diff --git a/wallfacer 2.0/Docker/Dockerfile b/wallfacer 2.0/Docker/Dockerfile new file mode 100644 index 0000000000000000000000000000000000000000..f7ee1381f5755b8985e24ac78347431cec2f0b41 --- /dev/null +++ b/wallfacer 2.0/Docker/Dockerfile @@ -0,0 +1,164 @@ +# Copyright (C) 2020 Intel Corporation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# * Neither the name of Intel Corporation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + + +FROM ubuntu:18.04 as builder + +RUN apt-get update && apt-get install -y \ + autoconf \ + automake \ + build-essential \ + cmake \ + curl \ + debhelper \ + git \ + libcurl4-openssl-dev \ + libprotobuf-dev \ + libssl-dev \ + libtool \ + lsb-release \ + ocaml \ + ocamlbuild \ + protobuf-compiler \ + python3 \ + reprepro \ + wget +RUN update-alternatives --install /usr/bin/python python /usr/bin/python3 1 + +# We assume this docker file is invoked with root at the top of linux-sgx repo, see shell scripts for example. +WORKDIR /linux-sgx +COPY . . + +# RUN make sdk_install_pkg_no_mitigation +RUN make preperation +WORKDIR /opt/intel +RUN sh -c 'echo yes | /linux-sgx/linux/installer/bin/sgx_linux_x64_sdk_*.bin' + +ENV SGX_SDK=/opt/intel/sgxsdk +WORKDIR /linux-sgx +RUN make psw_install_pkg + +ENV BUILD_PLATFORM="docker" +RUN make deb_local_repo + +FROM ubuntu:18.04 as aesm +RUN apt-get update && apt-get install -y \ + libcurl4 \ + libprotobuf10 \ + libssl1.1 \ + make \ + module-init-tools + +WORKDIR /installer +COPY --from=builder /linux-sgx/linux/installer/bin/*.bin ./ +RUN ./sgx_linux_x64_psw*.bin --no-start-aesm +WORKDIR /opt/intel/sgxpsw/aesm/ +ENV LD_LIBRARY_PATH=. +CMD ./aesm_service --no-daemon + +FROM ubuntu:18.04 as aesm_deb +RUN apt-get update && apt-get install -y \ + libcurl4 \ + libprotobuf10 \ + libssl1.1 \ + make \ + module-init-tools + +WORKDIR /deb_local_repo + +COPY --from=builder /linux-sgx/linux/installer/deb/sgx_debian_local_repo/ ./ +RUN echo "deb [trusted=yes arch=amd64] file:///deb_local_repo bionic main">>/etc/apt/sources.list +RUN apt-get update +RUN apt-get install -y libsgx-aesm-launch-plugin libsgx-aesm-quote-ex-plugin + +WORKDIR /opt/intel/sgx-aesm-service/aesm/ +ENV LD_LIBRARY_PATH=. +CMD ./aesm_service --no-daemon + + +FROM ubuntu:18.04 as sample +RUN apt-get update && apt-get install -y \ + g++ \ + libcurl4-openssl-dev \ + libprotobuf-dev \ + libssl-dev \ + make \ + module-init-tools + +WORKDIR /opt/intel +COPY --from=builder /linux-sgx/linux/installer/bin/*.bin ./ +RUN ./sgx_linux_x64_psw*.bin --no-start-aesm +RUN sh -c 'echo yes | ./sgx_linux_x64_sdk_*.bin' + +WORKDIR /opt/intel/sgxsdk/SampleCode/SampleEnclave +RUN SGX_DEBUG=0 SGX_MODE=HW SGX_PRERELEASE=1 make + +RUN adduser -q --disabled-password --gecos "" --no-create-home sgxuser +USER sgxuser + +CMD ./app + + +FROM ubuntu:18.04 as sample_deb +RUN apt-get update && apt-get install -y \ + g++ \ + libcurl4-openssl-dev \ + libprotobuf-dev \ + libssl-dev \ + make \ + module-init-tools + +WORKDIR /deb_local_repo + +COPY --from=builder /linux-sgx/linux/installer/deb/sgx_debian_local_repo/ ./ +RUN echo "deb [trusted=yes arch=amd64] file:///deb_local_repo bionic main">>/etc/apt/sources.list +RUN apt-get update +RUN apt-get install -y libsgx-urts + +WORKDIR /opt/intel +COPY --from=builder /linux-sgx/linux/installer/bin/*.bin ./ +RUN sh -c 'echo yes | ./sgx_linux_x64_sdk_*.bin' + +#WORKDIR /opt/intel/sgxsdk/SampleCode/SampleEnclave +#RUN SGX_DEBUG=0 SGX_MODE=HW SGX_PRERELEASE=1 make + +#RUN adduser -q --disabled-password --gecos "" --no-create-home sgxuser +#USER sgxuser + +# 安装secGear +WORKDIR /opt +RUN git clone https://gitee.com/jinghaikun2024/secGear + +# 编译运行 +WORKDIR /opt/secGear +RUN source /opt/intel/sgxsdk/environment && source environment +RUN mkdir debug && cd debug && cmake .. && make && sudo make install +RUN ./examples/helloworld/host/secgear_helloworld + +CMD ./app diff --git a/wallfacer 2.0/Docker/build_and_run.sh b/wallfacer 2.0/Docker/build_and_run.sh new file mode 100644 index 0000000000000000000000000000000000000000..641171e4560524669b57e9f3d95df6f6701cc56a --- /dev/null +++ b/wallfacer 2.0/Docker/build_and_run.sh @@ -0,0 +1,2 @@ +docker build -f ./Dockerfile -t wallfacer:2.0 +docker run --device=/dev/isgx -v aesmd-socket: var/run/aesmd -v /opt/intel:/opt/intel -it wallfacer:v2.0 \ No newline at end of file diff --git a/wallfacer 2.0/nested/CMakeLists.txt b/wallfacer 2.0/nested/CMakeLists.txt new file mode 100644 index 0000000000000000000000000000000000000000..bb0a41d62bce19085b9e5a3606e843a2b4afbc07 --- /dev/null +++ b/wallfacer 2.0/nested/CMakeLists.txt @@ -0,0 +1,38 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. +# secGear is licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR +# PURPOSE. +# See the Mulan PSL v2 for more details. + +project(Nested CXX) + +set(CMAKE_CXX_STANDARD 11) + +set(CURRENT_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR}) + +#set edl name +set(EDL_FILE nested.edl) +set(CODEGEN codegen) + +if(CC_GP) + set(CODETYPE trustzone) + set(UUID f68fd704-6eb1-4d14-b218-722850eb3ef0) + add_definitions(-DPATH="/data/${UUID}.sec") +endif() + +if(CC_SGX) + set(CODETYPE sgx) + add_definitions(-DPATH="${CMAKE_CURRENT_BINARY_DIR}/enclave/enclave.signed.so") +endif() + +if(CC_PL) + set(CODETYPE penglai) + add_definitions(-DPATH="${CMAKE_CURRENT_SOURCE_DIR}/enclave/penglai-ELF") +endif() + +add_subdirectory(${CURRENT_ROOT_PATH}/enclave) +add_subdirectory(${CURRENT_ROOT_PATH}/host) diff --git a/wallfacer 2.0/nested/enclave/CMakeLists.txt b/wallfacer 2.0/nested/enclave/CMakeLists.txt new file mode 100644 index 0000000000000000000000000000000000000000..d4e0e9878245317694c0bea14e39fa9dd3db0907 --- /dev/null +++ b/wallfacer 2.0/nested/enclave/CMakeLists.txt @@ -0,0 +1,219 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. +# secGear is licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR +# PURPOSE. +# See the Mulan PSL v2 for more details. + +#set auto code prefix +set(PREFIX nested) + +#set sign key +set(PEM Enclave_private.pem) + +#set sign tool +set(SIGN_TOOL ${LOCAL_ROOT_PATH}/tools/sign_tool/sign_tool.sh) + +#set enclave src code +set(SOURCE_FILES ${CMAKE_CURRENT_SOURCE_DIR}/nested.cpp) + +#set log level +set(PRINT_LEVEL 3) +add_definitions(-DPRINT_LEVEL=${PRINT_LEVEL}) + +if(CC_GP) + #set signed output + set(OUTPUT ${UUID}.sec) + #set whilelist. default: /vendor/bin/teec_hello + set(WHITE_LIST_0 /vendor/bin/helloworld) + set(WHITE_LIST_OWNER root) + set(WHITE_LIST_1 /vendor/bin/secgear_helloworld) + set(WHITELIST WHITE_LIST_0 WHITE_LIST_1) + + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp) +endif() + +if(CC_SGX) + set(OUTPUT enclave.signed.so) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SDK_PATH}/include) +endif() + +if(CC_PL) + set(OUTPUT penglai-ELF) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/penglai) +endif() + +set(COMMON_C_FLAGS "-W -Wall -Werror -fno-short-enums -fno-omit-frame-pointer -fstack-protector \ + -Wstack-protector --param ssp-buffer-size=4 -frecord-gcc-switches -Wextra -nostdinc -nodefaultlibs \ + -fno-peephole -fno-peephole2 -Wno-main -Wno-error=unused-parameter \ + -Wno-error=unused-but-set-variable -Wno-error=format-truncation=") + +set(COMMON_C_LINK_FLAGS "-Wl,-z,now -Wl,-z,relro -Wl,-z,noexecstack -Wl,-nostdlib -nodefaultlibs -nostartfiles") + +if(CC_GP) + + set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -march=armv8-a ") + set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s -fPIC") + set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-s") + + set(ITRUSTEE_TEEDIR ${SDK_PATH}/) + set(ITRUSTEE_LIBC ${SDK_PATH}/thirdparty/open_source/musl/libc) + + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${CMAKE_BINARY_DIR}/lib/) + endif() + + add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES}) + + target_include_directories( ${PREFIX} PRIVATE + ${CMAKE_CURRENT_BINARY_DIR} + ${CMAKE_BINARY_DIR}/inc + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/gp + ${LOCAL_ROOT_PATH}/inc/enclave_inc + ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp + ${ITRUSTEE_TEEDIR}/include/TA + ${ITRUSTEE_TEEDIR}/include/TA/huawei_ext + ${ITRUSTEE_LIBC}/arch/aarch64 + ${ITRUSTEE_LIBC}/ + ${ITRUSTEE_LIBC}/arch/arm/bits + ${ITRUSTEE_LIBC}/arch/generic + ${ITRUSTEE_LIBC}/arch/arm + ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp/itrustee) + + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${PREFIX} PRIVATE + ${CMAKE_BINARY_DIR}/lib/) + endif() + + foreach(WHITE_LIST ${WHITELIST}) + add_definitions(-D${WHITE_LIST}="${${WHITE_LIST}}") + endforeach(WHITE_LIST) + add_definitions(-DWHITE_LIST_OWNER="${WHITE_LIST_OWNER}") + + target_link_libraries(${PREFIX} -lsecgear_tee) + + #for trustzone compiling, you should connact us to get config and private_key.pem for test, so we will not sign and install binary in this example # + # add_custom_command(TARGET ${PREFIX} + # POST_BUILD + # COMMAND bash ${SIGN_TOOL} -d sign -x trustzone -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -c ${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt -m ${CMAKE_CURRENT_SOURCE_DIR}/config_cloud.ini -o ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT}) + + # install(FILES ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT} + # DESTINATION /data + # PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) + +endif() + +if(CC_SGX) + set(SGX_DIR ${SDK_PATH}) + set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -m64 -fvisibility=hidden") + set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s") + set(LINK_LIBRARY_PATH ${SGX_DIR}/lib64) + + if(CC_SIM) + set(Trts_Library_Name sgx_trts_sim) + set(Service_Library_Name sgx_tservice_sim) + else() + set(Trts_Library_Name sgx_trts) + set(Service_Library_Name sgx_tservice) + endif() + + set(Crypto_Library_Name sgx_tcrypto) + + set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-z,defs -Wl,-pie -Bstatic -Bsymbolic -eenclave_entry \ + -Wl,--export-dynamic -Wl,--defsym,__ImageBase=0 -Wl,--gc-sections -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/Enclave.lds") + + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${LINK_LIBRARY_PATH}) + endif() + + add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES}) + + target_include_directories(${PREFIX} PRIVATE + ${CMAKE_CURRENT_BINARY_DIR} + ${SGX_DIR}/include/tlibc + ${SGX_DIR}/include/libcxx + ${SGX_DIR}/include + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/sgx) + + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${PREFIX} PRIVATE + ${LINK_LIBRARY_PATH}) + endif() + + target_link_libraries(${PREFIX} -Wl,--whole-archive ${Trts_Library_Name} -Wl,--no-whole-archive + -Wl,--start-group -lsgx_tstdc -lsgx_tcxx -l${Crypto_Library_Name} -l${Service_Library_Name} -Wl,--end-group) + add_custom_command(TARGET ${PREFIX} + POST_BUILD + COMMAND umask 0177 + COMMAND openssl genrsa -3 -out ${PEM} 3072 + COMMAND bash ${SIGN_TOOL} -d sign -x sgx -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -k ${PEM} -o ${OUTPUT} -c ${CMAKE_CURRENT_SOURCE_DIR}/Enclave.config.xml) +endif() + +if(NOT DEFINED CC_PL) + set_target_properties(${PREFIX} PROPERTIES SKIP_BUILD_RPATH TRUE) +endif() + +if(CC_PL) + set(SDK_LIB_DIR ${SDK_PATH}/lib) + set(SDK_INCLUDE_DIR ${SDK_LIB_DIR}/app/include) + set(SDK_APP_LIB ${SDK_LIB_DIR}/libpenglai-enclave-eapp.a) + set(MUSL_LIB_DIR ${SDK_PATH}/musl/lib) + set(MUSL_LIBC ${MUSL_LIB_DIR}/libc.a) + set(GCC_LIB ${SDK_LIB_DIR}/libgcc.a) + set(SECGEAR_TEE_LIB ${CMAKE_BINARY_DIR}/lib/libsecgear_tee.a) + + set(SOURCE_C_OBJS "") + foreach(SOURCE_FILE ${SOURCE_FILES}) + STRING(REGEX REPLACE ".+/(.+)\\..*" "\\1" SOURCE_FILE_NAME ${SOURCE_FILE}) + set(SOURCE_OBJ ${CMAKE_CURRENT_BINARY_DIR}/${SOURCE_FILE_NAME}.o) + add_custom_command( + OUTPUT ${SOURCE_OBJ} + DEPENDS ${SOURCE_FILES} + COMMAND gcc -Wall -I${SDK_INCLUDE_DIR} -I${CMAKE_CURRENT_BINARY_DIR} -I${CMAKE_BINARY_DIR}/inc + -I${LOCAL_ROOT_PATH}/inc/host_inc -I${LOCAL_ROOT_PATH}/inc/host_inc/penglai -I${LOCAL_ROOT_PATH}/inc/enclave_inc + -I${LOCAL_ROOT_PATH}/inc/enclave_inc/penglai -c -o ${SOURCE_OBJ} ${SOURCE_FILE} + COMMENT "generate SOURCE_OBJ" + ) + list(APPEND SOURCE_C_OBJS ${SOURCE_OBJ}) + endforeach() + + set(APP_C_OBJ ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.o) + add_custom_command( + OUTPUT ${APP_C_OBJ} + DEPENDS ${AUTO_FILES} + COMMAND gcc -Wall -I${SDK_INCLUDE_DIR} -I${CMAKE_CURRENT_BINARY_DIR} -I${CMAKE_BINARY_DIR}/inc + -I${LOCAL_ROOT_PATH}/inc/host_inc -I${LOCAL_ROOT_PATH}/inc/host_inc/penglai -I${LOCAL_ROOT_PATH}/inc/enclave_inc + -I${LOCAL_ROOT_PATH}/inc/enclave_inc/penglai -c -o ${APP_C_OBJ} ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c + COMMENT "generate APP_C_OBJ" + ) + + add_custom_command( + OUTPUT ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} + DEPENDS ${APP_C_OBJ} ${SOURCE_C_OBJS} ${SDK_APP_LIB} ${MUSL_LIBC} ${GCC_LIB} + COMMAND ld -static -L${SDK_LIB_DIR} -L${MUSL_LIB_DIR} -L/usr/lib64 -lpenglai-enclave-eapp -lsecgear_tee -lc + -o ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} ${APP_C_OBJ} ${SOURCE_C_OBJS} ${SDK_APP_LIB} ${SECGEAR_TEE_LIB} + ${MUSL_LIBC} ${GCC_LIB} -T ${SDK_PATH}/app.lds + COMMAND chmod -x ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} + COMMENT "generate penglai-ELF" + ) + add_custom_target( + ${OUTPUT} ALL + DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} + COMMENT "makefile target penglai-ELF" + ) + +endif() diff --git a/wallfacer 2.0/nested/enclave/Enclave.config.xml b/wallfacer 2.0/nested/enclave/Enclave.config.xml new file mode 100644 index 0000000000000000000000000000000000000000..e94c9bc50a61ebb552322ca5975510ac4b806c79 --- /dev/null +++ b/wallfacer 2.0/nested/enclave/Enclave.config.xml @@ -0,0 +1,12 @@ + + 0 + 0 + 0x40000 + 0x100000 + 10 + 1 + + 0 + 0 + 0xFFFFFFFF + diff --git a/wallfacer 2.0/nested/enclave/Enclave.lds b/wallfacer 2.0/nested/enclave/Enclave.lds new file mode 100644 index 0000000000000000000000000000000000000000..ab77e6478ef3c3448356e80b9884a8a533dd32c6 --- /dev/null +++ b/wallfacer 2.0/nested/enclave/Enclave.lds @@ -0,0 +1,11 @@ +enclave.so +{ + global: + g_global_data_sim; + g_global_data; + enclave_entry; + g_peak_heap_used; + local: + *; +}; + diff --git a/wallfacer 2.0/nested/enclave/config_cloud.ini b/wallfacer 2.0/nested/enclave/config_cloud.ini new file mode 100644 index 0000000000000000000000000000000000000000..8c70225ecd3f2e7de449e89cbe338b81e1f06db9 --- /dev/null +++ b/wallfacer 2.0/nested/enclave/config_cloud.ini @@ -0,0 +1,60 @@ +[signSecPrivateCfg] +;;; +;private key length for signing TA: +;[fixed value] +;256 ECDSA Alg +;2048/4096 RSA Alg +secSignKeyLen = 4096 +;;; +;[fixed value] +;0 means SHA256 hash type +;1 means SHA512 hash type +secHashType = 0 +;;; +; [fixed value] +;0 means padding type is pkcs1v15 +;1 means padding type is PSS +;[fixed value] +secPaddingType = 1 +;;; +;[fixed value] +;RSA alg +;ECDSA alg +;SM2 alg +secSignAlg = RSA +;;; +;public key for encrypt TA +secEncryptKey = rsa_public_key_cloud.pem +;;; +;public key length +secEncryptKeyLen = 3072 + +[signSecPublicCfg] +;;; +;[fixed value] +; sec sign key type +;0 means debug +;1 means release +secReleaseType = 1 +;;; +;0 means TA not installed by OTRP +;1 means TA installed by OTRP +secOtrpFlag = 0 +;;; +;0 means not sign +;1 means signed by local private +;2 means signed using native sign tool; +;3 means signed by CI +;[fixed value] +secSignType = 1 +;;; +;server address for signing TA +secSignServerIp = +;;; +;private key for signing TA +;[private key owned by yourself] +secSignKey = /home/TA_cert/private_key.pem +;;; +;config file +;[signed config file by Huawei] +configPath = /home/TA_cert/secgear-app1/config diff --git a/wallfacer 2.0/nested/enclave/manifest.txt b/wallfacer 2.0/nested/enclave/manifest.txt new file mode 100644 index 0000000000000000000000000000000000000000..d78354e6c0e101a126d65a116c4e98765f852db7 --- /dev/null +++ b/wallfacer 2.0/nested/enclave/manifest.txt @@ -0,0 +1,7 @@ +gpd.ta.appID: f68fd704-6eb1-4d14-b218-722850eb3ef0 +gpd.ta.service_name: rsa-demo +gpd.ta.singleInstance: true +gpd.ta.multiSession: false +gpd.ta.instanceKeepAlive: false +gpd.ta.dataSize: 819200 +gpd.ta.stackSize: 40960 diff --git a/wallfacer 2.0/nested/enclave/nested.cpp b/wallfacer 2.0/nested/enclave/nested.cpp new file mode 100644 index 0000000000000000000000000000000000000000..89ba0cba5aafe0a56e03df1de72eaae6dfe4c4e4 --- /dev/null +++ b/wallfacer 2.0/nested/enclave/nested.cpp @@ -0,0 +1,243 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * secGear is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + +#include +#include +#include +#include "nested_t.h" + +#define TA_HELLO_WORLD "secgear hello world!" +#define BUF_MAX 32 + + +#define ADD 1 +#define SUB 2 +#define MUL 3 +#define DIV 4 +#define EXP 5 +#define SEND 6 +#define RECIEVE 7 + +//内部飞地定义 +class subEnclave { + private: + int subEnlaveID; + int tag; + double result; + double rev; + public: + subEnclave(); + int setID(int); + int setTag(int); + double add(double, double); + double sub(double, double); + double mul(double, double); + double div(double, double); + double exp(double); + int get_tag(); + int get_id(); + friend int send(subEnclave &, subEnclave &); + friend int recieve(subEnclave &, subEnclave &); + ~subEnclave(); +}; + +subEnclave::subEnclave() { + subEnlaveID = 0; + tag = 0; + result = 0; + rev = 0; + //cout << "create subenclave success" << endl; + +} + +subEnclave vec[100]; + +int subEnclave::setID(int ID) { + this->subEnlaveID = ID; + return 0; +} + +int subEnclave::setTag(int tag) { + this->tag = tag; + return 0; +} + +double subEnclave::add(double a = 20, double b = 10) { + result = a + b; + return result; +} + +double subEnclave::sub(double a = 20, double b = 10) { + result = a - b; + return result; +} + +double subEnclave::mul(double a = 20, double b = 10) { + result = a * b; + return result; +} + +double subEnclave::div(double a = 20, double b = 10) { + result = a / b; + return result; +} + +double subEnclave::exp(double x = 7) { + result = x * x + 2 * x + 1; + return result; +} + +int subEnclave::get_tag() { + return tag; +} + +int subEnclave::get_id() { + return subEnlaveID; +} + +int send(subEnclave &a, subEnclave &b) { + b.rev = a.result; + return 0; +} + +int recieve(subEnclave &a, subEnclave &b) { + a.rev = b.result; + return 0; +} + +subEnclave::~subEnclave() { + //cout << "destroy subenclave success" << endl; + print_destroy(); +} + +////////////////////////////////////////////// + + +//std::vector vec; + + + +// create +int createSubEnclave(int id) +{ + + vec[id].setID(id); + print_create(); + //vec.push_back(se[i]); + return 0; +} + +// destroy +int destroySubEnclave() +{ + print_destroy(); + //vec.push_back(se[i]); + return 0; +} + +/* +int isExist(int ID,int num) +{ + int sub = -1; + + for (int i = 0; i < size; i++) { + if (ID == arr[i].get_id()) { + sub = i; + break; + } + } + + for (int i = 0; i < num; i++) { + if (ID == vec[i].get_id()) { + sub = i; + break; + } + } +} +*/ + +//飞地内计算(ecall) +int compute(int tag, int size, int sub, double* result) { + int ID[2]; + int sub1; + vec[sub].setTag(tag); + if (tag == ADD) { + // cout << "result:" << arr[sub].add() << endl; + print_res(vec[sub].add()); + result[0] = vec[sub].add(); + } else if (tag == SUB) { + //cout << "result:" << arr[sub].sub() << endl; + print_res(vec[sub].sub()); + result[0] = vec[sub].sub(); + } else if (tag == MUL) { + //cout << "result:" << arr[sub].mul() << endl; + print_res(vec[sub].mul()); + result[0] = vec[sub].mul(); + } else if (tag == DIV) { + //cout << "result:" << arr[sub].div() << endl; + print_res(vec[sub].div()); + result[0] = vec[sub].div(); + } else if (tag == EXP) { + //cout << "result:" << arr[sub].exp() << endl; + print_res(vec[sub].exp()); + result[0] = vec[sub].exp(); + } else if (tag == SEND) { + //cout << "Please enter the subEnclaveID of the recipient:"; + print_send_hit(); + while (1) { + sub1 = -1; + getid(ID); + for (int i = 0; i < size; i++) { + if (ID[0] == vec[i].get_id()) { + sub1 = i; + break; + } + } + if (sub1 == -1) { + //cout << "The subEnclaveID was not found,please re-enter:"; + print_reenter_hit(); + continue; + } else + break; + } + send(vec[sub], vec[sub1]); + //cout << "Send Success!" << endl; + print_send(); + } else if (tag == RECIEVE) { + //cout << "Please enter the subEnclaveID of the Sender:"; + print_recieve_hit(); + while (1) { + sub1 = -1; + //cin >> ID; + getid(ID); + for (int i = 0; i < size; i++) { + if (ID[0] == vec[i].get_id()) { + sub1 = i; + break; + } + } + if (sub1 == -1) { + //cout << "The subEnclaveID was not found,please re-enter:"; + print_reenter_hit(); + continue; + } else + break; + } + recieve(vec[sub], vec[sub1]); + //cout << "Recieve Success!" << endl; + print_recieve(); + } else { + print_error(); + } + return 0; +} + diff --git a/wallfacer 2.0/nested/enclave/test.cpp b/wallfacer 2.0/nested/enclave/test.cpp new file mode 100644 index 0000000000000000000000000000000000000000..352d58bc848628771aafac699dbabd8324442331 --- /dev/null +++ b/wallfacer 2.0/nested/enclave/test.cpp @@ -0,0 +1,247 @@ +#include +#include +using namespace std; + + +#define ADD 1 +#define SUB 2 +#define MUL 3 +#define DIV 4 +#define EXP 5 +#define SEND 6 +#define RECIEVE 7 + +//内部飞地定义 +class subEnclave { + private: + int subEnlaveID; + int tag; + double result; + double rev; + public: + subEnclave(); + int setID(int); + int setTag(int); + double add(double, double); + double sub(double, double); + double mul(double, double); + double div(double, double); + double exp(double); + int get_tag(); + int get_id(); + friend int send(subEnclave &, subEnclave &); + friend int recieve(subEnclave &, subEnclave &); + ~subEnclave(); +}; + +subEnclave::subEnclave() { + subEnlaveID = 0; + tag = 0; + result = 0; + rev = 0; + cout << "create subenclave success" << endl; +} + +int subEnclave::setID(int ID) { + + this->subEnlaveID = ID; + return 0; +} + +int subEnclave::setTag(int tag) { + this->tag = tag; + return 0; +} + +double subEnclave::add(double a = 20, double b = 10) { + result = a + b; + return result; +} + +double subEnclave::sub(double a = 20, double b = 10) { + result = a - b; + return result; +} + +double subEnclave::mul(double a = 20, double b = 10) { + result = a * b; + return result; +} + +double subEnclave::div(double a = 20, double b = 10) { + result = a / b; + return result; +} + +double subEnclave::exp(double x = 7) { + result = x * x + 2 * x + 1; + return result; +} + +int subEnclave::get_tag() { + return tag; +} + +int subEnclave::get_id() { + return subEnlaveID; +} + +int send(subEnclave &a, subEnclave &b) { + b.rev = a.result; + return 0; +} + +int recieve(subEnclave &a, subEnclave &b) { + a.rev = b.result; + return 0; +} + +subEnclave::~subEnclave() { + cout << "destroy subenclave success" << endl; +} + +bool Check_duplicates(int *arr, int num); +int compute(int tag, subEnclave *arr, int size, int sub); +int Set_subEnclaveID(subEnclave *arr, int size); +int Use_subEnclave(subEnclave *arr, int size); + +//判断重复ID +bool Check_duplicates(int *arr, int num) { + sort(arr, arr + num); + for (int i = 0; i < num - 1; i++) { + if (arr[i] == arr[i + 1]) + return true; + } + return false; +} + +//飞地内计算 +int compute(int tag, subEnclave *arr, int size, int sub) { + int ID; + int sub1; + arr[sub].setTag(tag); + if (tag == ADD) { + cout << "result:" << arr[sub].add() << endl; + } else if (tag == SUB) { + cout << "result:" << arr[sub].sub() << endl; + } else if (tag == MUL) { + cout << "result:" << arr[sub].mul() << endl; + } else if (tag == DIV) { + cout << "result:" << arr[sub].div() << endl; + } else if (tag == EXP) { + cout << "result:" << arr[sub].exp() << endl; + } else if (tag == SEND) { + cout << "Please enter the subEnclaveID of the recipient:"; + while (1) { + sub1 = -1; + cin >> ID; + for (int i = 0; i < size; i++) { + if (ID == arr[i].get_id()) { + sub1 = i; + break; + } + } + if (sub1 == -1) { + cout << "The subEnclaveID was not found,please re-enter:"; + continue; + } else + break; + } + send(arr[sub], arr[sub1]); + cout << "Send Success!" << endl; + } else if (tag == RECIEVE) { + cout << "Please enter the subEnclaveID of the Sender:"; + while (1) { + sub1 = -1; + cin >> ID; + for (int i = 0; i < size; i++) { + if (ID == arr[i].get_id()) { + sub1 = i; + break; + } + } + if (sub1 == -1) { + cout << "The subEnclaveID was not found,please re-enter:"; + continue; + } else + break; + } + recieve(arr[sub], arr[sub1]); + cout << "Recieve Success!" << endl; + } else { + cout << "error" << endl; + } + return 0; +} + +//设置内部飞地ID +int Set_subEnclaveID(subEnclave *arr, int size) { + int ID; + int check_id[size]; + while (1) { + cout << "Please enter the subEnclaveID in turn:" << endl; + for (int i = 0; i < size; i++) { + cin >> ID; + check_id[i] = ID; + } + if (Check_duplicates(check_id, size) == true) { + cout << "Duplicate IDs were found,please re-enter!" << endl << endl; + continue; + } else + break; + } + for (int i = 0; i < size; i++) { + arr[i].setID(check_id[i]); + } + return 0; +} + +//使用内部飞地 +int Use_subEnclave(subEnclave *arr, int size) { + int sub, ID, op; + while (1) { + sub = -1; + cout << "Please enter the subEnclaveID you want to operate: "; + cin >> ID; + for (int i = 0; i < size; i++) { + if (ID == arr[i].get_id()) { + sub = i; + break; + } + } + if (sub == -1) { + cout << "The subEnclaveID was not found,please re-enter!" << endl; + continue; + } + + cout << "Please enter the function you want:" << endl; + cout << "1.ADD 2.SUB 3.MUL 4.DIV 5.EXP" << endl; + cout << "6.SEND 7.RECV 8.SKIP 9.EXIT" << endl; + + cin >> op; + + if (op == 8) + continue; + if (op == 9) + break; + + compute(op, arr, size, sub); + } + return 0; +} + +int main() { + + //创建内部飞地 + int num; + cout << "Please enter the number of subEnclaves: "; + cin >> num; + subEnclave List[num]; + + //设置内部飞地ID + Set_subEnclaveID(List, num); + + //使用内部飞地 + Use_subEnclave(List, num); + return 0; +} \ No newline at end of file diff --git a/wallfacer 2.0/nested/host/CMakeLists.txt b/wallfacer 2.0/nested/host/CMakeLists.txt new file mode 100644 index 0000000000000000000000000000000000000000..b2621947bbe86770b9ea992c93f3cce4b94ed54a --- /dev/null +++ b/wallfacer 2.0/nested/host/CMakeLists.txt @@ -0,0 +1,119 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. +# secGear is licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR +# PURPOSE. +# See the Mulan PSL v2 for more details. + +#set auto code prefix +set(PREFIX nested) +#set host exec name +set(OUTPUT secgear_nested) +#set host src code +set(SOURCE_FILE ${CMAKE_CURRENT_SOURCE_DIR}/main.cpp) + +#set auto code +if(CC_GP) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp) +endif() + +if(CC_SGX) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SDK_PATH}/include) +endif() + +if(CC_PL) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/penglai) +endif() + +set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIE") +set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s") + +if(CC_GP) + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() + add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) + target_include_directories(${OUTPUT} PRIVATE + ${CMAKE_BINARY_DIR}/inc + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/gp + ${CMAKE_CURRENT_BINARY_DIR}) + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() +endif() + +if(CC_SGX) + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() + add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) + target_include_directories(${OUTPUT} PRIVATE + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/sgx + ${CMAKE_CURRENT_BINARY_DIR}) + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() +endif() + +if(CC_PL) + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() + add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) + target_include_directories(${OUTPUT} PRIVATE + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/penglai + ${CMAKE_CURRENT_BINARY_DIR}) + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() +endif() + +if(CC_SIM) + target_link_libraries(${OUTPUT} secgearsim pthread) +else() + target_link_libraries(${OUTPUT} secgear pthread) +endif() +set_target_properties(${OUTPUT} PROPERTIES SKIP_BUILD_RPATH TRUE) + +if(CC_GP) + #itrustee install whitelist /vender/bin/teec_hello + install(TARGETS ${OUTPUT} + RUNTIME + DESTINATION /vendor/bin/ + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ + WORLD_EXECUTE WORLD_READ) +endif() + +if(CC_SGX) + install(TARGETS ${OUTPUT} + RUNTIME + DESTINATION ${CMAKE_BINARY_DIR}/bin/ + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ + WORLD_EXECUTE WORLD_READ) +endif() + +if(CC_PL) + install(TARGETS ${OUTPUT} + RUNTIME + DESTINATION ${CMAKE_BINARY_DIR}/bin/ + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ + WORLD_EXECUTE WORLD_READ) +endif() diff --git a/wallfacer 2.0/nested/host/main.cpp b/wallfacer 2.0/nested/host/main.cpp new file mode 100644 index 0000000000000000000000000000000000000000..6eea03c46daccc718e0b35641e1edcf01a145ca3 --- /dev/null +++ b/wallfacer 2.0/nested/host/main.cpp @@ -0,0 +1,170 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * secGear is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + +#include +#include +#include +#include +#include "enclave.h" +#include "nested_u.h" +#include "string.h" +using namespace std; + +#define BUF_LEN 32 + +void print_res(double result_) +{ + cout << result_ << endl; +} + +void print_error() +{ + cout << "error" << endl; +} + +void print_create() +{ + cout << "create subenclave success" << endl; +} + +void print_destroy() +{ + cout << "destroy subenclave success" << endl; +} + +void getid(int* id) +{ + cin >> id[0]; +} + + +void print_send() +{ + cout << "Send Success!" << endl; +} + +void print_recieve() +{ + cout << "Recieve Success!" << endl; +} + +void print_send_hit() +{ + cout << "Please enter the subEnclaveID of the recipient:"; +} + +void print_recieve_hit() +{ + cout << "Please enter the subEnclaveID of the Sender:"; +} + +void print_reenter_hit() +{ + cout << "The subEnclaveID was not found,please re-enter:"; +} + +int main() +{ + int retval = 0; + char *path = PATH; + char buf[BUF_LEN]; + cc_enclave_t context = {}; + cc_enclave_result_t res = CC_FAIL; + + char real_p[PATH_MAX]; + /* check file exists, if not exist then use absolute path */ + if (realpath(path, real_p) == NULL) { + if (getcwd(real_p, sizeof(real_p)) == NULL) { + printf("Cannot find enclave.sign.so"); + goto end; + } + if (PATH_MAX - strlen(real_p) <= strlen("/enclave.signed.so")) { + printf("Failed to strcat enclave.sign.so path"); + goto end; + } + (void)strcat(real_p, "/enclave.signed.so"); + } + + res = cc_enclave_create(real_p, AUTO_ENCLAVE_TYPE, 0, SECGEAR_DEBUG_FLAG, NULL, 0, &context); + if (res != CC_SUCCESS) { + printf("host create enclave error\n"); + goto end; + } + printf("host create enclave success\n"); + + /* + res = get_string(&context, &retval, buf); + if (res != CC_SUCCESS || retval != (int)CC_SUCCESS) { + printf("Ecall enclave error\n"); + } else { + printf("enclave say:%s\n", buf); + } + */ + + int num; + cout << "Please enter the number of subEnclaves: "; + cin >> num; + double result_[2]; + //cin >> ID; + + //res = compute(); + //cout << result_[0]; + for (int i = 0;i < num;i++) { + res = createSubEnclave(&context, &retval, i); + } + + int sub, ID, op; + while (1) { + sub = -1; + cout << "Please enter the subEnclaveID you want to operate: "; + cin >> ID; + //判断存在 + for (int i = 0; i < num; i++) { + if (ID == i) { + sub = i; + break; + } + } + if (sub == -1) { + cout << "The subEnclaveID was not found,please re-enter!" << endl; + continue; + } + + cout << "Please enter the function you want:" << endl; + cout << "1.ADD 2.SUB 3.MUL 4.DIV 5.EXP" << endl; + cout << "6.SEND 7.RECV 8.SKIP 9.EXIT" << endl; + + cin >> op; + + if (op == 8) + continue; + if (op == 9) + break; + + res = compute(&context, &retval,op, num, sub, result_); + } + + for (int i = 0;i < num;i++) { + res = destroySubEnclave(&context, &retval); + } + + + + res = cc_enclave_destroy(&context); + if(res != CC_SUCCESS) { + printf("host destroy enclave error\n"); + } else { + printf("host destroy enclave success\n"); + } +end: + return res; +} diff --git a/wallfacer 2.0/nested/nested.edl b/wallfacer 2.0/nested/nested.edl new file mode 100644 index 0000000000000000000000000000000000000000..7dc9df48cafe00f78a9187481bf6c7fb0a598941 --- /dev/null +++ b/wallfacer 2.0/nested/nested.edl @@ -0,0 +1,37 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * secGear is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + +enclave { + include "secgear_urts.h" + from "secgear_tstdc.edl" import *; + trusted { + public int compute(int tag, int size, int sub, [out, size=32]double* _result); + + public int isExist(int ID, int num); + + public int createSubEnclave(int num); + + public int destroySubEnclave(); + }; + untrusted { + void print_res(double res); + void print_error(); + void print_create(); + void print_destroy(); + void getid([in,out,size = 32]int* id); + void print_send(); + void print_recieve(); + void print_send_hit(); + void print_recieve_hit(); + void print_reenter_hit(); + }; +};