 +cc_enclave_t global_eid = {}; // 全局enclave_id +cc_enclave_result_t res = CC_FAIL; // enclave状态结果 +uint8_t buf[VALUE_SIZE] = {0}; // 无符号缓冲区 +char temp[VALUE_SIZE + 1]; // 字符串缓冲区 +int retval = 0; // ecall函数返回值 + +// 数据加密后存储在非安全区中,首地址传入TEE中,无需ocall直接访问 +CustomerItem *customer_items = new CustomerItem[MAX_ITEM_NUM + 1]; + +// 测量CPU时钟周期数 +static __inline__ unsigned long long rdtsc(void) +{ + unsigned hi, lo; + __asm__ __volatile__ ("rdtsc" : "=a"(lo),"=d"(hi)); + return ( (unsigned long long)lo)|( ((unsigned long long)hi)<<32 ); +} + +// 创建enclave +int CreateEnclave() +{ + int retval = 0; + const char *path = PATH; + + + char real_p[PATH_MAX]; + /* check file exists, if not exist then use absolute path */ + if (realpath(path, real_p) == NULL) { + if (getcwd(real_p, sizeof(real_p)) == NULL) { + printf("Cannot find enclave.sign.so"); + return res; + } + if (PATH_MAX - strlen(real_p) <= strlen("/enclave.signed.so")) { + printf("Failed to strcat enclave.sign.so path"); + return res; + } + (void)strcat(real_p, "/enclave.signed.so"); + } + // 创建飞地 + res = cc_enclave_create( + real_p, + AUTO_ENCLAVE_TYPE, + 0, + SECGEAR_DEBUG_FLAG, + NULL, + 0, + &global_eid); + return res; +} +// 销毁enclave +void DestoryEnclave() +{ + int retval = 0; + res = cc_enclave_destroy(&global_eid); + if(res != CC_SUCCESS) { + printf("host destroy enclave error\n"); + } else { + printf("host destroy enclave success\n"); + } +} + +// 打印查询结果 +void print_res(CustomerItem *res_item, size_t res_len) +{ + for (size_t i = 0;i < res_len;i++) { + cout << "=========================================\n"; + cout << i + 1 << ":" << endl; + cout << "Key: " << res_item[i].CustomerKey << endl; + cout << "Name: "<< res_item[i].Name << endl; + cout << "Address: " << res_item[i].Address << endl; + cout << "Nation: " << res_item[i].Nation << endl; + cout << "Phone: " << res_item[i].Phone << endl; + cout << "MktSegment: " << res_item[i].Mktsegment << endl; + cout << "Comment: " << res_item[i].Comment << endl; + } +} + +// 生成数据 +void generate_data() +{ + // 生成测试数据 + for (int i = 0;i <= MAX_ITEM_NUM;i++) { + string temp = "hello"; + temp += to_string(rand()%10); + customer_items[i].CustomerKey = i; + customer_items[i].Nation = rand()%10 + 1; + memcpy(customer_items[i].Comment, temp.c_str(), temp.length()); + memcpy(customer_items[i].Name, temp.c_str(), temp.length()); + memcpy(customer_items[i].Address, temp.c_str(), temp.length()); + memcpy(customer_items[i].Phone, temp.c_str(), temp.length()); + memcpy(customer_items[i].Acctbal, temp.c_str(), temp.length()); + memcpy(customer_items[i].Mktsegment, temp.c_str(), temp.length()); + } +} + +// 查询数据 +void get_data(int32_t* FieldList, size_t field_len, CustomerItem* item, CustomerItem* res_item, size_t* res_len) +{ + res = GetData(&global_eid, + &retval, + FieldList, // 字段 + field_len, // 查询条件字段个数 + (uint64_t)item, // 查询条件 + (uint64_t)res_item, // 查询结果返回 + res_len // 查询结果个数 + ); + + if (res != CC_SUCCESS || retval != 0) { + cout << "Search failed\n"; + } else { + cout << "Search success\n"; + print_res(res_item, res_len[0]); + } + memset(res_len, 0, sizeof(size_t)); + +} + +// 打印测试函数(ocall-function) +void print(uint64_t c) { + std::cout << c << std::endl; +} + + +int main() +{ + // 生成数据 + generate_data(); + // 创建飞地 + if (CreateEnclave() != 0) { + std::cout << "Create enclave failed\n"; + return -1; + } + // 初始化数据 + res = InitCustomerItem(&global_eid, + &retval, + (uint64_t)customer_items, + MAX_ITEM_NUM); + if (res != CC_SUCCESS || retval != 0) { + cout << "Initiation failed\n"; + return res; + } else { + cout << "Init success\n"; + } + // 设置查询条件(测试用例) + CustomerItem* item = new CustomerItem(); // 暂存查询条件 + int32_t FieldList[32] = {0}; // 查询字段列表 + FieldList[0] = 3; // 查询字段名称 + size_t res_len[2] = {0}; // 返回结果长度 + size_t field_len = 1; // 查询字段个数 + + item->CustomerKey = 101; + memcpy(item->Name, "C_NAME", 6); + memcpy(item->Address, "hello3", 6); + item->Nation = 4; + + // 返回结果集合 + CustomerItem* res_item = new CustomerItem[MAX_BUF_SIZE]; + // 查询数据 + begin1 = rdtsc(); + get_data(FieldList, field_len, item, res_item, res_len); + end1 = rdtsc(); + + // 再次执行查询任务 + begin2 = rdtsc(); + get_data(FieldList, field_len, item, res_item, res_len); + end2 = rdtsc(); + + + cout << "第一次查询CPU cycles (get data from table): " << end1 - begin1 << endl; + cout << "第二次查询CPU cycles (get data from bucket): " << end2 - begin2 << endl; + // 销毁飞地 + DestoryEnclave(); + + + return res; +} diff --git a/wallfacer2.0/secgear_da/host/test.cpp b/wallfacer2.0/secgear_da/host/test.cpp new file mode 100644 index 00000000..3c013033 --- /dev/null +++ b/wallfacer2.0/secgear_da/host/test.cpp @@ -0,0 +1,133 @@ +#include "tpch.h" +#include +#include +#define MAX_ITEM_NUM 1000000 +using namespace std; + +static __inline__ unsigned long long rdtsc(void) +{ + unsigned hi, lo; + __asm__ __volatile__ ("rdtsc" : "=a"(lo),"=d"(hi)); + return ( (unsigned long long)lo)|( ((unsigned long long)hi)<< 32 ); +} + +int main() +{ + unsigned long long int begin, stop,total=0; + CustomerItem *items = new CustomerItem[MAX_ITEM_NUM + 1]; // ???????????????????????TEE????TEE????ocall?????? + CustomerBucket cust_bucket; // ????? + clock_t start, end; + double during = 0; + Variant var; + for (int i = 1;i <= MAX_ITEM_NUM;i++) { + items[i].CustomerKey = i; + items[i].Comment = "hello" + to_string(i); + items[i].Name = "hello" + to_string(i); + items[i].Address = "hello" + to_string(i); + items[i].Phone = "hello" + to_string(i); + items[i].Acctbal = "hello" + to_string(i); + items[i].Mktsegment = "hello" + to_string(i); + + } + // ????????? + items[1].Comment = "hello"; + items[10].Comment = "hello"; + for (int i = 500000;i <= 600000;i++) { + items[i].Comment == "hello"; + } + + Variant var1 = "hello"; + CustomerItem item = items[10]; + + // ???????????????? ?????????????????? + AccessCounter ac_counter; + // ??????????? + ac_counter[C_COMMENT_COUNTER][item.CustomerKey]++; // ?????????? + ac_counter[C_CUSTKEY_COUNTER][item.CustomerKey]++; + ac_counter[C_COMMENT_COUNTER][1] = 10; + // ??????????????????????? + + for (size_t i = 0;i < ac_counter.size(); i++) { + cout << "Field: " << FieldNameList[i] << endl; + if (ac_counter.size() != 0) { + for (Counter::iterator it = ac_counter[i].begin(); it != ac_counter[i].end(); it++) { + cout << "primary key = " << it->first << " " << "counter = " << it->second << "; "; + } + cout << "\n==============\n"; + } + } + + // ????????????????????????????????????????? + for (size_t i = 0; i <= C_COMMENT_COUNTER; i++) { + if (ac_counter[i].size()) { // ???????????????????? + for (Counter::iterator it = ac_counter[i].begin(); it != ac_counter[i].end(); it++) { + if (it->second != 0) { // ??????????????1 + int index = it->first; + switch (i) + { + case C_CUSTKEY_COUNTER: cust_bucket[i][items[index].CustomerKey].push_back(it->first); break; // bucketitem + case C_NAME_COUNTER: cust_bucket[i][items[index].Name].push_back(it->first); break; // bucketitem + case C_ADDRESS_COUNTER: cust_bucket[i][items[index].Address].push_back(it->first); break; // bucketitem + case C_NATION_COUNTER: cust_bucket[i][items[index].Nation].push_back(it->first); break; // bucketitem + case C_PHONE_COUNTER: cust_bucket[i][items[index].Phone].push_back(it->first); break; // bucketitem + case C_ACCTBAL_COUNTER: cust_bucket[i][items[index].Acctbal].push_back(it->first); break; // bucketitem + case C_MKTSEGMENT_COUNTER: cust_bucket[i][items[index].Mktsegment].push_back(it->first); break; // bucketitem + case C_COMMENT_COUNTER: cust_bucket[i][items[index].Comment].push_back(it->first); break; // bucketitem + default: break; + } + + } + } + } + } + start = clock(); + // ??bucket???? + begin = rdtsc(); + for (BucketItem::iterator it = cust_bucket[C_COMMENT_COUNTER].begin();it != cust_bucket[C_COMMENT_COUNTER].end(); it++) { + var = it->first; + int type_id = var.index(); + /* + switch (type_id) + { + case 0: int32_t va = std::get<0>(var); + case 1: string va = std::get<1>(var); + case 2: double va = std::get<2>(var) + default: break; + } + */ + // string str = std::get<1>(var); + if (var == var1) { + // cout << it->second.size() << endl; + cout << it->second.size() << " "; + for (auto ii: it->second) { + // cout << ii << " "; + } + } + } + stop = rdtsc(); + end = clock(); + during = (double)(end - start) / CLOCKS_PER_SEC; + cout << "???: " << during << endl; + cout << "CPU?????????: "<< stop - begin << endl; + + + start = clock(); + begin = rdtsc(); + vector res; + for (int i = 1;i <= MAX_ITEM_NUM;i++) { + var = items[i].Comment; + if (var == var1) { + // cout << items[i].CustomerKey << " "; + res.push_back(items[i].CustomerKey); + } + + } + cout << res.size() << " "; + stop = rdtsc(); + end = clock(); + during = (double)(end - start) / CLOCKS_PER_SEC; + cout << "???: " << during << endl; + cout << "CPU?????????" << stop - begin << endl; + + return 0; +} \ No newline at end of file diff --git a/wallfacer2.0/secgear_da/include/common.h b/wallfacer2.0/secgear_da/include/common.h new file mode 100644 index 00000000..ea54200f --- /dev/null +++ b/wallfacer2.0/secgear_da/include/common.h @@ -0,0 +1,31 @@ +#ifndef COMMON_H +#define COMMON_H + +#define VALUE_SIZE 128 +#define TEST_ITEM_SIZE 100 +using namespace std; + +// 键(存储在TEE中) +typedef struct KEY { + int key_val; // 键 + uint8_t *val_ptr; // 指针 + size_t val_size; // value长度 + size_t hash_value; // hash(这里可以选一种hash函数替换成HMAC) +} KEY; + +// 值(加密存储在REE中) +typedef struct VALUE { + uint8_t *value; + size_t val_len; +} VALUE; + +// 键值对数据 +typedef struct KV { + int32_t key_val; + uint8_t value[VALUE_SIZE]; + size_t value_len; +} KV; + + + +#endif \ No newline at end of file diff --git a/wallfacer2.0/secgear_da/include/tpch.h b/wallfacer2.0/secgear_da/include/tpch.h new file mode 100644 index 00000000..efa59800 --- /dev/null +++ b/wallfacer2.0/secgear_da/include/tpch.h @@ -0,0 +1,105 @@ +#ifndef TPCH_H +#define TPCH_H + +#include +#include +#include +#include +#include + +/* +定义长度 +*/ +#define MAX_ITEM_NUM 10000 +#define BUF_SIZE_16 16 +#define BUF_SIZE_32 32 +#define BUF_SIZE_64 64 +#define BUF_SIZE_128 128 +#define MAX_BUF_SIZE 10001 + + +using namespace std; +/* +* Customer表字段名称 +*/ +#define C_CUSTKEY_FIELD "C_CUSTKEY" +#define C_NAME_FIELD "C_NAME" +#define C_ADDRESS_FIELD "C_ADDRESS" +#define C_NATION_FIELD "C_NATION" +#define C_PHONE_FIELD "C_PHONE" +#define C_ACCTBAL_FIELD "C_ACCTBAL" +#define C_MKTSEGMENT_FIELD "C_MKTSEGMENT" +#define C_COMMENT_FIELD "C_COMMENT" + +/* +* 使用列主序存储,在相应的列查到数据之后可以通过下标索引获取其他字段数据 +*/ +enum CustomerDesc { + C_NAME = 0, + C_ADDRESS, + C_PHONE, + C_ACCTBAL, + C_MKTSEGMENT, + C_COMMENT +}; +typedef array String_32; + +/* +* 按照字段名称为计数器构建下标索引 +*/ +enum CustomerCounterIndex { + C_CUSTKEY_COUNTER = 0, + C_NAME_COUNTER, + C_ADDRESS_COUNTER, + C_NATION_COUNTER, + C_PHONE_COUNTER, + C_ACCTBAL_COUNTER, + C_MKTSEGMENT_COUNTER, + C_COMMENT_COUNTER +}; + +// 字段名称集合 +std::array FieldNameList = {"C_CUSTKEY", "C_NAME", "C_ADDRESS", "C_NATION", "C_PHONE", "C_ACCTBAL","C_MKTSEGMENT", "C_COMMENT"}; +/* +* 数据条目 +*/ +typedef struct CustomerItem { + int32_t CustomerKey; + int32_t Nation; + char Name[BUF_SIZE_16 + 1]; + char Address[BUF_SIZE_128 + 1]; + char Phone[BUF_SIZE_16 + 1]; + char Acctbal[BUF_SIZE_128 + 1]; + char Mktsegment[BUF_SIZE_128 + 1]; + char Comment[BUF_SIZE_128 + 1]; +} CustomerItem; + +// 访问频次计数器 +typedef std::map Counter; +typedef std::array AccessCounter; + +// 自定义Variant类型,包括int(0), string(1), double(2)三种变量类型 +typedef std::variant Variant; + +// 缓存桶, 用来存储<字段名称, 主键> +typedef std::map > BucketItem; +typedef std::array CustomerBucket; + +////////////////////////////////////////////////////////////////////// +// 主码属性 +typedef struct Customer { + map > CustomerKey; +} Customer; + +// 非主属性 +typedef struct CustomerField { + map > Name; + map > Address; + map > Nation; + map > Phone; + map > Acctbal; + map > Mktsegment; + map > Comment; +} CustomerField; + +#endif \ No newline at end of file diff --git a/wallfacer2.0/secgear_kv/CMakeLists.txt b/wallfacer2.0/secgear_kv/CMakeLists.txt new file mode 100644 index 00000000..d73ecd9e --- /dev/null +++ b/wallfacer2.0/secgear_kv/CMakeLists.txt @@ -0,0 +1,44 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. +# secGear is licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR +# PURPOSE. +# See the Mulan PSL v2 for more details. + +project(HelloWorld CXX) + +# set(CMAKE_C_STANDARD 99) +set(CMAKE_CXX_STANDARD 17) + + +set(CURRENT_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR}) + +#set edl name +set(EDL_FILE kv.edl) +set(CODEGEN codegen) + +if(CC_GP) + set(CODETYPE trustzone) + set(UUID f68fd704-6eb1-4d14-b218-722850eb3ef0) + add_definitions(-DPATH="/data/${UUID}.sec") +endif() + +if (NOT DEFINED SSL_PATH) + set(SSL_PATH /opt/intel/sgxssl) +endif() + +if(CC_SGX) + set(CODETYPE sgx) + add_definitions(-DPATH="${CMAKE_CURRENT_BINARY_DIR}/enclave/enclave.signed.so") +endif() + +if(CC_PL) + set(CODETYPE penglai) + add_definitions(-DPATH="${CMAKE_CURRENT_SOURCE_DIR}/enclave/penglai-ELF") +endif() + +add_subdirectory(${CURRENT_ROOT_PATH}/enclave) +add_subdirectory(${CURRENT_ROOT_PATH}/host) diff --git a/wallfacer2.0/secgear_kv/enclave/CMakeLists.txt b/wallfacer2.0/secgear_kv/enclave/CMakeLists.txt new file mode 100644 index 00000000..cafed093 --- /dev/null +++ b/wallfacer2.0/secgear_kv/enclave/CMakeLists.txt @@ -0,0 +1,234 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. +# secGear is licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR +# PURPOSE. +# See the Mulan PSL v2 for more details. + +#set auto code prefix +set(PREFIX kv) + +#set sign key +set(PEM Enclave_private.pem) + +#set sign tool +set(SIGN_TOOL ${LOCAL_ROOT_PATH}/tools/sign_tool/sign_tool.sh) + +#set enclave src code +set(SOURCE_FILES ${CMAKE_CURRENT_SOURCE_DIR}/kv.cpp) + +#set log level +set(PRINT_LEVEL 3) +add_definitions(-DPRINT_LEVEL=${PRINT_LEVEL}) + +if(CC_GP) + #set signed output + set(OUTPUT ${UUID}.sec) + #set whilelist. default: /vendor/bin/teec_hello + set(WHITE_LIST_0 /vendor/bin/helloworld) + set(WHITE_LIST_OWNER root) + set(WHITE_LIST_1 /vendor/bin/secgear_helloworld) + set(WHITELIST WHITE_LIST_0 WHITE_LIST_1) + + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp) +endif() + +if(CC_SGX) + set(OUTPUT enclave.signed.so) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SDK_PATH}/include --search-path ${SSL_PATH}/include) +endif() + +if(CC_PL) + set(OUTPUT penglai-ELF) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/penglai) +endif() + +set(COMMON_C_FLAGS "-W -Wall -Werror -fno-short-enums -fno-omit-frame-pointer -fstack-protector \ + -Wstack-protector --param ssp-buffer-size=4 -frecord-gcc-switches -Wextra -nostdinc -nodefaultlibs \ + -fno-peephole -fno-peephole2 -Wno-main -Wno-error=unused-parameter \ + -Wno-error=unused-but-set-variable -Wno-error=format-truncation=") + +set(COMMON_C_LINK_FLAGS "-Wl,-z,now -Wl,-z,relro -Wl,-z,noexecstack -Wl,-nostdlib -nodefaultlibs -nostartfiles") + +if(CC_GP) + + set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -march=armv8-a ") + set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s -fPIC") + set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-s") + + set(ITRUSTEE_TEEDIR ${SDK_PATH}/) + set(ITRUSTEE_LIBC ${SDK_PATH}/thirdparty/open_source/musl/libc) + + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${CMAKE_BINARY_DIR}/lib/) + endif() + + add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES}) + + target_include_directories( ${PREFIX} PRIVATE + ${CMAKE_CURRENT_BINARY_DIR} + ${CMAKE_BINARY_DIR}/inc + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/gp + ${LOCAL_ROOT_PATH}/inc/enclave_inc + ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp + ${ITRUSTEE_TEEDIR}/include/TA + ${ITRUSTEE_TEEDIR}/include/TA/huawei_ext + ${ITRUSTEE_LIBC}/arch/aarch64 + ${ITRUSTEE_LIBC}/ + ${ITRUSTEE_LIBC}/arch/arm/bits + ${ITRUSTEE_LIBC}/arch/generic + ${ITRUSTEE_LIBC}/arch/arm + ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp/itrustee) + + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${PREFIX} PRIVATE + ${CMAKE_BINARY_DIR}/lib/) + endif() + + foreach(WHITE_LIST ${WHITELIST}) + add_definitions(-D${WHITE_LIST}="${${WHITE_LIST}}") + endforeach(WHITE_LIST) + add_definitions(-DWHITE_LIST_OWNER="${WHITE_LIST_OWNER}") + + target_link_libraries(${PREFIX} -lsecgear_tee) + + #for trustzone compiling, you should connact us to get config and private_key.pem for test, so we will not sign and install binary in this example # + # add_custom_command(TARGET ${PREFIX} + # POST_BUILD + # COMMAND bash ${SIGN_TOOL} -d sign -x trustzone -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -c ${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt -m ${CMAKE_CURRENT_SOURCE_DIR}/config_cloud.ini -o ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT}) + + # install(FILES ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT} + # DESTINATION /data + # PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) + +endif() + +if(CC_SGX) + set(SGX_DIR ${SDK_PATH}) + set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -m64 -fvisibility=hidden") + set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s") + set(LINK_LIBRARY_PATH ${SGX_DIR}/lib64) + + set(OPENSSL_LIBRARY_PATH ${SSL_PATH}/lib64) # openssl动态库 + + if(CC_SIM) + set(Trts_Library_Name sgx_trts_sim) + set(Service_Library_Name sgx_tservice_sim) + else() + set(Trts_Library_Name sgx_trts) + set(Service_Library_Name sgx_tservice) + endif() + + set(Crypto_Library_Name sgx_tcrypto) + + set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-z,defs -Wl,-pie -Bstatic -Bsymbolic -eenclave_entry \ + -Wl,--export-dynamic -Wl,--defsym,__ImageBase=0 -Wl,--gc-sections -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/Enclave.lds") + + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories( + ${LINK_LIBRARY_PATH} + ${OPENSSL_LIBRARY_PATH} + ) + endif() + + add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES}) + + target_include_directories(${PREFIX} PRIVATE + ${CMAKE_CURRENT_BINARY_DIR} + ${SGX_DIR}/include/tlibc + ${SGX_DIR}/include/libcxx + ${SGX_DIR}/include + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/sgx + ${SSL_PATH}/include #openssl静态库 + ${CURRENT_ROOT_PATH}/include + ) + + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${PREFIX} PRIVATE + ${LINK_LIBRARY_PATH} + ${OPENSSL_LIBRARY_PATH} + ${CURRENT_ROOT_PATH}/include + ) + endif() + + target_link_libraries(${PREFIX} -Wl,--whole-archive ${Trts_Library_Name} -lsgx_tsgxssl -Wl,--no-whole-archive + -Wl,--start-group + -lsgx_tstdc -lsgx_tcxx -lsgx_tsgxssl -lsgx_tsgxssl_crypto -lsgx_usgxssl + -lsgx_tcrypto -lsgx_pthread + -l${Crypto_Library_Name} -l${Service_Library_Name} + -Wl,--end-group) + add_custom_command(TARGET ${PREFIX} + POST_BUILD + COMMAND umask 0177 + COMMAND openssl genrsa -3 -out ${PEM} 3072 + COMMAND bash ${SIGN_TOOL} -d sign -x sgx -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -k ${PEM} -o ${OUTPUT} -c ${CMAKE_CURRENT_SOURCE_DIR}/Enclave.config.xml) +endif() + +if(NOT DEFINED CC_PL) + set_target_properties(${PREFIX} PROPERTIES SKIP_BUILD_RPATH TRUE) +endif() + +if(CC_PL) + set(SDK_LIB_DIR ${SDK_PATH}/lib) + set(SDK_INCLUDE_DIR ${SDK_LIB_DIR}/app/include) + set(SDK_APP_LIB ${SDK_LIB_DIR}/libpenglai-enclave-eapp.a) + set(MUSL_LIB_DIR ${SDK_PATH}/musl/lib) + set(MUSL_LIBC ${MUSL_LIB_DIR}/libc.a) + set(GCC_LIB ${SDK_LIB_DIR}/libgcc.a) + set(SECGEAR_TEE_LIB ${CMAKE_BINARY_DIR}/lib/libsecgear_tee.a) + + set(SOURCE_C_OBJS "") + foreach(SOURCE_FILE ${SOURCE_FILES}) + STRING(REGEX REPLACE ".+/(.+)\\..*" "\\1" SOURCE_FILE_NAME ${SOURCE_FILE}) + set(SOURCE_OBJ ${CMAKE_CURRENT_BINARY_DIR}/${SOURCE_FILE_NAME}.o) + add_custom_command( + OUTPUT ${SOURCE_OBJ} + DEPENDS ${SOURCE_FILES} + COMMAND gcc -Wall -I${SDK_INCLUDE_DIR} -I${CMAKE_CURRENT_BINARY_DIR} -I${CMAKE_BINARY_DIR}/inc + -I${LOCAL_ROOT_PATH}/inc/host_inc -I${LOCAL_ROOT_PATH}/inc/host_inc/penglai -I${LOCAL_ROOT_PATH}/inc/enclave_inc + -I${LOCAL_ROOT_PATH}/inc/enclave_inc/penglai -c -o ${SOURCE_OBJ} ${SOURCE_FILE} + COMMENT "generate SOURCE_OBJ" + ) + list(APPEND SOURCE_C_OBJS ${SOURCE_OBJ}) + endforeach() + + set(APP_C_OBJ ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.o) + add_custom_command( + OUTPUT ${APP_C_OBJ} + DEPENDS ${AUTO_FILES} + COMMAND gcc -Wall -I${SDK_INCLUDE_DIR} -I${CMAKE_CURRENT_BINARY_DIR} -I${CMAKE_BINARY_DIR}/inc + -I${LOCAL_ROOT_PATH}/inc/host_inc -I${LOCAL_ROOT_PATH}/inc/host_inc/penglai -I${LOCAL_ROOT_PATH}/inc/enclave_inc + -I${LOCAL_ROOT_PATH}/inc/enclave_inc/penglai -c -o ${APP_C_OBJ} ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c + COMMENT "generate APP_C_OBJ" + ) + + add_custom_command( + OUTPUT ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} + DEPENDS ${APP_C_OBJ} ${SOURCE_C_OBJS} ${SDK_APP_LIB} ${MUSL_LIBC} ${GCC_LIB} + COMMAND ld -static -L${SDK_LIB_DIR} -L${MUSL_LIB_DIR} -L/usr/lib64 -lpenglai-enclave-eapp -lsecgear_tee -lc + -o ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} ${APP_C_OBJ} ${SOURCE_C_OBJS} ${SDK_APP_LIB} ${SECGEAR_TEE_LIB} + ${MUSL_LIBC} ${GCC_LIB} -T ${SDK_PATH}/app.lds + COMMAND chmod -x ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} + COMMENT "generate penglai-ELF" + ) + add_custom_target( + ${OUTPUT} ALL + DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} + COMMENT "makefile target penglai-ELF" + ) + +endif() diff --git a/wallfacer2.0/secgear_kv/enclave/Enclave.config.xml b/wallfacer2.0/secgear_kv/enclave/Enclave.config.xml new file mode 100644 index 00000000..bd60be70 --- /dev/null +++ b/wallfacer2.0/secgear_kv/enclave/Enclave.config.xml @@ -0,0 +1,12 @@ + + 0 + 0 + 0x400000 + 0x100000000 + 10 + 1 + + 0 + 0 + 0xFFFFFFFF + diff --git a/wallfacer2.0/secgear_kv/enclave/Enclave.lds b/wallfacer2.0/secgear_kv/enclave/Enclave.lds new file mode 100644 index 00000000..ab77e647 --- /dev/null +++ b/wallfacer2.0/secgear_kv/enclave/Enclave.lds @@ -0,0 +1,11 @@ +enclave.so +{ + global: + g_global_data_sim; + g_global_data; + enclave_entry; + g_peak_heap_used; + local: + *; +}; + diff --git a/wallfacer2.0/secgear_kv/enclave/config_cloud.ini b/wallfacer2.0/secgear_kv/enclave/config_cloud.ini new file mode 100644 index 00000000..8c70225e --- /dev/null +++ b/wallfacer2.0/secgear_kv/enclave/config_cloud.ini @@ -0,0 +1,60 @@ +[signSecPrivateCfg] +;;; +;private key length for signing TA: +;[fixed value] +;256 ECDSA Alg +;2048/4096 RSA Alg +secSignKeyLen = 4096 +;;; +;[fixed value] +;0 means SHA256 hash type +;1 means SHA512 hash type +secHashType = 0 +;;; +; [fixed value] +;0 means padding type is pkcs1v15 +;1 means padding type is PSS +;[fixed value] +secPaddingType = 1 +;;; +;[fixed value] +;RSA alg +;ECDSA alg +;SM2 alg +secSignAlg = RSA +;;; +;public key for encrypt TA +secEncryptKey = rsa_public_key_cloud.pem +;;; +;public key length +secEncryptKeyLen = 3072 + +[signSecPublicCfg] +;;; +;[fixed value] +; sec sign key type +;0 means debug +;1 means release +secReleaseType = 1 +;;; +;0 means TA not installed by OTRP +;1 means TA installed by OTRP +secOtrpFlag = 0 +;;; +;0 means not sign +;1 means signed by local private +;2 means signed using native sign tool; +;3 means signed by CI +;[fixed value] +secSignType = 1 +;;; +;server address for signing TA +secSignServerIp = +;;; +;private key for signing TA +;[private key owned by yourself] +secSignKey = /home/TA_cert/private_key.pem +;;; +;config file +;[signed config file by Huawei] +configPath = /home/TA_cert/secgear-app1/config diff --git a/wallfacer2.0/secgear_kv/enclave/kv.cpp b/wallfacer2.0/secgear_kv/enclave/kv.cpp new file mode 100644 index 00000000..1f61621c --- /dev/null +++ b/wallfacer2.0/secgear_kv/enclave/kv.cpp @@ -0,0 +1,164 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * secGear is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + + +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include "common.h" +#include "kv_t.h" +using namespace std; + +#define TA_HELLO_WORLD "secgear hello world!" +#define BUF_MAX 32 + +const uint8_t userkey[16] = { // AES密钥生成参数 + '1', '2', '3', '4', + '5', '6', '7', '8', + '9', '0', '1', '2', + '3', '4', '5', '6' +}; +// 分组加密 +uint8_t aes_in[16] = {0}, aes_out[16] = {0}; + +// 加解密秘钥 +AES_KEY encrypt_key, decrypt_key; + +vector KeyVec; // 键值对列表 +list KeyList; +hash strHash; // 字符串hash函数 + +int get_string(char *buf) +{ + strncpy(buf, TA_HELLO_WORLD, strlen(TA_HELLO_WORLD) + 1); + return 0; +} +// 加密 +void AES_Encrypt(KEY &Key) +{ + uint8_t *value = (uint8_t *)Key.val_ptr; // 获取value值 + AES_set_encrypt_key(userkey, 128, &encrypt_key); // 生成128bit加密秘钥 + for (size_t i = 0;i < Key.val_size;i+=16) { + memcpy(aes_in, value+i, 16); // 取16字节 + AES_ecb_encrypt(aes_in, aes_out, &encrypt_key, AES_ENCRYPT); // 加密 + memcpy(value+i, aes_out, 16); // 拷贝回去 + } +} +// 解密 +void AES_Decrypt(KEY Key, uint8_t *buf) +{ + uint8_t *value = (uint8_t *)Key.val_ptr; + AES_set_decrypt_key(userkey, 128, &decrypt_key); // 生成128bit解密密钥 + for (size_t i = 0;i < Key.val_size;i+=16) { + memcpy(aes_in, value+i,16); // 取16字节 + AES_ecb_encrypt(aes_in, aes_out, &decrypt_key, AES_DECRYPT); // 解密 + memcpy(buf+i, aes_out, 16); // 拷贝到buf + } +} + +int search_key(int key_val) +{ + for (int i = 0;i < KeyVec.size();i++) { + if (KeyVec[i].key_val == key_val) { // 查找到key + return i; + } + } + return -1; +} + +/** + * @param key_val 键信息 + * @param val_addr 值在不可信内存中的地址 + * @param val_len 值的长度 +*/ +int Set_KV(int key_val, uint64_t val_addr, size_t val_len) +{ + // 初始化键值对信息 + KEY Key; // 新建一个KEY变量 + Key.key_val = key_val; // 初始化key值 + Key.val_ptr = (uint8_t*)val_addr; // 初始化value指针 + Key.val_size = val_len; // 值的长度 + + // 计算hash值,实现完整性保护 + char *str = new char[VALUE_SIZE + 1]; // 转为char* + memcpy(str, Key.val_ptr, val_len); + string value_str = str; // 转为string + + Key.hash_value = strHash(value_str); // 计算hash值 + + // 对不可信内存中的value内容进行加密(AES-ECB模式) + // AES_Encrypt(Key); + + // 是否已存在键相同的键值对映射 + int index = search_key(key_val); + // 不存在 + if (index < 0) { + // 将Key插入列表 + KeyVec.push_back(Key); + } + else { + KeyVec[index] = Key; + } + return 0; +} +/** + * @param key_val 键信息 + * @param value_val 返回值 +*/ +int Get_KV(int key_val, uint8_t* value_val) +{ + // 查找键值对下标 + int index = search_key(key_val); + if (index < 0) return -1; + + // 解密 + // AES_Decrypt(KeyVec[index], value_val); + // 转为string计算hash + char *str = new char[VALUE_SIZE + 1]; // 转为char* + memcpy(str, value_val, KeyVec[index].val_size); + // 计算hash值 + string value_str = str; + size_t hashval = strHash(value_str); + // 校验完整性 + if (KeyVec[index].hash_value != hashval) { + memset(value_val, '0', KeyVec[index].val_size); + } + return 0; +} +/** + * @param key_val 键信息 + * @return 是否删除成功 +*/ +int Delete_KV(int key_val) +{ + int index = search_key(key_val); + if (index < 0) return -1; + // 删除键为1的键值对并回收内存 + KeyVec.erase(KeyVec.begin() + index); + // KeyVec.erase(remove(KeyVec.begin(), KeyVec.end(), Key)); + + return 0; +} \ No newline at end of file diff --git a/wallfacer2.0/secgear_kv/enclave/manifest.txt b/wallfacer2.0/secgear_kv/enclave/manifest.txt new file mode 100644 index 00000000..d78354e6 --- /dev/null +++ b/wallfacer2.0/secgear_kv/enclave/manifest.txt @@ -0,0 +1,7 @@ +gpd.ta.appID: f68fd704-6eb1-4d14-b218-722850eb3ef0 +gpd.ta.service_name: rsa-demo +gpd.ta.singleInstance: true +gpd.ta.multiSession: false +gpd.ta.instanceKeepAlive: false +gpd.ta.dataSize: 819200 +gpd.ta.stackSize: 40960 diff --git a/wallfacer2.0/secgear_kv/host/CMakeLists.txt b/wallfacer2.0/secgear_kv/host/CMakeLists.txt new file mode 100644 index 00000000..7f0bcb6d --- /dev/null +++ b/wallfacer2.0/secgear_kv/host/CMakeLists.txt @@ -0,0 +1,130 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. +# secGear is licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR +# PURPOSE. +# See the Mulan PSL v2 for more details. + +#set auto code prefix +set(PREFIX kv) +#set host exec name +set(OUTPUT secgear_kv) +#set host src code +set(SOURCE_FILE ${CMAKE_CURRENT_SOURCE_DIR}/main.cpp) + +#set auto code +if(CC_GP) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp) +endif() + +if(CC_SGX) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} + --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx + --search-path ${SDK_PATH}/include + --search-path ${SSL_PATH}/include) +endif() + +if(CC_PL) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/penglai) +endif() + +set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIE") +set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s") + +if(CC_GP) + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() + add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) + target_include_directories(${OUTPUT} PRIVATE + ${CMAKE_BINARY_DIR}/inc + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/gp + ${CMAKE_CURRENT_BINARY_DIR}) + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() +endif() + +if(CC_SGX) + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY} + ${SSL_PATH}/lib64 + ) + endif() + add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) + target_include_directories(${OUTPUT} PRIVATE + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/sgx + ${CMAKE_CURRENT_BINARY_DIR} + ${CURRENT_ROOT_PATH}/include/) + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${OUTPUT} PRIVATE + ${CMAKE_LIBRARY_OUTPUT_DIRECTORY} + ${SSL_PATH}/lib64 + ${CURRENT_ROOT_PATH}/include/ + ) + endif() +endif() + +if(CC_PL) + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() + add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) + target_include_directories(${OUTPUT} PRIVATE + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/penglai + ${CMAKE_CURRENT_BINARY_DIR} + ) + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() +endif() + +if(CC_SIM) + target_link_libraries(${OUTPUT} secgearsim pthread sgx_usgxssl) # 链接动态库 +else() + target_link_libraries(${OUTPUT} secgear pthread sgx_usgxssl) +endif() +set_target_properties(${OUTPUT} PROPERTIES SKIP_BUILD_RPATH TRUE) + +if(CC_GP) + #itrustee install whitelist /vender/bin/teec_hello + install(TARGETS ${OUTPUT} + RUNTIME + DESTINATION /vendor/bin/ + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ + WORLD_EXECUTE WORLD_READ) +endif() + +if(CC_SGX) + install(TARGETS ${OUTPUT} + RUNTIME + DESTINATION ${CMAKE_BINARY_DIR}/bin/ + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ + WORLD_EXECUTE WORLD_READ) +endif() + +if(CC_PL) + install(TARGETS ${OUTPUT} + RUNTIME + DESTINATION ${CMAKE_BINARY_DIR}/bin/ + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ + WORLD_EXECUTE WORLD_READ) +endif() diff --git a/wallfacer2.0/secgear_kv/host/main.cpp b/wallfacer2.0/secgear_kv/host/main.cpp new file mode 100644 index 00000000..ee31dd43 --- /dev/null +++ b/wallfacer2.0/secgear_kv/host/main.cpp @@ -0,0 +1,178 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * secGear is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + +#include +#include +#include +#include +#include + +#include "enclave.h" +#include "kv_u.h" +#include "common.h" + +#include +using namespace std; + +// #define RSA_PUBLIC_KEY_FILE "pubkey.pem" +clock_t start, stop; // 时间参数 + +cc_enclave_t global_eid = {}; // 全局enclave_id +cc_enclave_result_t res = CC_FAIL; // enclave状态结果 +uint8_t buf[VALUE_SIZE] = {0}; // 缓冲区 +char temp[VALUE_SIZE + 1]; +int retval = 0; +// 创建enclave +int CreateEnclave() +{ + int retval = 0; + const char *path = PATH; + + + char real_p[PATH_MAX]; + /* check file exists, if not exist then use absolute path */ + if (realpath(path, real_p) == NULL) { + if (getcwd(real_p, sizeof(real_p)) == NULL) { + printf("Cannot find enclave.sign.so"); + return res; + } + if (PATH_MAX - strlen(real_p) <= strlen("/enclave.signed.so")) { + printf("Failed to strcat enclave.sign.so path"); + return res; + } + (void)strcat(real_p, "/enclave.signed.so"); + } + // 创建飞地 + res = cc_enclave_create( + real_p, + AUTO_ENCLAVE_TYPE, + 0, + SECGEAR_DEBUG_FLAG, + NULL, + 0, + &global_eid); + return res; +} +// 销毁enclave +void DestoryEnclave() +{ + res = cc_enclave_destroy(&global_eid); + if(res != CC_SUCCESS) { + printf("host destroy enclave error\n"); + } else { + printf("host destroy enclave success\n"); + } +} +// 打印测试函数(ocall-function) +void print(uint64_t c) { + std::cout << c << std::endl; +} + +// 添加键值对 +int Set(int key, char *value_str) +{ + VALUE Value; + Value.value = new uint8_t[VALUE_SIZE]; + memcpy(Value.value, value_str, strlen(value_str)); + Value.val_len = strlen(value_str); // 获取value长度 + uint64_t val_addr = (uint64_t)Value.value; // 获取value地址 + + // 发起ecall插入键值对值 + res = Set_KV(&global_eid, // enclave_id + &retval, // 返回值 + key, // key + val_addr, // value地址 + Value.val_len // value长度 + ); + if (res != CC_SUCCESS || retval != 0) { + std::cout << "Set KV failed!\n"; + return -1; + } + return 0; +} +// 获取键值对 +int Get(int key) +{ + uint8_t *value_val = new uint8_t[VALUE_SIZE]; + // 发起ecall查询键值对 + res = Get_KV(&global_eid, // enclave_id + &retval, // 返回值 + key, // key + value_val // value值 + ); + if (res != CC_SUCCESS || retval != 0) { + std::cout << "Get KV failed!\n"; + return -1; + } + std::cout << key << ": " << value_val << std::endl; + return 0; +} + +int Delete(int key_val) +{ + // 发起ecall删除键值对 + res = Delete_KV(&global_eid, + &retval, + key_val); + if (res != CC_SUCCESS || retval != 0) { + std::cout << "Delete KV failed!\n"; + return -1; + } + return 0; +} + +int main() +{ + double set_during, get_during; + + int retval; + // 创建飞地 + if (CreateEnclave() != 0) { + std::cout << "Create enclave failed\n"; + return -1; + } + start = clock(); + for (int j = 0;j < TEST_ITEM_SIZE;j++) { + + char sv[VALUE_SIZE + 1] = {'\0'}; + for (int i = 0;i < VALUE_SIZE;i++) { + sv[i] = 'a' + rand()%26; + } + // 发起ecall 建立键值对映射信息 + // cout << sv << endl; + if (Set(j, sv) < 0) { + cout << j << endl; + break; + } + // Set(j, sv); + } + stop = clock(); + set_during = double(stop - start) /CLOCKS_PER_SEC; + + + start = clock(); + // 发起ecall 查询键值对信息 + for (int i = 0;i < TEST_ITEM_SIZE;i++) { + Get(i); + + } + stop = clock(); + get_during = double(stop- start) / CLOCKS_PER_SEC; + + + cout << "Set消耗时间: " << set_during << 's' << endl; + cout << "Get消耗时间: " << get_during << 's' << endl; + + // 发起ecall 删除键值对 + + return res; +} diff --git a/wallfacer2.0/secgear_kv/include/common.h b/wallfacer2.0/secgear_kv/include/common.h new file mode 100644 index 00000000..d8a984db --- /dev/null +++ b/wallfacer2.0/secgear_kv/include/common.h @@ -0,0 +1,29 @@ +#ifndef COMMON_H +#define COMMON_H + +#define VALUE_SIZE 128 +#define TEST_ITEM_SIZE 1000000 +using namespace std; + +// 键(存储在TEE中) +typedef struct KEY { + int key_val; // 键 + uint8_t *val_ptr; // 指针 + size_t val_size; // value长度 + size_t hash_value; // hash(这里可以选一种hash函数替换成HMAC) +} KEY; + +// 值(加密存储在REE中) +typedef struct VALUE { + uint8_t *value; + size_t val_len; +} VALUE; + +// 键值对数据 +typedef struct KV { + int32_t key_val; + uint8_t value[VALUE_SIZE]; + size_t value_len; +} KV; + +#endif \ No newline at end of file diff --git a/wallfacer2.0/secgear_kv/kv.edl b/wallfacer2.0/secgear_kv/kv.edl new file mode 100644 index 00000000..e1bddff3 --- /dev/null +++ b/wallfacer2.0/secgear_kv/kv.edl @@ -0,0 +1,38 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * secGear is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + +enclave { + include "secgear_urts.h" + from "secgear_tstdc.edl" import *; + from "secgear_tssl.edl" import *; + from "secgear_pthread.edl" import*; + trusted { + public int get_string([out, size=32]char *buf); + + public int Set_KV(int key_val, uint64_t val_addr, size_t val_len); + + public int Get_KV(int key_val, [out, size=128]uint8_t *buf); + + public int Delete_KV(int key_val); + + // public int GenerateRSAKey([out, size=key_len]char* out_pri_key, [out, size=key_len]char* out_pub_key, size_t key_len); + + // public int GenerateECCKey([out, size=key_len]char* out_pri_key,[out, size=key_len]char* out_pub_key, size_t key_len); + + // public int AES_ECB_Encrypt([out, size=16]uint8_t *user_key, [out, size=16]uint8_t *aes_in, [in, size=16]uint8_t *aes_out); + + // public int AES_ECB_Decrypt([out, size=16]uint8_t *user_key, [out, size=16]uint8_t *aes_in, [in, size=16]uint8_t *aes_out); + }; + untrusted { + void print(uint64_t c); + }; +}; -- Gitee