From 9ce463dbea9b5df01a75e59c8126b57e17643ee6 Mon Sep 17 00:00:00 2001 From: LinJT <2369045900@qq.com> Date: Fri, 15 Mar 2024 22:15:23 +0800 Subject: [PATCH 1/3] nested enclave --- wallfacer 2.0/Docker/Dockerfile | 164 ++++++++++++ wallfacer 2.0/Docker/build_and_run.sh | 2 + wallfacer 2.0/nested/CMakeLists.txt | 38 +++ wallfacer 2.0/nested/enclave/CMakeLists.txt | 219 ++++++++++++++++ .../nested/enclave/Enclave.config.xml | 12 + wallfacer 2.0/nested/enclave/Enclave.lds | 11 + wallfacer 2.0/nested/enclave/config_cloud.ini | 60 +++++ wallfacer 2.0/nested/enclave/manifest.txt | 7 + wallfacer 2.0/nested/enclave/nested.cpp | 236 +++++++++++++++++ wallfacer 2.0/nested/enclave/test.cpp | 247 ++++++++++++++++++ wallfacer 2.0/nested/host/CMakeLists.txt | 119 +++++++++ wallfacer 2.0/nested/host/main.cpp | 138 ++++++++++ wallfacer 2.0/nested/nested.edl | 31 +++ 13 files changed, 1284 insertions(+) create mode 100644 wallfacer 2.0/Docker/Dockerfile create mode 100644 wallfacer 2.0/Docker/build_and_run.sh create mode 100644 wallfacer 2.0/nested/CMakeLists.txt create mode 100644 wallfacer 2.0/nested/enclave/CMakeLists.txt create mode 100644 wallfacer 2.0/nested/enclave/Enclave.config.xml create mode 100644 wallfacer 2.0/nested/enclave/Enclave.lds create mode 100644 wallfacer 2.0/nested/enclave/config_cloud.ini create mode 100644 wallfacer 2.0/nested/enclave/manifest.txt create mode 100644 wallfacer 2.0/nested/enclave/nested.cpp create mode 100644 wallfacer 2.0/nested/enclave/test.cpp create mode 100644 wallfacer 2.0/nested/host/CMakeLists.txt create mode 100644 wallfacer 2.0/nested/host/main.cpp create mode 100644 wallfacer 2.0/nested/nested.edl diff --git a/wallfacer 2.0/Docker/Dockerfile b/wallfacer 2.0/Docker/Dockerfile new file mode 100644 index 00000000..f7ee1381 --- /dev/null +++ b/wallfacer 2.0/Docker/Dockerfile @@ -0,0 +1,164 @@ +# Copyright (C) 2020 Intel Corporation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# * Neither the name of Intel Corporation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + + +FROM ubuntu:18.04 as builder + +RUN apt-get update && apt-get install -y \ + autoconf \ + automake \ + build-essential \ + cmake \ + curl \ + debhelper \ + git \ + libcurl4-openssl-dev \ + libprotobuf-dev \ + libssl-dev \ + libtool \ + lsb-release \ + ocaml \ + ocamlbuild \ + protobuf-compiler \ + python3 \ + reprepro \ + wget +RUN update-alternatives --install /usr/bin/python python /usr/bin/python3 1 + +# We assume this docker file is invoked with root at the top of linux-sgx repo, see shell scripts for example. +WORKDIR /linux-sgx +COPY . . + +# RUN make sdk_install_pkg_no_mitigation +RUN make preperation +WORKDIR /opt/intel +RUN sh -c 'echo yes | /linux-sgx/linux/installer/bin/sgx_linux_x64_sdk_*.bin' + +ENV SGX_SDK=/opt/intel/sgxsdk +WORKDIR /linux-sgx +RUN make psw_install_pkg + +ENV BUILD_PLATFORM="docker" +RUN make deb_local_repo + +FROM ubuntu:18.04 as aesm +RUN apt-get update && apt-get install -y \ + libcurl4 \ + libprotobuf10 \ + libssl1.1 \ + make \ + module-init-tools + +WORKDIR /installer +COPY --from=builder /linux-sgx/linux/installer/bin/*.bin ./ +RUN ./sgx_linux_x64_psw*.bin --no-start-aesm +WORKDIR /opt/intel/sgxpsw/aesm/ +ENV LD_LIBRARY_PATH=. +CMD ./aesm_service --no-daemon + +FROM ubuntu:18.04 as aesm_deb +RUN apt-get update && apt-get install -y \ + libcurl4 \ + libprotobuf10 \ + libssl1.1 \ + make \ + module-init-tools + +WORKDIR /deb_local_repo + +COPY --from=builder /linux-sgx/linux/installer/deb/sgx_debian_local_repo/ ./ +RUN echo "deb [trusted=yes arch=amd64] file:///deb_local_repo bionic main">>/etc/apt/sources.list +RUN apt-get update +RUN apt-get install -y libsgx-aesm-launch-plugin libsgx-aesm-quote-ex-plugin + +WORKDIR /opt/intel/sgx-aesm-service/aesm/ +ENV LD_LIBRARY_PATH=. +CMD ./aesm_service --no-daemon + + +FROM ubuntu:18.04 as sample +RUN apt-get update && apt-get install -y \ + g++ \ + libcurl4-openssl-dev \ + libprotobuf-dev \ + libssl-dev \ + make \ + module-init-tools + +WORKDIR /opt/intel +COPY --from=builder /linux-sgx/linux/installer/bin/*.bin ./ +RUN ./sgx_linux_x64_psw*.bin --no-start-aesm +RUN sh -c 'echo yes | ./sgx_linux_x64_sdk_*.bin' + +WORKDIR /opt/intel/sgxsdk/SampleCode/SampleEnclave +RUN SGX_DEBUG=0 SGX_MODE=HW SGX_PRERELEASE=1 make + +RUN adduser -q --disabled-password --gecos "" --no-create-home sgxuser +USER sgxuser + +CMD ./app + + +FROM ubuntu:18.04 as sample_deb +RUN apt-get update && apt-get install -y \ + g++ \ + libcurl4-openssl-dev \ + libprotobuf-dev \ + libssl-dev \ + make \ + module-init-tools + +WORKDIR /deb_local_repo + +COPY --from=builder /linux-sgx/linux/installer/deb/sgx_debian_local_repo/ ./ +RUN echo "deb [trusted=yes arch=amd64] file:///deb_local_repo bionic main">>/etc/apt/sources.list +RUN apt-get update +RUN apt-get install -y libsgx-urts + +WORKDIR /opt/intel +COPY --from=builder /linux-sgx/linux/installer/bin/*.bin ./ +RUN sh -c 'echo yes | ./sgx_linux_x64_sdk_*.bin' + +#WORKDIR /opt/intel/sgxsdk/SampleCode/SampleEnclave +#RUN SGX_DEBUG=0 SGX_MODE=HW SGX_PRERELEASE=1 make + +#RUN adduser -q --disabled-password --gecos "" --no-create-home sgxuser +#USER sgxuser + +# 安装secGear +WORKDIR /opt +RUN git clone https://gitee.com/jinghaikun2024/secGear + +# 编译运行 +WORKDIR /opt/secGear +RUN source /opt/intel/sgxsdk/environment && source environment +RUN mkdir debug && cd debug && cmake .. && make && sudo make install +RUN ./examples/helloworld/host/secgear_helloworld + +CMD ./app diff --git a/wallfacer 2.0/Docker/build_and_run.sh b/wallfacer 2.0/Docker/build_and_run.sh new file mode 100644 index 00000000..641171e4 --- /dev/null +++ b/wallfacer 2.0/Docker/build_and_run.sh @@ -0,0 +1,2 @@ +docker build -f ./Dockerfile -t wallfacer:2.0 +docker run --device=/dev/isgx -v aesmd-socket: var/run/aesmd -v /opt/intel:/opt/intel -it wallfacer:v2.0 \ No newline at end of file diff --git a/wallfacer 2.0/nested/CMakeLists.txt b/wallfacer 2.0/nested/CMakeLists.txt new file mode 100644 index 00000000..bb0a41d6 --- /dev/null +++ b/wallfacer 2.0/nested/CMakeLists.txt @@ -0,0 +1,38 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. +# secGear is licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR +# PURPOSE. +# See the Mulan PSL v2 for more details. + +project(Nested CXX) + +set(CMAKE_CXX_STANDARD 11) + +set(CURRENT_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR}) + +#set edl name +set(EDL_FILE nested.edl) +set(CODEGEN codegen) + +if(CC_GP) + set(CODETYPE trustzone) + set(UUID f68fd704-6eb1-4d14-b218-722850eb3ef0) + add_definitions(-DPATH="/data/${UUID}.sec") +endif() + +if(CC_SGX) + set(CODETYPE sgx) + add_definitions(-DPATH="${CMAKE_CURRENT_BINARY_DIR}/enclave/enclave.signed.so") +endif() + +if(CC_PL) + set(CODETYPE penglai) + add_definitions(-DPATH="${CMAKE_CURRENT_SOURCE_DIR}/enclave/penglai-ELF") +endif() + +add_subdirectory(${CURRENT_ROOT_PATH}/enclave) +add_subdirectory(${CURRENT_ROOT_PATH}/host) diff --git a/wallfacer 2.0/nested/enclave/CMakeLists.txt b/wallfacer 2.0/nested/enclave/CMakeLists.txt new file mode 100644 index 00000000..d4e0e987 --- /dev/null +++ b/wallfacer 2.0/nested/enclave/CMakeLists.txt @@ -0,0 +1,219 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. +# secGear is licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR +# PURPOSE. +# See the Mulan PSL v2 for more details. + +#set auto code prefix +set(PREFIX nested) + +#set sign key +set(PEM Enclave_private.pem) + +#set sign tool +set(SIGN_TOOL ${LOCAL_ROOT_PATH}/tools/sign_tool/sign_tool.sh) + +#set enclave src code +set(SOURCE_FILES ${CMAKE_CURRENT_SOURCE_DIR}/nested.cpp) + +#set log level +set(PRINT_LEVEL 3) +add_definitions(-DPRINT_LEVEL=${PRINT_LEVEL}) + +if(CC_GP) + #set signed output + set(OUTPUT ${UUID}.sec) + #set whilelist. default: /vendor/bin/teec_hello + set(WHITE_LIST_0 /vendor/bin/helloworld) + set(WHITE_LIST_OWNER root) + set(WHITE_LIST_1 /vendor/bin/secgear_helloworld) + set(WHITELIST WHITE_LIST_0 WHITE_LIST_1) + + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp) +endif() + +if(CC_SGX) + set(OUTPUT enclave.signed.so) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SDK_PATH}/include) +endif() + +if(CC_PL) + set(OUTPUT penglai-ELF) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/penglai) +endif() + +set(COMMON_C_FLAGS "-W -Wall -Werror -fno-short-enums -fno-omit-frame-pointer -fstack-protector \ + -Wstack-protector --param ssp-buffer-size=4 -frecord-gcc-switches -Wextra -nostdinc -nodefaultlibs \ + -fno-peephole -fno-peephole2 -Wno-main -Wno-error=unused-parameter \ + -Wno-error=unused-but-set-variable -Wno-error=format-truncation=") + +set(COMMON_C_LINK_FLAGS "-Wl,-z,now -Wl,-z,relro -Wl,-z,noexecstack -Wl,-nostdlib -nodefaultlibs -nostartfiles") + +if(CC_GP) + + set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -march=armv8-a ") + set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s -fPIC") + set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-s") + + set(ITRUSTEE_TEEDIR ${SDK_PATH}/) + set(ITRUSTEE_LIBC ${SDK_PATH}/thirdparty/open_source/musl/libc) + + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${CMAKE_BINARY_DIR}/lib/) + endif() + + add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES}) + + target_include_directories( ${PREFIX} PRIVATE + ${CMAKE_CURRENT_BINARY_DIR} + ${CMAKE_BINARY_DIR}/inc + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/gp + ${LOCAL_ROOT_PATH}/inc/enclave_inc + ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp + ${ITRUSTEE_TEEDIR}/include/TA + ${ITRUSTEE_TEEDIR}/include/TA/huawei_ext + ${ITRUSTEE_LIBC}/arch/aarch64 + ${ITRUSTEE_LIBC}/ + ${ITRUSTEE_LIBC}/arch/arm/bits + ${ITRUSTEE_LIBC}/arch/generic + ${ITRUSTEE_LIBC}/arch/arm + ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp/itrustee) + + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${PREFIX} PRIVATE + ${CMAKE_BINARY_DIR}/lib/) + endif() + + foreach(WHITE_LIST ${WHITELIST}) + add_definitions(-D${WHITE_LIST}="${${WHITE_LIST}}") + endforeach(WHITE_LIST) + add_definitions(-DWHITE_LIST_OWNER="${WHITE_LIST_OWNER}") + + target_link_libraries(${PREFIX} -lsecgear_tee) + + #for trustzone compiling, you should connact us to get config and private_key.pem for test, so we will not sign and install binary in this example # + # add_custom_command(TARGET ${PREFIX} + # POST_BUILD + # COMMAND bash ${SIGN_TOOL} -d sign -x trustzone -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -c ${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt -m ${CMAKE_CURRENT_SOURCE_DIR}/config_cloud.ini -o ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT}) + + # install(FILES ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT} + # DESTINATION /data + # PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) + +endif() + +if(CC_SGX) + set(SGX_DIR ${SDK_PATH}) + set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -m64 -fvisibility=hidden") + set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s") + set(LINK_LIBRARY_PATH ${SGX_DIR}/lib64) + + if(CC_SIM) + set(Trts_Library_Name sgx_trts_sim) + set(Service_Library_Name sgx_tservice_sim) + else() + set(Trts_Library_Name sgx_trts) + set(Service_Library_Name sgx_tservice) + endif() + + set(Crypto_Library_Name sgx_tcrypto) + + set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-z,defs -Wl,-pie -Bstatic -Bsymbolic -eenclave_entry \ + -Wl,--export-dynamic -Wl,--defsym,__ImageBase=0 -Wl,--gc-sections -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/Enclave.lds") + + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${LINK_LIBRARY_PATH}) + endif() + + add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES}) + + target_include_directories(${PREFIX} PRIVATE + ${CMAKE_CURRENT_BINARY_DIR} + ${SGX_DIR}/include/tlibc + ${SGX_DIR}/include/libcxx + ${SGX_DIR}/include + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/sgx) + + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${PREFIX} PRIVATE + ${LINK_LIBRARY_PATH}) + endif() + + target_link_libraries(${PREFIX} -Wl,--whole-archive ${Trts_Library_Name} -Wl,--no-whole-archive + -Wl,--start-group -lsgx_tstdc -lsgx_tcxx -l${Crypto_Library_Name} -l${Service_Library_Name} -Wl,--end-group) + add_custom_command(TARGET ${PREFIX} + POST_BUILD + COMMAND umask 0177 + COMMAND openssl genrsa -3 -out ${PEM} 3072 + COMMAND bash ${SIGN_TOOL} -d sign -x sgx -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -k ${PEM} -o ${OUTPUT} -c ${CMAKE_CURRENT_SOURCE_DIR}/Enclave.config.xml) +endif() + +if(NOT DEFINED CC_PL) + set_target_properties(${PREFIX} PROPERTIES SKIP_BUILD_RPATH TRUE) +endif() + +if(CC_PL) + set(SDK_LIB_DIR ${SDK_PATH}/lib) + set(SDK_INCLUDE_DIR ${SDK_LIB_DIR}/app/include) + set(SDK_APP_LIB ${SDK_LIB_DIR}/libpenglai-enclave-eapp.a) + set(MUSL_LIB_DIR ${SDK_PATH}/musl/lib) + set(MUSL_LIBC ${MUSL_LIB_DIR}/libc.a) + set(GCC_LIB ${SDK_LIB_DIR}/libgcc.a) + set(SECGEAR_TEE_LIB ${CMAKE_BINARY_DIR}/lib/libsecgear_tee.a) + + set(SOURCE_C_OBJS "") + foreach(SOURCE_FILE ${SOURCE_FILES}) + STRING(REGEX REPLACE ".+/(.+)\\..*" "\\1" SOURCE_FILE_NAME ${SOURCE_FILE}) + set(SOURCE_OBJ ${CMAKE_CURRENT_BINARY_DIR}/${SOURCE_FILE_NAME}.o) + add_custom_command( + OUTPUT ${SOURCE_OBJ} + DEPENDS ${SOURCE_FILES} + COMMAND gcc -Wall -I${SDK_INCLUDE_DIR} -I${CMAKE_CURRENT_BINARY_DIR} -I${CMAKE_BINARY_DIR}/inc + -I${LOCAL_ROOT_PATH}/inc/host_inc -I${LOCAL_ROOT_PATH}/inc/host_inc/penglai -I${LOCAL_ROOT_PATH}/inc/enclave_inc + -I${LOCAL_ROOT_PATH}/inc/enclave_inc/penglai -c -o ${SOURCE_OBJ} ${SOURCE_FILE} + COMMENT "generate SOURCE_OBJ" + ) + list(APPEND SOURCE_C_OBJS ${SOURCE_OBJ}) + endforeach() + + set(APP_C_OBJ ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.o) + add_custom_command( + OUTPUT ${APP_C_OBJ} + DEPENDS ${AUTO_FILES} + COMMAND gcc -Wall -I${SDK_INCLUDE_DIR} -I${CMAKE_CURRENT_BINARY_DIR} -I${CMAKE_BINARY_DIR}/inc + -I${LOCAL_ROOT_PATH}/inc/host_inc -I${LOCAL_ROOT_PATH}/inc/host_inc/penglai -I${LOCAL_ROOT_PATH}/inc/enclave_inc + -I${LOCAL_ROOT_PATH}/inc/enclave_inc/penglai -c -o ${APP_C_OBJ} ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c + COMMENT "generate APP_C_OBJ" + ) + + add_custom_command( + OUTPUT ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} + DEPENDS ${APP_C_OBJ} ${SOURCE_C_OBJS} ${SDK_APP_LIB} ${MUSL_LIBC} ${GCC_LIB} + COMMAND ld -static -L${SDK_LIB_DIR} -L${MUSL_LIB_DIR} -L/usr/lib64 -lpenglai-enclave-eapp -lsecgear_tee -lc + -o ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} ${APP_C_OBJ} ${SOURCE_C_OBJS} ${SDK_APP_LIB} ${SECGEAR_TEE_LIB} + ${MUSL_LIBC} ${GCC_LIB} -T ${SDK_PATH}/app.lds + COMMAND chmod -x ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} + COMMENT "generate penglai-ELF" + ) + add_custom_target( + ${OUTPUT} ALL + DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} + COMMENT "makefile target penglai-ELF" + ) + +endif() diff --git a/wallfacer 2.0/nested/enclave/Enclave.config.xml b/wallfacer 2.0/nested/enclave/Enclave.config.xml new file mode 100644 index 00000000..e94c9bc5 --- /dev/null +++ b/wallfacer 2.0/nested/enclave/Enclave.config.xml @@ -0,0 +1,12 @@ + + 0 + 0 + 0x40000 + 0x100000 + 10 + 1 + + 0 + 0 + 0xFFFFFFFF + diff --git a/wallfacer 2.0/nested/enclave/Enclave.lds b/wallfacer 2.0/nested/enclave/Enclave.lds new file mode 100644 index 00000000..ab77e647 --- /dev/null +++ b/wallfacer 2.0/nested/enclave/Enclave.lds @@ -0,0 +1,11 @@ +enclave.so +{ + global: + g_global_data_sim; + g_global_data; + enclave_entry; + g_peak_heap_used; + local: + *; +}; + diff --git a/wallfacer 2.0/nested/enclave/config_cloud.ini b/wallfacer 2.0/nested/enclave/config_cloud.ini new file mode 100644 index 00000000..8c70225e --- /dev/null +++ b/wallfacer 2.0/nested/enclave/config_cloud.ini @@ -0,0 +1,60 @@ +[signSecPrivateCfg] +;;; +;private key length for signing TA: +;[fixed value] +;256 ECDSA Alg +;2048/4096 RSA Alg +secSignKeyLen = 4096 +;;; +;[fixed value] +;0 means SHA256 hash type +;1 means SHA512 hash type +secHashType = 0 +;;; +; [fixed value] +;0 means padding type is pkcs1v15 +;1 means padding type is PSS +;[fixed value] +secPaddingType = 1 +;;; +;[fixed value] +;RSA alg +;ECDSA alg +;SM2 alg +secSignAlg = RSA +;;; +;public key for encrypt TA +secEncryptKey = rsa_public_key_cloud.pem +;;; +;public key length +secEncryptKeyLen = 3072 + +[signSecPublicCfg] +;;; +;[fixed value] +; sec sign key type +;0 means debug +;1 means release +secReleaseType = 1 +;;; +;0 means TA not installed by OTRP +;1 means TA installed by OTRP +secOtrpFlag = 0 +;;; +;0 means not sign +;1 means signed by local private +;2 means signed using native sign tool; +;3 means signed by CI +;[fixed value] +secSignType = 1 +;;; +;server address for signing TA +secSignServerIp = +;;; +;private key for signing TA +;[private key owned by yourself] +secSignKey = /home/TA_cert/private_key.pem +;;; +;config file +;[signed config file by Huawei] +configPath = /home/TA_cert/secgear-app1/config diff --git a/wallfacer 2.0/nested/enclave/manifest.txt b/wallfacer 2.0/nested/enclave/manifest.txt new file mode 100644 index 00000000..d78354e6 --- /dev/null +++ b/wallfacer 2.0/nested/enclave/manifest.txt @@ -0,0 +1,7 @@ +gpd.ta.appID: f68fd704-6eb1-4d14-b218-722850eb3ef0 +gpd.ta.service_name: rsa-demo +gpd.ta.singleInstance: true +gpd.ta.multiSession: false +gpd.ta.instanceKeepAlive: false +gpd.ta.dataSize: 819200 +gpd.ta.stackSize: 40960 diff --git a/wallfacer 2.0/nested/enclave/nested.cpp b/wallfacer 2.0/nested/enclave/nested.cpp new file mode 100644 index 00000000..b684a54a --- /dev/null +++ b/wallfacer 2.0/nested/enclave/nested.cpp @@ -0,0 +1,236 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * secGear is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + +#include +#include +#include +#include "nested_t.h" + +#define TA_HELLO_WORLD "secgear hello world!" +#define BUF_MAX 32 + + +#define ADD 1 +#define SUB 2 +#define MUL 3 +#define DIV 4 +#define EXP 5 +#define SEND 6 +#define RECIEVE 7 + +//内部飞地定义 +class subEnclave { + private: + int subEnlaveID; + int tag; + double result; + double rev; + public: + subEnclave(); + int setID(int); + int setTag(int); + double add(double, double); + double sub(double, double); + double mul(double, double); + double div(double, double); + double exp(double); + int get_tag(); + int get_id(); + //friend int send(subEnclave &, subEnclave &); + //friend int recieve(subEnclave &, subEnclave &); + ~subEnclave(); +}; + +subEnclave::subEnclave() { + subEnlaveID = 0; + tag = 0; + result = 0; + rev = 0; + //cout << "create subenclave success" << endl; + +} +subEnclave vec[100]; +int subEnclave::setID(int ID) { + this->subEnlaveID = ID; + return 0; +} + +int subEnclave::setTag(int tag) { + this->tag = tag; + return 0; +} + +double subEnclave::add(double a = 20, double b = 10) { + result = a + b; + return result; +} + +double subEnclave::sub(double a = 20, double b = 10) { + result = a - b; + return result; +} + +double subEnclave::mul(double a = 20, double b = 10) { + result = a * b; + return result; +} + +double subEnclave::div(double a = 20, double b = 10) { + result = a / b; + return result; +} + +double subEnclave::exp(double x = 7) { + result = x * x + 2 * x + 1; + return result; +} + +int subEnclave::get_tag() { + return tag; +} + +int subEnclave::get_id() { + return subEnlaveID; +} +/* +int send(subEnclave &a, subEnclave &b) { + b.rev = a.result; + return 0; +} + +int recieve(subEnclave &a, subEnclave &b) { + a.rev = b.result; + return 0; +}*/ + +subEnclave::~subEnclave() { + //cout << "destroy subenclave success" << endl; + print_destroy(); +} + +////////////////////////////////////////////// + + +//std::vector vec; + + + +// create +int createSubEnclave(int id) +{ + + vec[id].setID(id); + print_create(); + //vec.push_back(se[i]); + +} + +// create +int destroySubEnclave() +{ + print_create(); + //vec.push_back(se[i]); + +} + +int isExist(int ID,int num) +{ + int sub = -1; + /* + for (int i = 0; i < size; i++) { + if (ID == arr[i].get_id()) { + sub = i; + break; + } + } + */ + for (int i = 0; i < num; i++) { + if (ID == vec[i].get_id()) { + sub = i; + break; + } + } +} + +//飞地内计算(ecall) +int compute(int tag, int size, int sub, double* result) { + //int ID; + //int sub1; + vec[sub].setTag(tag); + if (tag == ADD) { + // cout << "result:" << arr[sub].add() << endl; + print_res(vec[sub].add()); + result[0] = vec[sub].add(); + } else if (tag == SUB) { + //cout << "result:" << arr[sub].sub() << endl; + print_res(vec[sub].sub()); + result[0] = vec[sub].sub(); + } else if (tag == MUL) { + //cout << "result:" << arr[sub].mul() << endl; + print_res(vec[sub].mul()); + result[0] = vec[sub].mul(); + } else if (tag == DIV) { + //cout << "result:" << arr[sub].div() << endl; + print_res(vec[sub].div()); + result[0] = vec[sub].div(); + } else if (tag == EXP) { + //cout << "result:" << arr[sub].exp() << endl; + print_res(vec[sub].exp()); + result[0] = vec[sub].exp(); + } + /* + else if (tag == SEND) { + cout << "Please enter the subEnclaveID of the recipient:"; + while (1) { + sub1 = -1; + cin >> ID; + for (int i = 0; i < size; i++) { + if (ID == arr[i].get_id()) { + sub1 = i; + break; + } + } + if (sub1 == -1) { + cout << "The subEnclaveID was not found,please re-enter:"; + continue; + } else + break; + } + send(arr[sub], arr[sub1]); + cout << "Send Success!" << endl; + } else if (tag == RECIEVE) { + cout << "Please enter the subEnclaveID of the Sender:"; + while (1) { + sub1 = -1; + cin >> ID; + for (int i = 0; i < size; i++) { + if (ID == arr[i].get_id()) { + sub1 = i; + break; + } + } + if (sub1 == -1) { + cout << "The subEnclaveID was not found,please re-enter:"; + continue; + } else + break; + } + recieve(arr[sub], arr[sub1]); + cout << "Recieve Success!" << endl; + } + */ + else { + print_error(); + } + return 0; +} + diff --git a/wallfacer 2.0/nested/enclave/test.cpp b/wallfacer 2.0/nested/enclave/test.cpp new file mode 100644 index 00000000..352d58bc --- /dev/null +++ b/wallfacer 2.0/nested/enclave/test.cpp @@ -0,0 +1,247 @@ +#include +#include +using namespace std; + + +#define ADD 1 +#define SUB 2 +#define MUL 3 +#define DIV 4 +#define EXP 5 +#define SEND 6 +#define RECIEVE 7 + +//内部飞地定义 +class subEnclave { + private: + int subEnlaveID; + int tag; + double result; + double rev; + public: + subEnclave(); + int setID(int); + int setTag(int); + double add(double, double); + double sub(double, double); + double mul(double, double); + double div(double, double); + double exp(double); + int get_tag(); + int get_id(); + friend int send(subEnclave &, subEnclave &); + friend int recieve(subEnclave &, subEnclave &); + ~subEnclave(); +}; + +subEnclave::subEnclave() { + subEnlaveID = 0; + tag = 0; + result = 0; + rev = 0; + cout << "create subenclave success" << endl; +} + +int subEnclave::setID(int ID) { + + this->subEnlaveID = ID; + return 0; +} + +int subEnclave::setTag(int tag) { + this->tag = tag; + return 0; +} + +double subEnclave::add(double a = 20, double b = 10) { + result = a + b; + return result; +} + +double subEnclave::sub(double a = 20, double b = 10) { + result = a - b; + return result; +} + +double subEnclave::mul(double a = 20, double b = 10) { + result = a * b; + return result; +} + +double subEnclave::div(double a = 20, double b = 10) { + result = a / b; + return result; +} + +double subEnclave::exp(double x = 7) { + result = x * x + 2 * x + 1; + return result; +} + +int subEnclave::get_tag() { + return tag; +} + +int subEnclave::get_id() { + return subEnlaveID; +} + +int send(subEnclave &a, subEnclave &b) { + b.rev = a.result; + return 0; +} + +int recieve(subEnclave &a, subEnclave &b) { + a.rev = b.result; + return 0; +} + +subEnclave::~subEnclave() { + cout << "destroy subenclave success" << endl; +} + +bool Check_duplicates(int *arr, int num); +int compute(int tag, subEnclave *arr, int size, int sub); +int Set_subEnclaveID(subEnclave *arr, int size); +int Use_subEnclave(subEnclave *arr, int size); + +//判断重复ID +bool Check_duplicates(int *arr, int num) { + sort(arr, arr + num); + for (int i = 0; i < num - 1; i++) { + if (arr[i] == arr[i + 1]) + return true; + } + return false; +} + +//飞地内计算 +int compute(int tag, subEnclave *arr, int size, int sub) { + int ID; + int sub1; + arr[sub].setTag(tag); + if (tag == ADD) { + cout << "result:" << arr[sub].add() << endl; + } else if (tag == SUB) { + cout << "result:" << arr[sub].sub() << endl; + } else if (tag == MUL) { + cout << "result:" << arr[sub].mul() << endl; + } else if (tag == DIV) { + cout << "result:" << arr[sub].div() << endl; + } else if (tag == EXP) { + cout << "result:" << arr[sub].exp() << endl; + } else if (tag == SEND) { + cout << "Please enter the subEnclaveID of the recipient:"; + while (1) { + sub1 = -1; + cin >> ID; + for (int i = 0; i < size; i++) { + if (ID == arr[i].get_id()) { + sub1 = i; + break; + } + } + if (sub1 == -1) { + cout << "The subEnclaveID was not found,please re-enter:"; + continue; + } else + break; + } + send(arr[sub], arr[sub1]); + cout << "Send Success!" << endl; + } else if (tag == RECIEVE) { + cout << "Please enter the subEnclaveID of the Sender:"; + while (1) { + sub1 = -1; + cin >> ID; + for (int i = 0; i < size; i++) { + if (ID == arr[i].get_id()) { + sub1 = i; + break; + } + } + if (sub1 == -1) { + cout << "The subEnclaveID was not found,please re-enter:"; + continue; + } else + break; + } + recieve(arr[sub], arr[sub1]); + cout << "Recieve Success!" << endl; + } else { + cout << "error" << endl; + } + return 0; +} + +//设置内部飞地ID +int Set_subEnclaveID(subEnclave *arr, int size) { + int ID; + int check_id[size]; + while (1) { + cout << "Please enter the subEnclaveID in turn:" << endl; + for (int i = 0; i < size; i++) { + cin >> ID; + check_id[i] = ID; + } + if (Check_duplicates(check_id, size) == true) { + cout << "Duplicate IDs were found,please re-enter!" << endl << endl; + continue; + } else + break; + } + for (int i = 0; i < size; i++) { + arr[i].setID(check_id[i]); + } + return 0; +} + +//使用内部飞地 +int Use_subEnclave(subEnclave *arr, int size) { + int sub, ID, op; + while (1) { + sub = -1; + cout << "Please enter the subEnclaveID you want to operate: "; + cin >> ID; + for (int i = 0; i < size; i++) { + if (ID == arr[i].get_id()) { + sub = i; + break; + } + } + if (sub == -1) { + cout << "The subEnclaveID was not found,please re-enter!" << endl; + continue; + } + + cout << "Please enter the function you want:" << endl; + cout << "1.ADD 2.SUB 3.MUL 4.DIV 5.EXP" << endl; + cout << "6.SEND 7.RECV 8.SKIP 9.EXIT" << endl; + + cin >> op; + + if (op == 8) + continue; + if (op == 9) + break; + + compute(op, arr, size, sub); + } + return 0; +} + +int main() { + + //创建内部飞地 + int num; + cout << "Please enter the number of subEnclaves: "; + cin >> num; + subEnclave List[num]; + + //设置内部飞地ID + Set_subEnclaveID(List, num); + + //使用内部飞地 + Use_subEnclave(List, num); + return 0; +} \ No newline at end of file diff --git a/wallfacer 2.0/nested/host/CMakeLists.txt b/wallfacer 2.0/nested/host/CMakeLists.txt new file mode 100644 index 00000000..b2621947 --- /dev/null +++ b/wallfacer 2.0/nested/host/CMakeLists.txt @@ -0,0 +1,119 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. +# secGear is licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR +# PURPOSE. +# See the Mulan PSL v2 for more details. + +#set auto code prefix +set(PREFIX nested) +#set host exec name +set(OUTPUT secgear_nested) +#set host src code +set(SOURCE_FILE ${CMAKE_CURRENT_SOURCE_DIR}/main.cpp) + +#set auto code +if(CC_GP) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp) +endif() + +if(CC_SGX) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SDK_PATH}/include) +endif() + +if(CC_PL) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/penglai) +endif() + +set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIE") +set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s") + +if(CC_GP) + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() + add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) + target_include_directories(${OUTPUT} PRIVATE + ${CMAKE_BINARY_DIR}/inc + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/gp + ${CMAKE_CURRENT_BINARY_DIR}) + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() +endif() + +if(CC_SGX) + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() + add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) + target_include_directories(${OUTPUT} PRIVATE + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/sgx + ${CMAKE_CURRENT_BINARY_DIR}) + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() +endif() + +if(CC_PL) + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() + add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) + target_include_directories(${OUTPUT} PRIVATE + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/penglai + ${CMAKE_CURRENT_BINARY_DIR}) + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() +endif() + +if(CC_SIM) + target_link_libraries(${OUTPUT} secgearsim pthread) +else() + target_link_libraries(${OUTPUT} secgear pthread) +endif() +set_target_properties(${OUTPUT} PROPERTIES SKIP_BUILD_RPATH TRUE) + +if(CC_GP) + #itrustee install whitelist /vender/bin/teec_hello + install(TARGETS ${OUTPUT} + RUNTIME + DESTINATION /vendor/bin/ + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ + WORLD_EXECUTE WORLD_READ) +endif() + +if(CC_SGX) + install(TARGETS ${OUTPUT} + RUNTIME + DESTINATION ${CMAKE_BINARY_DIR}/bin/ + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ + WORLD_EXECUTE WORLD_READ) +endif() + +if(CC_PL) + install(TARGETS ${OUTPUT} + RUNTIME + DESTINATION ${CMAKE_BINARY_DIR}/bin/ + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ + WORLD_EXECUTE WORLD_READ) +endif() diff --git a/wallfacer 2.0/nested/host/main.cpp b/wallfacer 2.0/nested/host/main.cpp new file mode 100644 index 00000000..8832b991 --- /dev/null +++ b/wallfacer 2.0/nested/host/main.cpp @@ -0,0 +1,138 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * secGear is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + +#include +#include +#include +#include +#include "enclave.h" +#include "nested_u.h" +#include "string.h" +using namespace std; + +#define BUF_LEN 32 + +void print_res(double result_) +{ + cout << result_ << endl; +} + +void print_error() +{ + cout << "error" << endl; +} + +void print_create() +{ + cout << "create subenclave success" << endl; +} + +void print_destroy() +{ + cout << "destroy subenclave success" << endl; +} + +int main() +{ + int retval = 0; + char *path = PATH; + char buf[BUF_LEN]; + cc_enclave_t context = {}; + cc_enclave_result_t res = CC_FAIL; + + char real_p[PATH_MAX]; + /* check file exists, if not exist then use absolute path */ + if (realpath(path, real_p) == NULL) { + if (getcwd(real_p, sizeof(real_p)) == NULL) { + printf("Cannot find enclave.sign.so"); + goto end; + } + if (PATH_MAX - strlen(real_p) <= strlen("/enclave.signed.so")) { + printf("Failed to strcat enclave.sign.so path"); + goto end; + } + (void)strcat(real_p, "/enclave.signed.so"); + } + + res = cc_enclave_create(real_p, AUTO_ENCLAVE_TYPE, 0, SECGEAR_DEBUG_FLAG, NULL, 0, &context); + if (res != CC_SUCCESS) { + printf("host create enclave error\n"); + goto end; + } + printf("host create enclave success\n"); + + /* + res = get_string(&context, &retval, buf); + if (res != CC_SUCCESS || retval != (int)CC_SUCCESS) { + printf("Ecall enclave error\n"); + } else { + printf("enclave say:%s\n", buf); + } + */ + + int num; + cout << "Please enter the number of subEnclaves: "; + cin >> num; + double result_[2]; + //cin >> ID; + + //res = compute(); + //cout << result_[0]; + for (int i = 0;i < num;i++) { + res = createSubEnclave(&context, &retval, i); + } + + int sub, ID, op; + while (1) { + sub = -1; + cout << "Please enter the subEnclaveID you want to operate: "; + cin >> ID; + for (int i = 0; i < num; i++) { + if (ID == i) { + sub = i; + break; + } + } + if (sub == -1) { + cout << "The subEnclaveID was not found,please re-enter!" << endl; + continue; + } + + cout << "Please enter the function you want:" << endl; + cout << "1.ADD 2.SUB 3.MUL 4.DIV 5.EXP" << endl; + cout << "6.SKIP 7.EXIT" << endl; + + cin >> op; + + if (op == 6) + continue; + if (op == 7) + break; + + res = compute(&context, &retval,op, num, sub, result_); + } + + for (int i = 0;i < num;i++) { + res = destroySubEnclave(&context, &retval); + } + + + + res = cc_enclave_destroy(&context); + if(res != CC_SUCCESS) { + printf("host destroy enclave error\n"); + } else { + printf("host destroy enclave success\n"); + } +end: + return res; +} diff --git a/wallfacer 2.0/nested/nested.edl b/wallfacer 2.0/nested/nested.edl new file mode 100644 index 00000000..0eb3686c --- /dev/null +++ b/wallfacer 2.0/nested/nested.edl @@ -0,0 +1,31 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * secGear is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + +enclave { + include "secgear_urts.h" + from "secgear_tstdc.edl" import *; + trusted { + public int compute(int tag, int size, int sub, [out, size=32]double* _result); + + public int isExist(int ID, int num); + + public int createSubEnclave(int num); + + public int destroySubEnclave(); + }; + untrusted { + void print_res(double res); + void print_error(); + void print_create(); + void print_destroy(); + }; +}; -- Gitee From 31bbb7512e4447aea73f861e7a97a041a43cdd2e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9E=97=E5=AE=B6=E8=85=BE?= <2369045900@qq.com> Date: Thu, 28 Mar 2024 12:07:32 +0000 Subject: [PATCH 2/3] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20wall?= =?UTF-8?q?facer=202.0/nested?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- wallfacer 2.0/nested/CMakeLists.txt | 38 --- wallfacer 2.0/nested/enclave/CMakeLists.txt | 219 ---------------- .../nested/enclave/Enclave.config.xml | 12 - wallfacer 2.0/nested/enclave/Enclave.lds | 11 - wallfacer 2.0/nested/enclave/config_cloud.ini | 60 ----- wallfacer 2.0/nested/enclave/manifest.txt | 7 - wallfacer 2.0/nested/enclave/nested.cpp | 236 ----------------- wallfacer 2.0/nested/enclave/test.cpp | 247 ------------------ wallfacer 2.0/nested/host/CMakeLists.txt | 119 --------- wallfacer 2.0/nested/host/main.cpp | 138 ---------- wallfacer 2.0/nested/nested.edl | 31 --- 11 files changed, 1118 deletions(-) delete mode 100644 wallfacer 2.0/nested/CMakeLists.txt delete mode 100644 wallfacer 2.0/nested/enclave/CMakeLists.txt delete mode 100644 wallfacer 2.0/nested/enclave/Enclave.config.xml delete mode 100644 wallfacer 2.0/nested/enclave/Enclave.lds delete mode 100644 wallfacer 2.0/nested/enclave/config_cloud.ini delete mode 100644 wallfacer 2.0/nested/enclave/manifest.txt delete mode 100644 wallfacer 2.0/nested/enclave/nested.cpp delete mode 100644 wallfacer 2.0/nested/enclave/test.cpp delete mode 100644 wallfacer 2.0/nested/host/CMakeLists.txt delete mode 100644 wallfacer 2.0/nested/host/main.cpp delete mode 100644 wallfacer 2.0/nested/nested.edl diff --git a/wallfacer 2.0/nested/CMakeLists.txt b/wallfacer 2.0/nested/CMakeLists.txt deleted file mode 100644 index bb0a41d6..00000000 --- a/wallfacer 2.0/nested/CMakeLists.txt +++ /dev/null @@ -1,38 +0,0 @@ -# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. -# secGear is licensed under the Mulan PSL v2. -# You can use this software according to the terms and conditions of the Mulan PSL v2. -# You may obtain a copy of Mulan PSL v2 at: -# http://license.coscl.org.cn/MulanPSL2 -# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR -# PURPOSE. -# See the Mulan PSL v2 for more details. - -project(Nested CXX) - -set(CMAKE_CXX_STANDARD 11) - -set(CURRENT_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR}) - -#set edl name -set(EDL_FILE nested.edl) -set(CODEGEN codegen) - -if(CC_GP) - set(CODETYPE trustzone) - set(UUID f68fd704-6eb1-4d14-b218-722850eb3ef0) - add_definitions(-DPATH="/data/${UUID}.sec") -endif() - -if(CC_SGX) - set(CODETYPE sgx) - add_definitions(-DPATH="${CMAKE_CURRENT_BINARY_DIR}/enclave/enclave.signed.so") -endif() - -if(CC_PL) - set(CODETYPE penglai) - add_definitions(-DPATH="${CMAKE_CURRENT_SOURCE_DIR}/enclave/penglai-ELF") -endif() - -add_subdirectory(${CURRENT_ROOT_PATH}/enclave) -add_subdirectory(${CURRENT_ROOT_PATH}/host) diff --git a/wallfacer 2.0/nested/enclave/CMakeLists.txt b/wallfacer 2.0/nested/enclave/CMakeLists.txt deleted file mode 100644 index d4e0e987..00000000 --- a/wallfacer 2.0/nested/enclave/CMakeLists.txt +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. -# secGear is licensed under the Mulan PSL v2. -# You can use this software according to the terms and conditions of the Mulan PSL v2. -# You may obtain a copy of Mulan PSL v2 at: -# http://license.coscl.org.cn/MulanPSL2 -# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR -# PURPOSE. -# See the Mulan PSL v2 for more details. - -#set auto code prefix -set(PREFIX nested) - -#set sign key -set(PEM Enclave_private.pem) - -#set sign tool -set(SIGN_TOOL ${LOCAL_ROOT_PATH}/tools/sign_tool/sign_tool.sh) - -#set enclave src code -set(SOURCE_FILES ${CMAKE_CURRENT_SOURCE_DIR}/nested.cpp) - -#set log level -set(PRINT_LEVEL 3) -add_definitions(-DPRINT_LEVEL=${PRINT_LEVEL}) - -if(CC_GP) - #set signed output - set(OUTPUT ${UUID}.sec) - #set whilelist. default: /vendor/bin/teec_hello - set(WHITE_LIST_0 /vendor/bin/helloworld) - set(WHITE_LIST_OWNER root) - set(WHITE_LIST_1 /vendor/bin/secgear_helloworld) - set(WHITELIST WHITE_LIST_0 WHITE_LIST_1) - - set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) - add_custom_command(OUTPUT ${AUTO_FILES} - DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} - COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp) -endif() - -if(CC_SGX) - set(OUTPUT enclave.signed.so) - set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c) - add_custom_command(OUTPUT ${AUTO_FILES} - DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} - COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SDK_PATH}/include) -endif() - -if(CC_PL) - set(OUTPUT penglai-ELF) - set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) - add_custom_command(OUTPUT ${AUTO_FILES} - DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} - COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/penglai) -endif() - -set(COMMON_C_FLAGS "-W -Wall -Werror -fno-short-enums -fno-omit-frame-pointer -fstack-protector \ - -Wstack-protector --param ssp-buffer-size=4 -frecord-gcc-switches -Wextra -nostdinc -nodefaultlibs \ - -fno-peephole -fno-peephole2 -Wno-main -Wno-error=unused-parameter \ - -Wno-error=unused-but-set-variable -Wno-error=format-truncation=") - -set(COMMON_C_LINK_FLAGS "-Wl,-z,now -Wl,-z,relro -Wl,-z,noexecstack -Wl,-nostdlib -nodefaultlibs -nostartfiles") - -if(CC_GP) - - set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -march=armv8-a ") - set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s -fPIC") - set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-s") - - set(ITRUSTEE_TEEDIR ${SDK_PATH}/) - set(ITRUSTEE_LIBC ${SDK_PATH}/thirdparty/open_source/musl/libc) - - if(${CMAKE_VERSION} VERSION_LESS "3.13.0") - link_directories(${CMAKE_BINARY_DIR}/lib/) - endif() - - add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES}) - - target_include_directories( ${PREFIX} PRIVATE - ${CMAKE_CURRENT_BINARY_DIR} - ${CMAKE_BINARY_DIR}/inc - ${LOCAL_ROOT_PATH}/inc/host_inc - ${LOCAL_ROOT_PATH}/inc/host_inc/gp - ${LOCAL_ROOT_PATH}/inc/enclave_inc - ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp - ${ITRUSTEE_TEEDIR}/include/TA - ${ITRUSTEE_TEEDIR}/include/TA/huawei_ext - ${ITRUSTEE_LIBC}/arch/aarch64 - ${ITRUSTEE_LIBC}/ - ${ITRUSTEE_LIBC}/arch/arm/bits - ${ITRUSTEE_LIBC}/arch/generic - ${ITRUSTEE_LIBC}/arch/arm - ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp/itrustee) - - if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") - target_link_directories(${PREFIX} PRIVATE - ${CMAKE_BINARY_DIR}/lib/) - endif() - - foreach(WHITE_LIST ${WHITELIST}) - add_definitions(-D${WHITE_LIST}="${${WHITE_LIST}}") - endforeach(WHITE_LIST) - add_definitions(-DWHITE_LIST_OWNER="${WHITE_LIST_OWNER}") - - target_link_libraries(${PREFIX} -lsecgear_tee) - - #for trustzone compiling, you should connact us to get config and private_key.pem for test, so we will not sign and install binary in this example # - # add_custom_command(TARGET ${PREFIX} - # POST_BUILD - # COMMAND bash ${SIGN_TOOL} -d sign -x trustzone -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -c ${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt -m ${CMAKE_CURRENT_SOURCE_DIR}/config_cloud.ini -o ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT}) - - # install(FILES ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT} - # DESTINATION /data - # PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) - -endif() - -if(CC_SGX) - set(SGX_DIR ${SDK_PATH}) - set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -m64 -fvisibility=hidden") - set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s") - set(LINK_LIBRARY_PATH ${SGX_DIR}/lib64) - - if(CC_SIM) - set(Trts_Library_Name sgx_trts_sim) - set(Service_Library_Name sgx_tservice_sim) - else() - set(Trts_Library_Name sgx_trts) - set(Service_Library_Name sgx_tservice) - endif() - - set(Crypto_Library_Name sgx_tcrypto) - - set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-z,defs -Wl,-pie -Bstatic -Bsymbolic -eenclave_entry \ - -Wl,--export-dynamic -Wl,--defsym,__ImageBase=0 -Wl,--gc-sections -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/Enclave.lds") - - if(${CMAKE_VERSION} VERSION_LESS "3.13.0") - link_directories(${LINK_LIBRARY_PATH}) - endif() - - add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES}) - - target_include_directories(${PREFIX} PRIVATE - ${CMAKE_CURRENT_BINARY_DIR} - ${SGX_DIR}/include/tlibc - ${SGX_DIR}/include/libcxx - ${SGX_DIR}/include - ${LOCAL_ROOT_PATH}/inc/host_inc - ${LOCAL_ROOT_PATH}/inc/host_inc/sgx) - - if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") - target_link_directories(${PREFIX} PRIVATE - ${LINK_LIBRARY_PATH}) - endif() - - target_link_libraries(${PREFIX} -Wl,--whole-archive ${Trts_Library_Name} -Wl,--no-whole-archive - -Wl,--start-group -lsgx_tstdc -lsgx_tcxx -l${Crypto_Library_Name} -l${Service_Library_Name} -Wl,--end-group) - add_custom_command(TARGET ${PREFIX} - POST_BUILD - COMMAND umask 0177 - COMMAND openssl genrsa -3 -out ${PEM} 3072 - COMMAND bash ${SIGN_TOOL} -d sign -x sgx -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -k ${PEM} -o ${OUTPUT} -c ${CMAKE_CURRENT_SOURCE_DIR}/Enclave.config.xml) -endif() - -if(NOT DEFINED CC_PL) - set_target_properties(${PREFIX} PROPERTIES SKIP_BUILD_RPATH TRUE) -endif() - -if(CC_PL) - set(SDK_LIB_DIR ${SDK_PATH}/lib) - set(SDK_INCLUDE_DIR ${SDK_LIB_DIR}/app/include) - set(SDK_APP_LIB ${SDK_LIB_DIR}/libpenglai-enclave-eapp.a) - set(MUSL_LIB_DIR ${SDK_PATH}/musl/lib) - set(MUSL_LIBC ${MUSL_LIB_DIR}/libc.a) - set(GCC_LIB ${SDK_LIB_DIR}/libgcc.a) - set(SECGEAR_TEE_LIB ${CMAKE_BINARY_DIR}/lib/libsecgear_tee.a) - - set(SOURCE_C_OBJS "") - foreach(SOURCE_FILE ${SOURCE_FILES}) - STRING(REGEX REPLACE ".+/(.+)\\..*" "\\1" SOURCE_FILE_NAME ${SOURCE_FILE}) - set(SOURCE_OBJ ${CMAKE_CURRENT_BINARY_DIR}/${SOURCE_FILE_NAME}.o) - add_custom_command( - OUTPUT ${SOURCE_OBJ} - DEPENDS ${SOURCE_FILES} - COMMAND gcc -Wall -I${SDK_INCLUDE_DIR} -I${CMAKE_CURRENT_BINARY_DIR} -I${CMAKE_BINARY_DIR}/inc - -I${LOCAL_ROOT_PATH}/inc/host_inc -I${LOCAL_ROOT_PATH}/inc/host_inc/penglai -I${LOCAL_ROOT_PATH}/inc/enclave_inc - -I${LOCAL_ROOT_PATH}/inc/enclave_inc/penglai -c -o ${SOURCE_OBJ} ${SOURCE_FILE} - COMMENT "generate SOURCE_OBJ" - ) - list(APPEND SOURCE_C_OBJS ${SOURCE_OBJ}) - endforeach() - - set(APP_C_OBJ ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.o) - add_custom_command( - OUTPUT ${APP_C_OBJ} - DEPENDS ${AUTO_FILES} - COMMAND gcc -Wall -I${SDK_INCLUDE_DIR} -I${CMAKE_CURRENT_BINARY_DIR} -I${CMAKE_BINARY_DIR}/inc - -I${LOCAL_ROOT_PATH}/inc/host_inc -I${LOCAL_ROOT_PATH}/inc/host_inc/penglai -I${LOCAL_ROOT_PATH}/inc/enclave_inc - -I${LOCAL_ROOT_PATH}/inc/enclave_inc/penglai -c -o ${APP_C_OBJ} ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c - COMMENT "generate APP_C_OBJ" - ) - - add_custom_command( - OUTPUT ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} - DEPENDS ${APP_C_OBJ} ${SOURCE_C_OBJS} ${SDK_APP_LIB} ${MUSL_LIBC} ${GCC_LIB} - COMMAND ld -static -L${SDK_LIB_DIR} -L${MUSL_LIB_DIR} -L/usr/lib64 -lpenglai-enclave-eapp -lsecgear_tee -lc - -o ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} ${APP_C_OBJ} ${SOURCE_C_OBJS} ${SDK_APP_LIB} ${SECGEAR_TEE_LIB} - ${MUSL_LIBC} ${GCC_LIB} -T ${SDK_PATH}/app.lds - COMMAND chmod -x ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} - COMMENT "generate penglai-ELF" - ) - add_custom_target( - ${OUTPUT} ALL - DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} - COMMENT "makefile target penglai-ELF" - ) - -endif() diff --git a/wallfacer 2.0/nested/enclave/Enclave.config.xml b/wallfacer 2.0/nested/enclave/Enclave.config.xml deleted file mode 100644 index e94c9bc5..00000000 --- a/wallfacer 2.0/nested/enclave/Enclave.config.xml +++ /dev/null @@ -1,12 +0,0 @@ - - 0 - 0 - 0x40000 - 0x100000 - 10 - 1 - - 0 - 0 - 0xFFFFFFFF - diff --git a/wallfacer 2.0/nested/enclave/Enclave.lds b/wallfacer 2.0/nested/enclave/Enclave.lds deleted file mode 100644 index ab77e647..00000000 --- a/wallfacer 2.0/nested/enclave/Enclave.lds +++ /dev/null @@ -1,11 +0,0 @@ -enclave.so -{ - global: - g_global_data_sim; - g_global_data; - enclave_entry; - g_peak_heap_used; - local: - *; -}; - diff --git a/wallfacer 2.0/nested/enclave/config_cloud.ini b/wallfacer 2.0/nested/enclave/config_cloud.ini deleted file mode 100644 index 8c70225e..00000000 --- a/wallfacer 2.0/nested/enclave/config_cloud.ini +++ /dev/null @@ -1,60 +0,0 @@ -[signSecPrivateCfg] -;;; -;private key length for signing TA: -;[fixed value] -;256 ECDSA Alg -;2048/4096 RSA Alg -secSignKeyLen = 4096 -;;; -;[fixed value] -;0 means SHA256 hash type -;1 means SHA512 hash type -secHashType = 0 -;;; -; [fixed value] -;0 means padding type is pkcs1v15 -;1 means padding type is PSS -;[fixed value] -secPaddingType = 1 -;;; -;[fixed value] -;RSA alg -;ECDSA alg -;SM2 alg -secSignAlg = RSA -;;; -;public key for encrypt TA -secEncryptKey = rsa_public_key_cloud.pem -;;; -;public key length -secEncryptKeyLen = 3072 - -[signSecPublicCfg] -;;; -;[fixed value] -; sec sign key type -;0 means debug -;1 means release -secReleaseType = 1 -;;; -;0 means TA not installed by OTRP -;1 means TA installed by OTRP -secOtrpFlag = 0 -;;; -;0 means not sign -;1 means signed by local private -;2 means signed using native sign tool; -;3 means signed by CI -;[fixed value] -secSignType = 1 -;;; -;server address for signing TA -secSignServerIp = -;;; -;private key for signing TA -;[private key owned by yourself] -secSignKey = /home/TA_cert/private_key.pem -;;; -;config file -;[signed config file by Huawei] -configPath = /home/TA_cert/secgear-app1/config diff --git a/wallfacer 2.0/nested/enclave/manifest.txt b/wallfacer 2.0/nested/enclave/manifest.txt deleted file mode 100644 index d78354e6..00000000 --- a/wallfacer 2.0/nested/enclave/manifest.txt +++ /dev/null @@ -1,7 +0,0 @@ -gpd.ta.appID: f68fd704-6eb1-4d14-b218-722850eb3ef0 -gpd.ta.service_name: rsa-demo -gpd.ta.singleInstance: true -gpd.ta.multiSession: false -gpd.ta.instanceKeepAlive: false -gpd.ta.dataSize: 819200 -gpd.ta.stackSize: 40960 diff --git a/wallfacer 2.0/nested/enclave/nested.cpp b/wallfacer 2.0/nested/enclave/nested.cpp deleted file mode 100644 index b684a54a..00000000 --- a/wallfacer 2.0/nested/enclave/nested.cpp +++ /dev/null @@ -1,236 +0,0 @@ -/* - * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. - * secGear is licensed under the Mulan PSL v2. - * You can use this software according to the terms and conditions of the Mulan PSL v2. - * You may obtain a copy of Mulan PSL v2 at: - * http://license.coscl.org.cn/MulanPSL2 - * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR - * PURPOSE. - * See the Mulan PSL v2 for more details. - */ - -#include -#include -#include -#include "nested_t.h" - -#define TA_HELLO_WORLD "secgear hello world!" -#define BUF_MAX 32 - - -#define ADD 1 -#define SUB 2 -#define MUL 3 -#define DIV 4 -#define EXP 5 -#define SEND 6 -#define RECIEVE 7 - -//内部飞地定义 -class subEnclave { - private: - int subEnlaveID; - int tag; - double result; - double rev; - public: - subEnclave(); - int setID(int); - int setTag(int); - double add(double, double); - double sub(double, double); - double mul(double, double); - double div(double, double); - double exp(double); - int get_tag(); - int get_id(); - //friend int send(subEnclave &, subEnclave &); - //friend int recieve(subEnclave &, subEnclave &); - ~subEnclave(); -}; - -subEnclave::subEnclave() { - subEnlaveID = 0; - tag = 0; - result = 0; - rev = 0; - //cout << "create subenclave success" << endl; - -} -subEnclave vec[100]; -int subEnclave::setID(int ID) { - this->subEnlaveID = ID; - return 0; -} - -int subEnclave::setTag(int tag) { - this->tag = tag; - return 0; -} - -double subEnclave::add(double a = 20, double b = 10) { - result = a + b; - return result; -} - -double subEnclave::sub(double a = 20, double b = 10) { - result = a - b; - return result; -} - -double subEnclave::mul(double a = 20, double b = 10) { - result = a * b; - return result; -} - -double subEnclave::div(double a = 20, double b = 10) { - result = a / b; - return result; -} - -double subEnclave::exp(double x = 7) { - result = x * x + 2 * x + 1; - return result; -} - -int subEnclave::get_tag() { - return tag; -} - -int subEnclave::get_id() { - return subEnlaveID; -} -/* -int send(subEnclave &a, subEnclave &b) { - b.rev = a.result; - return 0; -} - -int recieve(subEnclave &a, subEnclave &b) { - a.rev = b.result; - return 0; -}*/ - -subEnclave::~subEnclave() { - //cout << "destroy subenclave success" << endl; - print_destroy(); -} - -////////////////////////////////////////////// - - -//std::vector vec; - - - -// create -int createSubEnclave(int id) -{ - - vec[id].setID(id); - print_create(); - //vec.push_back(se[i]); - -} - -// create -int destroySubEnclave() -{ - print_create(); - //vec.push_back(se[i]); - -} - -int isExist(int ID,int num) -{ - int sub = -1; - /* - for (int i = 0; i < size; i++) { - if (ID == arr[i].get_id()) { - sub = i; - break; - } - } - */ - for (int i = 0; i < num; i++) { - if (ID == vec[i].get_id()) { - sub = i; - break; - } - } -} - -//飞地内计算(ecall) -int compute(int tag, int size, int sub, double* result) { - //int ID; - //int sub1; - vec[sub].setTag(tag); - if (tag == ADD) { - // cout << "result:" << arr[sub].add() << endl; - print_res(vec[sub].add()); - result[0] = vec[sub].add(); - } else if (tag == SUB) { - //cout << "result:" << arr[sub].sub() << endl; - print_res(vec[sub].sub()); - result[0] = vec[sub].sub(); - } else if (tag == MUL) { - //cout << "result:" << arr[sub].mul() << endl; - print_res(vec[sub].mul()); - result[0] = vec[sub].mul(); - } else if (tag == DIV) { - //cout << "result:" << arr[sub].div() << endl; - print_res(vec[sub].div()); - result[0] = vec[sub].div(); - } else if (tag == EXP) { - //cout << "result:" << arr[sub].exp() << endl; - print_res(vec[sub].exp()); - result[0] = vec[sub].exp(); - } - /* - else if (tag == SEND) { - cout << "Please enter the subEnclaveID of the recipient:"; - while (1) { - sub1 = -1; - cin >> ID; - for (int i = 0; i < size; i++) { - if (ID == arr[i].get_id()) { - sub1 = i; - break; - } - } - if (sub1 == -1) { - cout << "The subEnclaveID was not found,please re-enter:"; - continue; - } else - break; - } - send(arr[sub], arr[sub1]); - cout << "Send Success!" << endl; - } else if (tag == RECIEVE) { - cout << "Please enter the subEnclaveID of the Sender:"; - while (1) { - sub1 = -1; - cin >> ID; - for (int i = 0; i < size; i++) { - if (ID == arr[i].get_id()) { - sub1 = i; - break; - } - } - if (sub1 == -1) { - cout << "The subEnclaveID was not found,please re-enter:"; - continue; - } else - break; - } - recieve(arr[sub], arr[sub1]); - cout << "Recieve Success!" << endl; - } - */ - else { - print_error(); - } - return 0; -} - diff --git a/wallfacer 2.0/nested/enclave/test.cpp b/wallfacer 2.0/nested/enclave/test.cpp deleted file mode 100644 index 352d58bc..00000000 --- a/wallfacer 2.0/nested/enclave/test.cpp +++ /dev/null @@ -1,247 +0,0 @@ -#include -#include -using namespace std; - - -#define ADD 1 -#define SUB 2 -#define MUL 3 -#define DIV 4 -#define EXP 5 -#define SEND 6 -#define RECIEVE 7 - -//内部飞地定义 -class subEnclave { - private: - int subEnlaveID; - int tag; - double result; - double rev; - public: - subEnclave(); - int setID(int); - int setTag(int); - double add(double, double); - double sub(double, double); - double mul(double, double); - double div(double, double); - double exp(double); - int get_tag(); - int get_id(); - friend int send(subEnclave &, subEnclave &); - friend int recieve(subEnclave &, subEnclave &); - ~subEnclave(); -}; - -subEnclave::subEnclave() { - subEnlaveID = 0; - tag = 0; - result = 0; - rev = 0; - cout << "create subenclave success" << endl; -} - -int subEnclave::setID(int ID) { - - this->subEnlaveID = ID; - return 0; -} - -int subEnclave::setTag(int tag) { - this->tag = tag; - return 0; -} - -double subEnclave::add(double a = 20, double b = 10) { - result = a + b; - return result; -} - -double subEnclave::sub(double a = 20, double b = 10) { - result = a - b; - return result; -} - -double subEnclave::mul(double a = 20, double b = 10) { - result = a * b; - return result; -} - -double subEnclave::div(double a = 20, double b = 10) { - result = a / b; - return result; -} - -double subEnclave::exp(double x = 7) { - result = x * x + 2 * x + 1; - return result; -} - -int subEnclave::get_tag() { - return tag; -} - -int subEnclave::get_id() { - return subEnlaveID; -} - -int send(subEnclave &a, subEnclave &b) { - b.rev = a.result; - return 0; -} - -int recieve(subEnclave &a, subEnclave &b) { - a.rev = b.result; - return 0; -} - -subEnclave::~subEnclave() { - cout << "destroy subenclave success" << endl; -} - -bool Check_duplicates(int *arr, int num); -int compute(int tag, subEnclave *arr, int size, int sub); -int Set_subEnclaveID(subEnclave *arr, int size); -int Use_subEnclave(subEnclave *arr, int size); - -//判断重复ID -bool Check_duplicates(int *arr, int num) { - sort(arr, arr + num); - for (int i = 0; i < num - 1; i++) { - if (arr[i] == arr[i + 1]) - return true; - } - return false; -} - -//飞地内计算 -int compute(int tag, subEnclave *arr, int size, int sub) { - int ID; - int sub1; - arr[sub].setTag(tag); - if (tag == ADD) { - cout << "result:" << arr[sub].add() << endl; - } else if (tag == SUB) { - cout << "result:" << arr[sub].sub() << endl; - } else if (tag == MUL) { - cout << "result:" << arr[sub].mul() << endl; - } else if (tag == DIV) { - cout << "result:" << arr[sub].div() << endl; - } else if (tag == EXP) { - cout << "result:" << arr[sub].exp() << endl; - } else if (tag == SEND) { - cout << "Please enter the subEnclaveID of the recipient:"; - while (1) { - sub1 = -1; - cin >> ID; - for (int i = 0; i < size; i++) { - if (ID == arr[i].get_id()) { - sub1 = i; - break; - } - } - if (sub1 == -1) { - cout << "The subEnclaveID was not found,please re-enter:"; - continue; - } else - break; - } - send(arr[sub], arr[sub1]); - cout << "Send Success!" << endl; - } else if (tag == RECIEVE) { - cout << "Please enter the subEnclaveID of the Sender:"; - while (1) { - sub1 = -1; - cin >> ID; - for (int i = 0; i < size; i++) { - if (ID == arr[i].get_id()) { - sub1 = i; - break; - } - } - if (sub1 == -1) { - cout << "The subEnclaveID was not found,please re-enter:"; - continue; - } else - break; - } - recieve(arr[sub], arr[sub1]); - cout << "Recieve Success!" << endl; - } else { - cout << "error" << endl; - } - return 0; -} - -//设置内部飞地ID -int Set_subEnclaveID(subEnclave *arr, int size) { - int ID; - int check_id[size]; - while (1) { - cout << "Please enter the subEnclaveID in turn:" << endl; - for (int i = 0; i < size; i++) { - cin >> ID; - check_id[i] = ID; - } - if (Check_duplicates(check_id, size) == true) { - cout << "Duplicate IDs were found,please re-enter!" << endl << endl; - continue; - } else - break; - } - for (int i = 0; i < size; i++) { - arr[i].setID(check_id[i]); - } - return 0; -} - -//使用内部飞地 -int Use_subEnclave(subEnclave *arr, int size) { - int sub, ID, op; - while (1) { - sub = -1; - cout << "Please enter the subEnclaveID you want to operate: "; - cin >> ID; - for (int i = 0; i < size; i++) { - if (ID == arr[i].get_id()) { - sub = i; - break; - } - } - if (sub == -1) { - cout << "The subEnclaveID was not found,please re-enter!" << endl; - continue; - } - - cout << "Please enter the function you want:" << endl; - cout << "1.ADD 2.SUB 3.MUL 4.DIV 5.EXP" << endl; - cout << "6.SEND 7.RECV 8.SKIP 9.EXIT" << endl; - - cin >> op; - - if (op == 8) - continue; - if (op == 9) - break; - - compute(op, arr, size, sub); - } - return 0; -} - -int main() { - - //创建内部飞地 - int num; - cout << "Please enter the number of subEnclaves: "; - cin >> num; - subEnclave List[num]; - - //设置内部飞地ID - Set_subEnclaveID(List, num); - - //使用内部飞地 - Use_subEnclave(List, num); - return 0; -} \ No newline at end of file diff --git a/wallfacer 2.0/nested/host/CMakeLists.txt b/wallfacer 2.0/nested/host/CMakeLists.txt deleted file mode 100644 index b2621947..00000000 --- a/wallfacer 2.0/nested/host/CMakeLists.txt +++ /dev/null @@ -1,119 +0,0 @@ -# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. -# secGear is licensed under the Mulan PSL v2. -# You can use this software according to the terms and conditions of the Mulan PSL v2. -# You may obtain a copy of Mulan PSL v2 at: -# http://license.coscl.org.cn/MulanPSL2 -# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR -# PURPOSE. -# See the Mulan PSL v2 for more details. - -#set auto code prefix -set(PREFIX nested) -#set host exec name -set(OUTPUT secgear_nested) -#set host src code -set(SOURCE_FILE ${CMAKE_CURRENT_SOURCE_DIR}/main.cpp) - -#set auto code -if(CC_GP) - set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) - add_custom_command(OUTPUT ${AUTO_FILES} - DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} - COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp) -endif() - -if(CC_SGX) - set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c) - add_custom_command(OUTPUT ${AUTO_FILES} - DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} - COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SDK_PATH}/include) -endif() - -if(CC_PL) - set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c) - add_custom_command(OUTPUT ${AUTO_FILES} - DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} - COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/penglai) -endif() - -set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIE") -set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s") - -if(CC_GP) - if(${CMAKE_VERSION} VERSION_LESS "3.13.0") - link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) - endif() - add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) - target_include_directories(${OUTPUT} PRIVATE - ${CMAKE_BINARY_DIR}/inc - ${LOCAL_ROOT_PATH}/inc/host_inc - ${LOCAL_ROOT_PATH}/inc/host_inc/gp - ${CMAKE_CURRENT_BINARY_DIR}) - if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") - target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) - endif() -endif() - -if(CC_SGX) - if(${CMAKE_VERSION} VERSION_LESS "3.13.0") - link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) - endif() - add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) - target_include_directories(${OUTPUT} PRIVATE - ${LOCAL_ROOT_PATH}/inc/host_inc - ${LOCAL_ROOT_PATH}/inc/host_inc/sgx - ${CMAKE_CURRENT_BINARY_DIR}) - if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") - target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) - endif() -endif() - -if(CC_PL) - if(${CMAKE_VERSION} VERSION_LESS "3.13.0") - link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) - endif() - add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) - target_include_directories(${OUTPUT} PRIVATE - ${LOCAL_ROOT_PATH}/inc/host_inc - ${LOCAL_ROOT_PATH}/inc/host_inc/penglai - ${CMAKE_CURRENT_BINARY_DIR}) - if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") - target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) - endif() -endif() - -if(CC_SIM) - target_link_libraries(${OUTPUT} secgearsim pthread) -else() - target_link_libraries(${OUTPUT} secgear pthread) -endif() -set_target_properties(${OUTPUT} PROPERTIES SKIP_BUILD_RPATH TRUE) - -if(CC_GP) - #itrustee install whitelist /vender/bin/teec_hello - install(TARGETS ${OUTPUT} - RUNTIME - DESTINATION /vendor/bin/ - PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ - GROUP_EXECUTE GROUP_READ - WORLD_EXECUTE WORLD_READ) -endif() - -if(CC_SGX) - install(TARGETS ${OUTPUT} - RUNTIME - DESTINATION ${CMAKE_BINARY_DIR}/bin/ - PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ - GROUP_EXECUTE GROUP_READ - WORLD_EXECUTE WORLD_READ) -endif() - -if(CC_PL) - install(TARGETS ${OUTPUT} - RUNTIME - DESTINATION ${CMAKE_BINARY_DIR}/bin/ - PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ - GROUP_EXECUTE GROUP_READ - WORLD_EXECUTE WORLD_READ) -endif() diff --git a/wallfacer 2.0/nested/host/main.cpp b/wallfacer 2.0/nested/host/main.cpp deleted file mode 100644 index 8832b991..00000000 --- a/wallfacer 2.0/nested/host/main.cpp +++ /dev/null @@ -1,138 +0,0 @@ -/* - * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. - * secGear is licensed under the Mulan PSL v2. - * You can use this software according to the terms and conditions of the Mulan PSL v2. - * You may obtain a copy of Mulan PSL v2 at: - * http://license.coscl.org.cn/MulanPSL2 - * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR - * PURPOSE. - * See the Mulan PSL v2 for more details. - */ - -#include -#include -#include -#include -#include "enclave.h" -#include "nested_u.h" -#include "string.h" -using namespace std; - -#define BUF_LEN 32 - -void print_res(double result_) -{ - cout << result_ << endl; -} - -void print_error() -{ - cout << "error" << endl; -} - -void print_create() -{ - cout << "create subenclave success" << endl; -} - -void print_destroy() -{ - cout << "destroy subenclave success" << endl; -} - -int main() -{ - int retval = 0; - char *path = PATH; - char buf[BUF_LEN]; - cc_enclave_t context = {}; - cc_enclave_result_t res = CC_FAIL; - - char real_p[PATH_MAX]; - /* check file exists, if not exist then use absolute path */ - if (realpath(path, real_p) == NULL) { - if (getcwd(real_p, sizeof(real_p)) == NULL) { - printf("Cannot find enclave.sign.so"); - goto end; - } - if (PATH_MAX - strlen(real_p) <= strlen("/enclave.signed.so")) { - printf("Failed to strcat enclave.sign.so path"); - goto end; - } - (void)strcat(real_p, "/enclave.signed.so"); - } - - res = cc_enclave_create(real_p, AUTO_ENCLAVE_TYPE, 0, SECGEAR_DEBUG_FLAG, NULL, 0, &context); - if (res != CC_SUCCESS) { - printf("host create enclave error\n"); - goto end; - } - printf("host create enclave success\n"); - - /* - res = get_string(&context, &retval, buf); - if (res != CC_SUCCESS || retval != (int)CC_SUCCESS) { - printf("Ecall enclave error\n"); - } else { - printf("enclave say:%s\n", buf); - } - */ - - int num; - cout << "Please enter the number of subEnclaves: "; - cin >> num; - double result_[2]; - //cin >> ID; - - //res = compute(); - //cout << result_[0]; - for (int i = 0;i < num;i++) { - res = createSubEnclave(&context, &retval, i); - } - - int sub, ID, op; - while (1) { - sub = -1; - cout << "Please enter the subEnclaveID you want to operate: "; - cin >> ID; - for (int i = 0; i < num; i++) { - if (ID == i) { - sub = i; - break; - } - } - if (sub == -1) { - cout << "The subEnclaveID was not found,please re-enter!" << endl; - continue; - } - - cout << "Please enter the function you want:" << endl; - cout << "1.ADD 2.SUB 3.MUL 4.DIV 5.EXP" << endl; - cout << "6.SKIP 7.EXIT" << endl; - - cin >> op; - - if (op == 6) - continue; - if (op == 7) - break; - - res = compute(&context, &retval,op, num, sub, result_); - } - - for (int i = 0;i < num;i++) { - res = destroySubEnclave(&context, &retval); - } - - - - res = cc_enclave_destroy(&context); - if(res != CC_SUCCESS) { - printf("host destroy enclave error\n"); - } else { - printf("host destroy enclave success\n"); - } -end: - return res; -} diff --git a/wallfacer 2.0/nested/nested.edl b/wallfacer 2.0/nested/nested.edl deleted file mode 100644 index 0eb3686c..00000000 --- a/wallfacer 2.0/nested/nested.edl +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. - * secGear is licensed under the Mulan PSL v2. - * You can use this software according to the terms and conditions of the Mulan PSL v2. - * You may obtain a copy of Mulan PSL v2 at: - * http://license.coscl.org.cn/MulanPSL2 - * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR - * PURPOSE. - * See the Mulan PSL v2 for more details. - */ - -enclave { - include "secgear_urts.h" - from "secgear_tstdc.edl" import *; - trusted { - public int compute(int tag, int size, int sub, [out, size=32]double* _result); - - public int isExist(int ID, int num); - - public int createSubEnclave(int num); - - public int destroySubEnclave(); - }; - untrusted { - void print_res(double res); - void print_error(); - void print_create(); - void print_destroy(); - }; -}; -- Gitee From c3336af0a496f185fdb6aad61add7c494f911bba Mon Sep 17 00:00:00 2001 From: LinJT <2369045900@qq.com> Date: Thu, 28 Mar 2024 20:17:54 +0800 Subject: [PATCH 3/3] nested --- wallfacer 2.0/nested/CMakeLists.txt | 38 +++ wallfacer 2.0/nested/enclave/CMakeLists.txt | 219 ++++++++++++++++ .../nested/enclave/Enclave.config.xml | 12 + wallfacer 2.0/nested/enclave/Enclave.lds | 11 + wallfacer 2.0/nested/enclave/config_cloud.ini | 60 +++++ wallfacer 2.0/nested/enclave/manifest.txt | 7 + wallfacer 2.0/nested/enclave/nested.cpp | 243 +++++++++++++++++ wallfacer 2.0/nested/enclave/test.cpp | 247 ++++++++++++++++++ wallfacer 2.0/nested/host/CMakeLists.txt | 119 +++++++++ wallfacer 2.0/nested/host/main.cpp | 170 ++++++++++++ wallfacer 2.0/nested/nested.edl | 37 +++ 11 files changed, 1163 insertions(+) create mode 100644 wallfacer 2.0/nested/CMakeLists.txt create mode 100644 wallfacer 2.0/nested/enclave/CMakeLists.txt create mode 100644 wallfacer 2.0/nested/enclave/Enclave.config.xml create mode 100644 wallfacer 2.0/nested/enclave/Enclave.lds create mode 100644 wallfacer 2.0/nested/enclave/config_cloud.ini create mode 100644 wallfacer 2.0/nested/enclave/manifest.txt create mode 100644 wallfacer 2.0/nested/enclave/nested.cpp create mode 100644 wallfacer 2.0/nested/enclave/test.cpp create mode 100644 wallfacer 2.0/nested/host/CMakeLists.txt create mode 100644 wallfacer 2.0/nested/host/main.cpp create mode 100644 wallfacer 2.0/nested/nested.edl diff --git a/wallfacer 2.0/nested/CMakeLists.txt b/wallfacer 2.0/nested/CMakeLists.txt new file mode 100644 index 00000000..bb0a41d6 --- /dev/null +++ b/wallfacer 2.0/nested/CMakeLists.txt @@ -0,0 +1,38 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. +# secGear is licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR +# PURPOSE. +# See the Mulan PSL v2 for more details. + +project(Nested CXX) + +set(CMAKE_CXX_STANDARD 11) + +set(CURRENT_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR}) + +#set edl name +set(EDL_FILE nested.edl) +set(CODEGEN codegen) + +if(CC_GP) + set(CODETYPE trustzone) + set(UUID f68fd704-6eb1-4d14-b218-722850eb3ef0) + add_definitions(-DPATH="/data/${UUID}.sec") +endif() + +if(CC_SGX) + set(CODETYPE sgx) + add_definitions(-DPATH="${CMAKE_CURRENT_BINARY_DIR}/enclave/enclave.signed.so") +endif() + +if(CC_PL) + set(CODETYPE penglai) + add_definitions(-DPATH="${CMAKE_CURRENT_SOURCE_DIR}/enclave/penglai-ELF") +endif() + +add_subdirectory(${CURRENT_ROOT_PATH}/enclave) +add_subdirectory(${CURRENT_ROOT_PATH}/host) diff --git a/wallfacer 2.0/nested/enclave/CMakeLists.txt b/wallfacer 2.0/nested/enclave/CMakeLists.txt new file mode 100644 index 00000000..d4e0e987 --- /dev/null +++ b/wallfacer 2.0/nested/enclave/CMakeLists.txt @@ -0,0 +1,219 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. +# secGear is licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR +# PURPOSE. +# See the Mulan PSL v2 for more details. + +#set auto code prefix +set(PREFIX nested) + +#set sign key +set(PEM Enclave_private.pem) + +#set sign tool +set(SIGN_TOOL ${LOCAL_ROOT_PATH}/tools/sign_tool/sign_tool.sh) + +#set enclave src code +set(SOURCE_FILES ${CMAKE_CURRENT_SOURCE_DIR}/nested.cpp) + +#set log level +set(PRINT_LEVEL 3) +add_definitions(-DPRINT_LEVEL=${PRINT_LEVEL}) + +if(CC_GP) + #set signed output + set(OUTPUT ${UUID}.sec) + #set whilelist. default: /vendor/bin/teec_hello + set(WHITE_LIST_0 /vendor/bin/helloworld) + set(WHITE_LIST_OWNER root) + set(WHITE_LIST_1 /vendor/bin/secgear_helloworld) + set(WHITELIST WHITE_LIST_0 WHITE_LIST_1) + + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp) +endif() + +if(CC_SGX) + set(OUTPUT enclave.signed.so) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SDK_PATH}/include) +endif() + +if(CC_PL) + set(OUTPUT penglai-ELF) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/penglai) +endif() + +set(COMMON_C_FLAGS "-W -Wall -Werror -fno-short-enums -fno-omit-frame-pointer -fstack-protector \ + -Wstack-protector --param ssp-buffer-size=4 -frecord-gcc-switches -Wextra -nostdinc -nodefaultlibs \ + -fno-peephole -fno-peephole2 -Wno-main -Wno-error=unused-parameter \ + -Wno-error=unused-but-set-variable -Wno-error=format-truncation=") + +set(COMMON_C_LINK_FLAGS "-Wl,-z,now -Wl,-z,relro -Wl,-z,noexecstack -Wl,-nostdlib -nodefaultlibs -nostartfiles") + +if(CC_GP) + + set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -march=armv8-a ") + set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s -fPIC") + set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-s") + + set(ITRUSTEE_TEEDIR ${SDK_PATH}/) + set(ITRUSTEE_LIBC ${SDK_PATH}/thirdparty/open_source/musl/libc) + + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${CMAKE_BINARY_DIR}/lib/) + endif() + + add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES}) + + target_include_directories( ${PREFIX} PRIVATE + ${CMAKE_CURRENT_BINARY_DIR} + ${CMAKE_BINARY_DIR}/inc + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/gp + ${LOCAL_ROOT_PATH}/inc/enclave_inc + ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp + ${ITRUSTEE_TEEDIR}/include/TA + ${ITRUSTEE_TEEDIR}/include/TA/huawei_ext + ${ITRUSTEE_LIBC}/arch/aarch64 + ${ITRUSTEE_LIBC}/ + ${ITRUSTEE_LIBC}/arch/arm/bits + ${ITRUSTEE_LIBC}/arch/generic + ${ITRUSTEE_LIBC}/arch/arm + ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp/itrustee) + + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${PREFIX} PRIVATE + ${CMAKE_BINARY_DIR}/lib/) + endif() + + foreach(WHITE_LIST ${WHITELIST}) + add_definitions(-D${WHITE_LIST}="${${WHITE_LIST}}") + endforeach(WHITE_LIST) + add_definitions(-DWHITE_LIST_OWNER="${WHITE_LIST_OWNER}") + + target_link_libraries(${PREFIX} -lsecgear_tee) + + #for trustzone compiling, you should connact us to get config and private_key.pem for test, so we will not sign and install binary in this example # + # add_custom_command(TARGET ${PREFIX} + # POST_BUILD + # COMMAND bash ${SIGN_TOOL} -d sign -x trustzone -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -c ${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt -m ${CMAKE_CURRENT_SOURCE_DIR}/config_cloud.ini -o ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT}) + + # install(FILES ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT} + # DESTINATION /data + # PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) + +endif() + +if(CC_SGX) + set(SGX_DIR ${SDK_PATH}) + set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -m64 -fvisibility=hidden") + set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s") + set(LINK_LIBRARY_PATH ${SGX_DIR}/lib64) + + if(CC_SIM) + set(Trts_Library_Name sgx_trts_sim) + set(Service_Library_Name sgx_tservice_sim) + else() + set(Trts_Library_Name sgx_trts) + set(Service_Library_Name sgx_tservice) + endif() + + set(Crypto_Library_Name sgx_tcrypto) + + set(CMAKE_SHARED_LINKER_FLAGS "${COMMON_C_LINK_FLAGS} -Wl,-z,defs -Wl,-pie -Bstatic -Bsymbolic -eenclave_entry \ + -Wl,--export-dynamic -Wl,--defsym,__ImageBase=0 -Wl,--gc-sections -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/Enclave.lds") + + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${LINK_LIBRARY_PATH}) + endif() + + add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES}) + + target_include_directories(${PREFIX} PRIVATE + ${CMAKE_CURRENT_BINARY_DIR} + ${SGX_DIR}/include/tlibc + ${SGX_DIR}/include/libcxx + ${SGX_DIR}/include + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/sgx) + + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${PREFIX} PRIVATE + ${LINK_LIBRARY_PATH}) + endif() + + target_link_libraries(${PREFIX} -Wl,--whole-archive ${Trts_Library_Name} -Wl,--no-whole-archive + -Wl,--start-group -lsgx_tstdc -lsgx_tcxx -l${Crypto_Library_Name} -l${Service_Library_Name} -Wl,--end-group) + add_custom_command(TARGET ${PREFIX} + POST_BUILD + COMMAND umask 0177 + COMMAND openssl genrsa -3 -out ${PEM} 3072 + COMMAND bash ${SIGN_TOOL} -d sign -x sgx -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -k ${PEM} -o ${OUTPUT} -c ${CMAKE_CURRENT_SOURCE_DIR}/Enclave.config.xml) +endif() + +if(NOT DEFINED CC_PL) + set_target_properties(${PREFIX} PROPERTIES SKIP_BUILD_RPATH TRUE) +endif() + +if(CC_PL) + set(SDK_LIB_DIR ${SDK_PATH}/lib) + set(SDK_INCLUDE_DIR ${SDK_LIB_DIR}/app/include) + set(SDK_APP_LIB ${SDK_LIB_DIR}/libpenglai-enclave-eapp.a) + set(MUSL_LIB_DIR ${SDK_PATH}/musl/lib) + set(MUSL_LIBC ${MUSL_LIB_DIR}/libc.a) + set(GCC_LIB ${SDK_LIB_DIR}/libgcc.a) + set(SECGEAR_TEE_LIB ${CMAKE_BINARY_DIR}/lib/libsecgear_tee.a) + + set(SOURCE_C_OBJS "") + foreach(SOURCE_FILE ${SOURCE_FILES}) + STRING(REGEX REPLACE ".+/(.+)\\..*" "\\1" SOURCE_FILE_NAME ${SOURCE_FILE}) + set(SOURCE_OBJ ${CMAKE_CURRENT_BINARY_DIR}/${SOURCE_FILE_NAME}.o) + add_custom_command( + OUTPUT ${SOURCE_OBJ} + DEPENDS ${SOURCE_FILES} + COMMAND gcc -Wall -I${SDK_INCLUDE_DIR} -I${CMAKE_CURRENT_BINARY_DIR} -I${CMAKE_BINARY_DIR}/inc + -I${LOCAL_ROOT_PATH}/inc/host_inc -I${LOCAL_ROOT_PATH}/inc/host_inc/penglai -I${LOCAL_ROOT_PATH}/inc/enclave_inc + -I${LOCAL_ROOT_PATH}/inc/enclave_inc/penglai -c -o ${SOURCE_OBJ} ${SOURCE_FILE} + COMMENT "generate SOURCE_OBJ" + ) + list(APPEND SOURCE_C_OBJS ${SOURCE_OBJ}) + endforeach() + + set(APP_C_OBJ ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.o) + add_custom_command( + OUTPUT ${APP_C_OBJ} + DEPENDS ${AUTO_FILES} + COMMAND gcc -Wall -I${SDK_INCLUDE_DIR} -I${CMAKE_CURRENT_BINARY_DIR} -I${CMAKE_BINARY_DIR}/inc + -I${LOCAL_ROOT_PATH}/inc/host_inc -I${LOCAL_ROOT_PATH}/inc/host_inc/penglai -I${LOCAL_ROOT_PATH}/inc/enclave_inc + -I${LOCAL_ROOT_PATH}/inc/enclave_inc/penglai -c -o ${APP_C_OBJ} ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c + COMMENT "generate APP_C_OBJ" + ) + + add_custom_command( + OUTPUT ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} + DEPENDS ${APP_C_OBJ} ${SOURCE_C_OBJS} ${SDK_APP_LIB} ${MUSL_LIBC} ${GCC_LIB} + COMMAND ld -static -L${SDK_LIB_DIR} -L${MUSL_LIB_DIR} -L/usr/lib64 -lpenglai-enclave-eapp -lsecgear_tee -lc + -o ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} ${APP_C_OBJ} ${SOURCE_C_OBJS} ${SDK_APP_LIB} ${SECGEAR_TEE_LIB} + ${MUSL_LIBC} ${GCC_LIB} -T ${SDK_PATH}/app.lds + COMMAND chmod -x ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} + COMMENT "generate penglai-ELF" + ) + add_custom_target( + ${OUTPUT} ALL + DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/${OUTPUT} + COMMENT "makefile target penglai-ELF" + ) + +endif() diff --git a/wallfacer 2.0/nested/enclave/Enclave.config.xml b/wallfacer 2.0/nested/enclave/Enclave.config.xml new file mode 100644 index 00000000..e94c9bc5 --- /dev/null +++ b/wallfacer 2.0/nested/enclave/Enclave.config.xml @@ -0,0 +1,12 @@ + + 0 + 0 + 0x40000 + 0x100000 + 10 + 1 + + 0 + 0 + 0xFFFFFFFF + diff --git a/wallfacer 2.0/nested/enclave/Enclave.lds b/wallfacer 2.0/nested/enclave/Enclave.lds new file mode 100644 index 00000000..ab77e647 --- /dev/null +++ b/wallfacer 2.0/nested/enclave/Enclave.lds @@ -0,0 +1,11 @@ +enclave.so +{ + global: + g_global_data_sim; + g_global_data; + enclave_entry; + g_peak_heap_used; + local: + *; +}; + diff --git a/wallfacer 2.0/nested/enclave/config_cloud.ini b/wallfacer 2.0/nested/enclave/config_cloud.ini new file mode 100644 index 00000000..8c70225e --- /dev/null +++ b/wallfacer 2.0/nested/enclave/config_cloud.ini @@ -0,0 +1,60 @@ +[signSecPrivateCfg] +;;; +;private key length for signing TA: +;[fixed value] +;256 ECDSA Alg +;2048/4096 RSA Alg +secSignKeyLen = 4096 +;;; +;[fixed value] +;0 means SHA256 hash type +;1 means SHA512 hash type +secHashType = 0 +;;; +; [fixed value] +;0 means padding type is pkcs1v15 +;1 means padding type is PSS +;[fixed value] +secPaddingType = 1 +;;; +;[fixed value] +;RSA alg +;ECDSA alg +;SM2 alg +secSignAlg = RSA +;;; +;public key for encrypt TA +secEncryptKey = rsa_public_key_cloud.pem +;;; +;public key length +secEncryptKeyLen = 3072 + +[signSecPublicCfg] +;;; +;[fixed value] +; sec sign key type +;0 means debug +;1 means release +secReleaseType = 1 +;;; +;0 means TA not installed by OTRP +;1 means TA installed by OTRP +secOtrpFlag = 0 +;;; +;0 means not sign +;1 means signed by local private +;2 means signed using native sign tool; +;3 means signed by CI +;[fixed value] +secSignType = 1 +;;; +;server address for signing TA +secSignServerIp = +;;; +;private key for signing TA +;[private key owned by yourself] +secSignKey = /home/TA_cert/private_key.pem +;;; +;config file +;[signed config file by Huawei] +configPath = /home/TA_cert/secgear-app1/config diff --git a/wallfacer 2.0/nested/enclave/manifest.txt b/wallfacer 2.0/nested/enclave/manifest.txt new file mode 100644 index 00000000..d78354e6 --- /dev/null +++ b/wallfacer 2.0/nested/enclave/manifest.txt @@ -0,0 +1,7 @@ +gpd.ta.appID: f68fd704-6eb1-4d14-b218-722850eb3ef0 +gpd.ta.service_name: rsa-demo +gpd.ta.singleInstance: true +gpd.ta.multiSession: false +gpd.ta.instanceKeepAlive: false +gpd.ta.dataSize: 819200 +gpd.ta.stackSize: 40960 diff --git a/wallfacer 2.0/nested/enclave/nested.cpp b/wallfacer 2.0/nested/enclave/nested.cpp new file mode 100644 index 00000000..89ba0cba --- /dev/null +++ b/wallfacer 2.0/nested/enclave/nested.cpp @@ -0,0 +1,243 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * secGear is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + +#include +#include +#include +#include "nested_t.h" + +#define TA_HELLO_WORLD "secgear hello world!" +#define BUF_MAX 32 + + +#define ADD 1 +#define SUB 2 +#define MUL 3 +#define DIV 4 +#define EXP 5 +#define SEND 6 +#define RECIEVE 7 + +//内部飞地定义 +class subEnclave { + private: + int subEnlaveID; + int tag; + double result; + double rev; + public: + subEnclave(); + int setID(int); + int setTag(int); + double add(double, double); + double sub(double, double); + double mul(double, double); + double div(double, double); + double exp(double); + int get_tag(); + int get_id(); + friend int send(subEnclave &, subEnclave &); + friend int recieve(subEnclave &, subEnclave &); + ~subEnclave(); +}; + +subEnclave::subEnclave() { + subEnlaveID = 0; + tag = 0; + result = 0; + rev = 0; + //cout << "create subenclave success" << endl; + +} + +subEnclave vec[100]; + +int subEnclave::setID(int ID) { + this->subEnlaveID = ID; + return 0; +} + +int subEnclave::setTag(int tag) { + this->tag = tag; + return 0; +} + +double subEnclave::add(double a = 20, double b = 10) { + result = a + b; + return result; +} + +double subEnclave::sub(double a = 20, double b = 10) { + result = a - b; + return result; +} + +double subEnclave::mul(double a = 20, double b = 10) { + result = a * b; + return result; +} + +double subEnclave::div(double a = 20, double b = 10) { + result = a / b; + return result; +} + +double subEnclave::exp(double x = 7) { + result = x * x + 2 * x + 1; + return result; +} + +int subEnclave::get_tag() { + return tag; +} + +int subEnclave::get_id() { + return subEnlaveID; +} + +int send(subEnclave &a, subEnclave &b) { + b.rev = a.result; + return 0; +} + +int recieve(subEnclave &a, subEnclave &b) { + a.rev = b.result; + return 0; +} + +subEnclave::~subEnclave() { + //cout << "destroy subenclave success" << endl; + print_destroy(); +} + +////////////////////////////////////////////// + + +//std::vector vec; + + + +// create +int createSubEnclave(int id) +{ + + vec[id].setID(id); + print_create(); + //vec.push_back(se[i]); + return 0; +} + +// destroy +int destroySubEnclave() +{ + print_destroy(); + //vec.push_back(se[i]); + return 0; +} + +/* +int isExist(int ID,int num) +{ + int sub = -1; + + for (int i = 0; i < size; i++) { + if (ID == arr[i].get_id()) { + sub = i; + break; + } + } + + for (int i = 0; i < num; i++) { + if (ID == vec[i].get_id()) { + sub = i; + break; + } + } +} +*/ + +//飞地内计算(ecall) +int compute(int tag, int size, int sub, double* result) { + int ID[2]; + int sub1; + vec[sub].setTag(tag); + if (tag == ADD) { + // cout << "result:" << arr[sub].add() << endl; + print_res(vec[sub].add()); + result[0] = vec[sub].add(); + } else if (tag == SUB) { + //cout << "result:" << arr[sub].sub() << endl; + print_res(vec[sub].sub()); + result[0] = vec[sub].sub(); + } else if (tag == MUL) { + //cout << "result:" << arr[sub].mul() << endl; + print_res(vec[sub].mul()); + result[0] = vec[sub].mul(); + } else if (tag == DIV) { + //cout << "result:" << arr[sub].div() << endl; + print_res(vec[sub].div()); + result[0] = vec[sub].div(); + } else if (tag == EXP) { + //cout << "result:" << arr[sub].exp() << endl; + print_res(vec[sub].exp()); + result[0] = vec[sub].exp(); + } else if (tag == SEND) { + //cout << "Please enter the subEnclaveID of the recipient:"; + print_send_hit(); + while (1) { + sub1 = -1; + getid(ID); + for (int i = 0; i < size; i++) { + if (ID[0] == vec[i].get_id()) { + sub1 = i; + break; + } + } + if (sub1 == -1) { + //cout << "The subEnclaveID was not found,please re-enter:"; + print_reenter_hit(); + continue; + } else + break; + } + send(vec[sub], vec[sub1]); + //cout << "Send Success!" << endl; + print_send(); + } else if (tag == RECIEVE) { + //cout << "Please enter the subEnclaveID of the Sender:"; + print_recieve_hit(); + while (1) { + sub1 = -1; + //cin >> ID; + getid(ID); + for (int i = 0; i < size; i++) { + if (ID[0] == vec[i].get_id()) { + sub1 = i; + break; + } + } + if (sub1 == -1) { + //cout << "The subEnclaveID was not found,please re-enter:"; + print_reenter_hit(); + continue; + } else + break; + } + recieve(vec[sub], vec[sub1]); + //cout << "Recieve Success!" << endl; + print_recieve(); + } else { + print_error(); + } + return 0; +} + diff --git a/wallfacer 2.0/nested/enclave/test.cpp b/wallfacer 2.0/nested/enclave/test.cpp new file mode 100644 index 00000000..352d58bc --- /dev/null +++ b/wallfacer 2.0/nested/enclave/test.cpp @@ -0,0 +1,247 @@ +#include +#include +using namespace std; + + +#define ADD 1 +#define SUB 2 +#define MUL 3 +#define DIV 4 +#define EXP 5 +#define SEND 6 +#define RECIEVE 7 + +//内部飞地定义 +class subEnclave { + private: + int subEnlaveID; + int tag; + double result; + double rev; + public: + subEnclave(); + int setID(int); + int setTag(int); + double add(double, double); + double sub(double, double); + double mul(double, double); + double div(double, double); + double exp(double); + int get_tag(); + int get_id(); + friend int send(subEnclave &, subEnclave &); + friend int recieve(subEnclave &, subEnclave &); + ~subEnclave(); +}; + +subEnclave::subEnclave() { + subEnlaveID = 0; + tag = 0; + result = 0; + rev = 0; + cout << "create subenclave success" << endl; +} + +int subEnclave::setID(int ID) { + + this->subEnlaveID = ID; + return 0; +} + +int subEnclave::setTag(int tag) { + this->tag = tag; + return 0; +} + +double subEnclave::add(double a = 20, double b = 10) { + result = a + b; + return result; +} + +double subEnclave::sub(double a = 20, double b = 10) { + result = a - b; + return result; +} + +double subEnclave::mul(double a = 20, double b = 10) { + result = a * b; + return result; +} + +double subEnclave::div(double a = 20, double b = 10) { + result = a / b; + return result; +} + +double subEnclave::exp(double x = 7) { + result = x * x + 2 * x + 1; + return result; +} + +int subEnclave::get_tag() { + return tag; +} + +int subEnclave::get_id() { + return subEnlaveID; +} + +int send(subEnclave &a, subEnclave &b) { + b.rev = a.result; + return 0; +} + +int recieve(subEnclave &a, subEnclave &b) { + a.rev = b.result; + return 0; +} + +subEnclave::~subEnclave() { + cout << "destroy subenclave success" << endl; +} + +bool Check_duplicates(int *arr, int num); +int compute(int tag, subEnclave *arr, int size, int sub); +int Set_subEnclaveID(subEnclave *arr, int size); +int Use_subEnclave(subEnclave *arr, int size); + +//判断重复ID +bool Check_duplicates(int *arr, int num) { + sort(arr, arr + num); + for (int i = 0; i < num - 1; i++) { + if (arr[i] == arr[i + 1]) + return true; + } + return false; +} + +//飞地内计算 +int compute(int tag, subEnclave *arr, int size, int sub) { + int ID; + int sub1; + arr[sub].setTag(tag); + if (tag == ADD) { + cout << "result:" << arr[sub].add() << endl; + } else if (tag == SUB) { + cout << "result:" << arr[sub].sub() << endl; + } else if (tag == MUL) { + cout << "result:" << arr[sub].mul() << endl; + } else if (tag == DIV) { + cout << "result:" << arr[sub].div() << endl; + } else if (tag == EXP) { + cout << "result:" << arr[sub].exp() << endl; + } else if (tag == SEND) { + cout << "Please enter the subEnclaveID of the recipient:"; + while (1) { + sub1 = -1; + cin >> ID; + for (int i = 0; i < size; i++) { + if (ID == arr[i].get_id()) { + sub1 = i; + break; + } + } + if (sub1 == -1) { + cout << "The subEnclaveID was not found,please re-enter:"; + continue; + } else + break; + } + send(arr[sub], arr[sub1]); + cout << "Send Success!" << endl; + } else if (tag == RECIEVE) { + cout << "Please enter the subEnclaveID of the Sender:"; + while (1) { + sub1 = -1; + cin >> ID; + for (int i = 0; i < size; i++) { + if (ID == arr[i].get_id()) { + sub1 = i; + break; + } + } + if (sub1 == -1) { + cout << "The subEnclaveID was not found,please re-enter:"; + continue; + } else + break; + } + recieve(arr[sub], arr[sub1]); + cout << "Recieve Success!" << endl; + } else { + cout << "error" << endl; + } + return 0; +} + +//设置内部飞地ID +int Set_subEnclaveID(subEnclave *arr, int size) { + int ID; + int check_id[size]; + while (1) { + cout << "Please enter the subEnclaveID in turn:" << endl; + for (int i = 0; i < size; i++) { + cin >> ID; + check_id[i] = ID; + } + if (Check_duplicates(check_id, size) == true) { + cout << "Duplicate IDs were found,please re-enter!" << endl << endl; + continue; + } else + break; + } + for (int i = 0; i < size; i++) { + arr[i].setID(check_id[i]); + } + return 0; +} + +//使用内部飞地 +int Use_subEnclave(subEnclave *arr, int size) { + int sub, ID, op; + while (1) { + sub = -1; + cout << "Please enter the subEnclaveID you want to operate: "; + cin >> ID; + for (int i = 0; i < size; i++) { + if (ID == arr[i].get_id()) { + sub = i; + break; + } + } + if (sub == -1) { + cout << "The subEnclaveID was not found,please re-enter!" << endl; + continue; + } + + cout << "Please enter the function you want:" << endl; + cout << "1.ADD 2.SUB 3.MUL 4.DIV 5.EXP" << endl; + cout << "6.SEND 7.RECV 8.SKIP 9.EXIT" << endl; + + cin >> op; + + if (op == 8) + continue; + if (op == 9) + break; + + compute(op, arr, size, sub); + } + return 0; +} + +int main() { + + //创建内部飞地 + int num; + cout << "Please enter the number of subEnclaves: "; + cin >> num; + subEnclave List[num]; + + //设置内部飞地ID + Set_subEnclaveID(List, num); + + //使用内部飞地 + Use_subEnclave(List, num); + return 0; +} \ No newline at end of file diff --git a/wallfacer 2.0/nested/host/CMakeLists.txt b/wallfacer 2.0/nested/host/CMakeLists.txt new file mode 100644 index 00000000..b2621947 --- /dev/null +++ b/wallfacer 2.0/nested/host/CMakeLists.txt @@ -0,0 +1,119 @@ +# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. +# secGear is licensed under the Mulan PSL v2. +# You can use this software according to the terms and conditions of the Mulan PSL v2. +# You may obtain a copy of Mulan PSL v2 at: +# http://license.coscl.org.cn/MulanPSL2 +# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR +# PURPOSE. +# See the Mulan PSL v2 for more details. + +#set auto code prefix +set(PREFIX nested) +#set host exec name +set(OUTPUT secgear_nested) +#set host src code +set(SOURCE_FILE ${CMAKE_CURRENT_SOURCE_DIR}/main.cpp) + +#set auto code +if(CC_GP) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp) +endif() + +if(CC_SGX) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SDK_PATH}/include) +endif() + +if(CC_PL) + set(AUTO_FILES ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c) + add_custom_command(OUTPUT ${AUTO_FILES} + DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE} + COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/penglai) +endif() + +set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIE") +set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS} -s") + +if(CC_GP) + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() + add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) + target_include_directories(${OUTPUT} PRIVATE + ${CMAKE_BINARY_DIR}/inc + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/gp + ${CMAKE_CURRENT_BINARY_DIR}) + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() +endif() + +if(CC_SGX) + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() + add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) + target_include_directories(${OUTPUT} PRIVATE + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/sgx + ${CMAKE_CURRENT_BINARY_DIR}) + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() +endif() + +if(CC_PL) + if(${CMAKE_VERSION} VERSION_LESS "3.13.0") + link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() + add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES}) + target_include_directories(${OUTPUT} PRIVATE + ${LOCAL_ROOT_PATH}/inc/host_inc + ${LOCAL_ROOT_PATH}/inc/host_inc/penglai + ${CMAKE_CURRENT_BINARY_DIR}) + if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") + target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) + endif() +endif() + +if(CC_SIM) + target_link_libraries(${OUTPUT} secgearsim pthread) +else() + target_link_libraries(${OUTPUT} secgear pthread) +endif() +set_target_properties(${OUTPUT} PROPERTIES SKIP_BUILD_RPATH TRUE) + +if(CC_GP) + #itrustee install whitelist /vender/bin/teec_hello + install(TARGETS ${OUTPUT} + RUNTIME + DESTINATION /vendor/bin/ + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ + WORLD_EXECUTE WORLD_READ) +endif() + +if(CC_SGX) + install(TARGETS ${OUTPUT} + RUNTIME + DESTINATION ${CMAKE_BINARY_DIR}/bin/ + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ + WORLD_EXECUTE WORLD_READ) +endif() + +if(CC_PL) + install(TARGETS ${OUTPUT} + RUNTIME + DESTINATION ${CMAKE_BINARY_DIR}/bin/ + PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ + WORLD_EXECUTE WORLD_READ) +endif() diff --git a/wallfacer 2.0/nested/host/main.cpp b/wallfacer 2.0/nested/host/main.cpp new file mode 100644 index 00000000..6eea03c4 --- /dev/null +++ b/wallfacer 2.0/nested/host/main.cpp @@ -0,0 +1,170 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * secGear is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + +#include +#include +#include +#include +#include "enclave.h" +#include "nested_u.h" +#include "string.h" +using namespace std; + +#define BUF_LEN 32 + +void print_res(double result_) +{ + cout << result_ << endl; +} + +void print_error() +{ + cout << "error" << endl; +} + +void print_create() +{ + cout << "create subenclave success" << endl; +} + +void print_destroy() +{ + cout << "destroy subenclave success" << endl; +} + +void getid(int* id) +{ + cin >> id[0]; +} + + +void print_send() +{ + cout << "Send Success!" << endl; +} + +void print_recieve() +{ + cout << "Recieve Success!" << endl; +} + +void print_send_hit() +{ + cout << "Please enter the subEnclaveID of the recipient:"; +} + +void print_recieve_hit() +{ + cout << "Please enter the subEnclaveID of the Sender:"; +} + +void print_reenter_hit() +{ + cout << "The subEnclaveID was not found,please re-enter:"; +} + +int main() +{ + int retval = 0; + char *path = PATH; + char buf[BUF_LEN]; + cc_enclave_t context = {}; + cc_enclave_result_t res = CC_FAIL; + + char real_p[PATH_MAX]; + /* check file exists, if not exist then use absolute path */ + if (realpath(path, real_p) == NULL) { + if (getcwd(real_p, sizeof(real_p)) == NULL) { + printf("Cannot find enclave.sign.so"); + goto end; + } + if (PATH_MAX - strlen(real_p) <= strlen("/enclave.signed.so")) { + printf("Failed to strcat enclave.sign.so path"); + goto end; + } + (void)strcat(real_p, "/enclave.signed.so"); + } + + res = cc_enclave_create(real_p, AUTO_ENCLAVE_TYPE, 0, SECGEAR_DEBUG_FLAG, NULL, 0, &context); + if (res != CC_SUCCESS) { + printf("host create enclave error\n"); + goto end; + } + printf("host create enclave success\n"); + + /* + res = get_string(&context, &retval, buf); + if (res != CC_SUCCESS || retval != (int)CC_SUCCESS) { + printf("Ecall enclave error\n"); + } else { + printf("enclave say:%s\n", buf); + } + */ + + int num; + cout << "Please enter the number of subEnclaves: "; + cin >> num; + double result_[2]; + //cin >> ID; + + //res = compute(); + //cout << result_[0]; + for (int i = 0;i < num;i++) { + res = createSubEnclave(&context, &retval, i); + } + + int sub, ID, op; + while (1) { + sub = -1; + cout << "Please enter the subEnclaveID you want to operate: "; + cin >> ID; + //判断存在 + for (int i = 0; i < num; i++) { + if (ID == i) { + sub = i; + break; + } + } + if (sub == -1) { + cout << "The subEnclaveID was not found,please re-enter!" << endl; + continue; + } + + cout << "Please enter the function you want:" << endl; + cout << "1.ADD 2.SUB 3.MUL 4.DIV 5.EXP" << endl; + cout << "6.SEND 7.RECV 8.SKIP 9.EXIT" << endl; + + cin >> op; + + if (op == 8) + continue; + if (op == 9) + break; + + res = compute(&context, &retval,op, num, sub, result_); + } + + for (int i = 0;i < num;i++) { + res = destroySubEnclave(&context, &retval); + } + + + + res = cc_enclave_destroy(&context); + if(res != CC_SUCCESS) { + printf("host destroy enclave error\n"); + } else { + printf("host destroy enclave success\n"); + } +end: + return res; +} diff --git a/wallfacer 2.0/nested/nested.edl b/wallfacer 2.0/nested/nested.edl new file mode 100644 index 00000000..7dc9df48 --- /dev/null +++ b/wallfacer 2.0/nested/nested.edl @@ -0,0 +1,37 @@ +/* + * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. + * secGear is licensed under the Mulan PSL v2. + * You can use this software according to the terms and conditions of the Mulan PSL v2. + * You may obtain a copy of Mulan PSL v2 at: + * http://license.coscl.org.cn/MulanPSL2 + * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR + * PURPOSE. + * See the Mulan PSL v2 for more details. + */ + +enclave { + include "secgear_urts.h" + from "secgear_tstdc.edl" import *; + trusted { + public int compute(int tag, int size, int sub, [out, size=32]double* _result); + + public int isExist(int ID, int num); + + public int createSubEnclave(int num); + + public int destroySubEnclave(); + }; + untrusted { + void print_res(double res); + void print_error(); + void print_create(); + void print_destroy(); + void getid([in,out,size = 32]int* id); + void print_send(); + void print_recieve(); + void print_send_hit(); + void print_recieve_hit(); + void print_reenter_hit(); + }; +}; -- Gitee