From be78c1841199749b27c027c3215ad27d5d5c2cd5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Thu, 10 Nov 2022 13:18:11 +0000
Subject: [PATCH 01/44] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20wallfacer3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 wallfacer3/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 wallfacer3/.keep

diff --git a/wallfacer3/.keep b/wallfacer3/.keep
new file mode 100644
index 00000000..e69de29b
-- 
Gitee


From 15d7cebf9f18beeb13ea4be092d162cb308d7e2f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Thu, 10 Nov 2022 13:19:36 +0000
Subject: [PATCH 02/44] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20image?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 wallfacer3/image/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 wallfacer3/image/.keep

diff --git a/wallfacer3/image/.keep b/wallfacer3/image/.keep
new file mode 100644
index 00000000..e69de29b
-- 
Gitee


From b82b1ec6a173017e7e5478b365d94907cd78c800 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Thu, 10 Nov 2022 13:19:46 +0000
Subject: [PATCH 03/44] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20wa?=
 =?UTF-8?q?llfacer3/image/.keep?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 wallfacer3/image/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 delete mode 100644 wallfacer3/image/.keep

diff --git a/wallfacer3/image/.keep b/wallfacer3/image/.keep
deleted file mode 100644
index e69de29b..00000000
-- 
Gitee


From 40be5279307086f4a8260becabab0f483e2344a4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Thu, 10 Nov 2022 13:20:10 +0000
Subject: [PATCH 04/44] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20image?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 wallfacer3/image/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 wallfacer3/image/.keep

diff --git a/wallfacer3/image/.keep b/wallfacer3/image/.keep
new file mode 100644
index 00000000..e69de29b
-- 
Gitee


From 78dc03e41276fdca0f079f5a1666cec50c385e25 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Thu, 10 Nov 2022 13:20:36 +0000
Subject: [PATCH 05/44] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20verify?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 wallfacer3/verify/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 wallfacer3/verify/.keep

diff --git a/wallfacer3/verify/.keep b/wallfacer3/verify/.keep
new file mode 100644
index 00000000..e69de29b
-- 
Gitee


From 8d62b1de83cca8be00551be668f75bad631d1f5e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Thu, 10 Nov 2022 13:20:45 +0000
Subject: [PATCH 06/44] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20encrypt?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 wallfacer3/encrypt/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 wallfacer3/encrypt/.keep

diff --git a/wallfacer3/encrypt/.keep b/wallfacer3/encrypt/.keep
new file mode 100644
index 00000000..e69de29b
-- 
Gitee


From 40639f0cc6279f22898e47d044e659f4846510e8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Thu, 10 Nov 2022 13:21:29 +0000
Subject: [PATCH 07/44] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20enclave?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 wallfacer3/encrypt/enclave/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 wallfacer3/encrypt/enclave/.keep

diff --git a/wallfacer3/encrypt/enclave/.keep b/wallfacer3/encrypt/enclave/.keep
new file mode 100644
index 00000000..e69de29b
-- 
Gitee


From d1d5e44f7899f007c6ca1b8528b4a1e14427b990 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Thu, 10 Nov 2022 13:22:54 +0000
Subject: [PATCH 08/44] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20wa?=
 =?UTF-8?q?llfacer3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 wallfacer3/.keep                 | 0
 wallfacer3/encrypt/.keep         | 0
 wallfacer3/encrypt/enclave/.keep | 0
 wallfacer3/image/.keep           | 0
 wallfacer3/verify/.keep          | 0
 5 files changed, 0 insertions(+), 0 deletions(-)
 delete mode 100644 wallfacer3/.keep
 delete mode 100644 wallfacer3/encrypt/.keep
 delete mode 100644 wallfacer3/encrypt/enclave/.keep
 delete mode 100644 wallfacer3/image/.keep
 delete mode 100644 wallfacer3/verify/.keep

diff --git a/wallfacer3/.keep b/wallfacer3/.keep
deleted file mode 100644
index e69de29b..00000000
diff --git a/wallfacer3/encrypt/.keep b/wallfacer3/encrypt/.keep
deleted file mode 100644
index e69de29b..00000000
diff --git a/wallfacer3/encrypt/enclave/.keep b/wallfacer3/encrypt/enclave/.keep
deleted file mode 100644
index e69de29b..00000000
diff --git a/wallfacer3/image/.keep b/wallfacer3/image/.keep
deleted file mode 100644
index e69de29b..00000000
diff --git a/wallfacer3/verify/.keep b/wallfacer3/verify/.keep
deleted file mode 100644
index e69de29b..00000000
-- 
Gitee


From 2d427a817f956df53d036c1d46a0347047dbf73c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Fri, 11 Nov 2022 08:58:54 +0000
Subject: [PATCH 09/44] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20docker4secgear?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docker4secgear/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 docker4secgear/.keep

diff --git a/docker4secgear/.keep b/docker4secgear/.keep
new file mode 100644
index 00000000..e69de29b
-- 
Gitee


From c4a0de72804f2a68fac63b50b12181b19a57bf02 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Fri, 11 Nov 2022 08:59:46 +0000
Subject: [PATCH 10/44] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20do?=
 =?UTF-8?q?cker4secgear?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docker4secgear/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 delete mode 100644 docker4secgear/.keep

diff --git a/docker4secgear/.keep b/docker4secgear/.keep
deleted file mode 100644
index e69de29b..00000000
-- 
Gitee


From bd2cbe0f05f00f5c3cda67b8077c1a2511e692fc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Sun, 13 Nov 2022 12:30:05 +0000
Subject: [PATCH 11/44] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20docker4secgear?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docker4secgear/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 docker4secgear/.keep

diff --git a/docker4secgear/.keep b/docker4secgear/.keep
new file mode 100644
index 00000000..e69de29b
-- 
Gitee


From 1e1a8fae6ab96707c2f3bb8528c577b34a44c5b8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Sun, 13 Nov 2022 12:30:32 +0000
Subject: [PATCH 12/44] README
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 周诏盟 <zhaomeng@isrc.iscas.ac.cn>
---
 docker4secgear/README.md | 63 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 63 insertions(+)
 create mode 100644 docker4secgear/README.md

diff --git a/docker4secgear/README.md b/docker4secgear/README.md
new file mode 100644
index 00000000..1ccef24a
--- /dev/null
+++ b/docker4secgear/README.md
@@ -0,0 +1,63 @@
+# openEuler secGear Docker
+
+#### 简介
+
+该容器镜像为基于openEuler系统 带有Intel SGX SDK的Docker映像，于`\home`路径下封装了`Wallfacer`平台接口，身份认证模块位于`\home\wallfacer_code\verify`下，动态密钥生成模块位于`\home\wallfacer_code\encrypt`下。
+
+#### 部署
+
+由于`gitee`限制，无法上传完整镜像，请基于`/docker`路径下运行`./create.sh`进行容器端的基本支持环境部署。
+
+#### 运行
+
+必须在宿主机上加载Intel SGX内核模块 并且在运行它时必须将它提供给容器:
+
+```bash
+docker run -d --device /dev/isgx --device /dev/mei0 --name test-secgear tozd/sgx:ubuntu-xenial
+docker exec -t -i test-sgx bash
+```
+
+secGear SDK部署于`/opt/intel/sgxsdk`下，需要在bash脚本中加载SDK环境。
+
+```bash
+source /opt/intel/sgxsdk/environment
+```
+
+## 云容器引擎CCE管理Wallfacer项目容器
+
+#### 使用步骤：
+
+完整的云容器引擎使用流程包含以下步骤
+
+![img](https://support.huaweicloud.com/qs-cce/zh-cn_image_0000001325721374.png)
+
+#### 创建集群
+
+* 登录CCE控制台
+* 在CCE集群下单击“创建”
+* 配置集群参数：
+  * 集群版本：建议选择最新的版本，对应Kubernetes社区基线版本。
+  * 网络模型：默认即可。
+  * 控制节点数：默认选择“3”。
+  * 集群规模：按需设置。
+  * 控制节点子网：根据实际部署需求设置集群Master节点所在的子网。
+  * 容器网段：按默认配置即可。
+
+#### 镜像服务
+
+* 使用解压工具将`./image`路径下的`iccnsg.tar`文件进行解压缩
+* 使用`UltraSO`工具，对解压得到的iccnsg文件夹进行刻录，得到iccnsg.iso镜像文件
+
+* 选择私有镜像服务
+* 选择导入镜像——导入私有镜像
+* 选择系统盘镜像，并选择现有桶/或创建桶，将本地iccnsg.iso挂载入桶中
+* 选择配置信息
+  * ECS系统盘镜像
+  * **选择x86架构**
+  * BIOS启动方式
+  * 操作系统选择openEuler 20.03 64bit
+
+#### 创建节点
+
+* 单击创建的集群，进入集群控制台
+* 在左侧菜单栏选择节点管理，单击右上角“创建节点”，在弹出的页面中配置节点的参数。
-- 
Gitee


From c688a2ab56aa5649880ed1822ba502ff30613522 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Sun, 13 Nov 2022 12:30:38 +0000
Subject: [PATCH 13/44] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20do?=
 =?UTF-8?q?cker4secgear/.keep?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docker4secgear/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 delete mode 100644 docker4secgear/.keep

diff --git a/docker4secgear/.keep b/docker4secgear/.keep
deleted file mode 100644
index e69de29b..00000000
-- 
Gitee


From 21bcc0d28ef9fb20d75c9cfef05275eccde46607 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Sun, 13 Nov 2022 12:30:51 +0000
Subject: [PATCH 14/44] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20docker?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docker4secgear/docker/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 docker4secgear/docker/.keep

diff --git a/docker4secgear/docker/.keep b/docker4secgear/docker/.keep
new file mode 100644
index 00000000..e69de29b
-- 
Gitee


From 14a0d1053dd844e5c66f10f8a4d031f44007b1af Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Sun, 13 Nov 2022 12:30:58 +0000
Subject: [PATCH 15/44] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20encrypt?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docker4secgear/encrypt/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 docker4secgear/encrypt/.keep

diff --git a/docker4secgear/encrypt/.keep b/docker4secgear/encrypt/.keep
new file mode 100644
index 00000000..e69de29b
-- 
Gitee


From 947700d2065b263f4b72310e441afec3863088f2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Sun, 13 Nov 2022 12:31:05 +0000
Subject: [PATCH 16/44] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20verify?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docker4secgear/verify/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 docker4secgear/verify/.keep

diff --git a/docker4secgear/verify/.keep b/docker4secgear/verify/.keep
new file mode 100644
index 00000000..e69de29b
-- 
Gitee


From 930c2a8283fed80b5fe69fcaf141222958957b6c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Sun, 13 Nov 2022 12:31:40 +0000
Subject: [PATCH 17/44] create container for secgear
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 周诏盟 <zhaomeng@isrc.iscas.ac.cn>
---
 docker4secgear/docker/create.sh | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 docker4secgear/docker/create.sh

diff --git a/docker4secgear/docker/create.sh b/docker4secgear/docker/create.sh
new file mode 100644
index 00000000..4592f45c
--- /dev/null
+++ b/docker4secgear/docker/create.sh
@@ -0,0 +1,21 @@
+#! /bin/bash
+#test
+echo "pull docker with sgx module"
+echo ""
+docker pull tozd/sgx:latest
+echo "docker start"
+echo "========================================================"
+docker run -d --device /dev/isgx --device /dev/mei0 --name iccnsg tozd/sgx:ubuntu-xenial
+echo "copy wallfacer enclave"
+echo "========================================================"
+docker cp ./docker4secgear/encrypt iccnsg:/home
+docker cp ./docker4secgear/verify iccnsg:/home
+echo "container start"
+echo "========================================================"
+docker exec -t -i iccnsg /bin/bash
+echo "install sdk"
+echo "========================================================"
+yum install python
+yum install g++
+yum install secGear
+yum install secGear-devel
-- 
Gitee


From af9d348983a413a9798a098bbf4b6802caea621b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Sun, 13 Nov 2022 12:31:46 +0000
Subject: [PATCH 18/44] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20do?=
 =?UTF-8?q?cker4secgear/docker/.keep?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docker4secgear/docker/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 delete mode 100644 docker4secgear/docker/.keep

diff --git a/docker4secgear/docker/.keep b/docker4secgear/docker/.keep
deleted file mode 100644
index e69de29b..00000000
-- 
Gitee


From 5ab17e7bd5f311d00be6003043d2e327c1a7eca1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Sun, 13 Nov 2022 12:32:00 +0000
Subject: [PATCH 19/44] save image
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 周诏盟 <zhaomeng@isrc.iscas.ac.cn>
---
 docker4secgear/docker/image.sh | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 docker4secgear/docker/image.sh

diff --git a/docker4secgear/docker/image.sh b/docker4secgear/docker/image.sh
new file mode 100644
index 00000000..c04b6560
--- /dev/null
+++ b/docker4secgear/docker/image.sh
@@ -0,0 +1 @@
+docker save -o iccnsg.tar.gz iccnsg
\ No newline at end of file
-- 
Gitee


From 248063d63f413ce299d7ed4b65f9b792da61349c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Sun, 13 Nov 2022 12:32:36 +0000
Subject: [PATCH 20/44] .DS_Store
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 周诏盟 <zhaomeng@isrc.iscas.ac.cn>
---
 docker4secgear/encrypt/.DS_Store | Bin 0 -> 6148 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 docker4secgear/encrypt/.DS_Store

diff --git a/docker4secgear/encrypt/.DS_Store b/docker4secgear/encrypt/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..d54187715e6e22b85a28e6447303299d877f50f7
GIT binary patch
literal 6148
zcmeHK%}T>S5T0$TO({YT3VI88Ets}a5ig<E7cim+m718K!I&-m%b^r<*BA0dd>&_Z
zH(<2~Pa<{(cE8#A+0A^A{Q&^cn}#ib1^`&t2n8uCgv={lB@;|2)Eqv{APTbaFi2KR
z^cPL^?Nx{%g?mWg)A!2&J#WD<iN_Pic^9Q}Wn;5yRjs;p>pjZMoA{IIxaW_qX>=iF
z5)`^0T*gs0Xl$R#bmGTpG*St17-7iGRh))0>&a;vj#aLw9ahb%4H|p%dAsE}O}o=Q
zS~TtXaU1o+PIs}WSv&g&C+CBw<T;funoEJSE7>wwz$+?W%9?qjG?D28dWx(fnvoe`
z2ABb6V67N1$ADE|tE#zJW`G&^2?Ml0*w_eNgSkevbzn!=XYyAFNl>S^1fgxvHJEEe
z4~o#Kh&ol6Cx+1JXtzzAYcSWS(?O_}aUQdB@putxb+p?m9E7WpduD(cSZ1KChYdRa
z&+wO7`N&^R;Sn>y4E!?&M5XWbdsvh?Tfdb@XRVFx4jT!@<)omXzH|w|0qrBZ%BlS}
a=@{o4%r(+1WLN2kd=XHDaK{Y%0s|lASxlk;

literal 0
HcmV?d00001

-- 
Gitee


From 60d9d531ea3de120401cc7975f3ea4322e8750ef Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Sun, 13 Nov 2022 12:32:41 +0000
Subject: [PATCH 21/44] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20do?=
 =?UTF-8?q?cker4secgear/encrypt/.keep?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docker4secgear/encrypt/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 delete mode 100644 docker4secgear/encrypt/.keep

diff --git a/docker4secgear/encrypt/.keep b/docker4secgear/encrypt/.keep
deleted file mode 100644
index e69de29b..00000000
-- 
Gitee


From 9951ac9665df487f3a49b37c54af035d3b5d2d79 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Sun, 13 Nov 2022 12:32:50 +0000
Subject: [PATCH 22/44] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20enclave?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docker4secgear/encrypt/enclave/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 docker4secgear/encrypt/enclave/.keep

diff --git a/docker4secgear/encrypt/enclave/.keep b/docker4secgear/encrypt/enclave/.keep
new file mode 100644
index 00000000..e69de29b
-- 
Gitee


From 763c83a4f4deb774ad50b804bd2e28deb1c756b4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Sun, 13 Nov 2022 12:33:08 +0000
Subject: [PATCH 23/44] .DS_Store
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 周诏盟 <zhaomeng@isrc.iscas.ac.cn>
---
 docker4secgear/encrypt/enclave/.DS_Store | Bin 0 -> 6148 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 docker4secgear/encrypt/enclave/.DS_Store

diff --git a/docker4secgear/encrypt/enclave/.DS_Store b/docker4secgear/encrypt/enclave/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..f83b41867ce3f6bb0ed9c7c8a277c31804e3eb67
GIT binary patch
literal 6148
zcmeHKOHRW;4E2;q1R<m@S<V8)hD~oUlyHJx0Mb@;kua6`NbDkR#2q*XXW#^g=dl|S
zrAVw00$cLDi9d1j62&nQx#|64LNq3#9LhM_!?H!#&pMEiTG;8*Ij-n|meuuSHjjg7
zGyFyd_}T5!l5S{D6?L9py_U;;dLBm9u_($amhj{U=a2Edd^y_|wfIKVdc|+crrH}9
z&1glDZs|_mq>b<Bwd?C%1MJ5qr|BBn+&X?%-{$Yv4G1wY28;n?;NLKSp3Rc)3)*T7
z7z4&Y%K(2LJd`mgHiGHXfhCOqzzpUj*z+vGIbJa+HiGa#oTLIJ)#-@gBpr6IaY3;W
zlyq`Bd^oM_bV6~dI?nG?IJqEbt1(~<^cmQZ!!h^&i?8SZev%y-1IECgV!&m^teE1K
yw6_j!j(e?#UP4(ot`Tfgut}{LvD}Iep-Eu(ya5KqMi3T={Rku)Y%vCYlz|Tpp+<`U

literal 0
HcmV?d00001

-- 
Gitee


From 6a9afc4dad1d660e5d20e693d8c1788b64732cd1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Sun, 13 Nov 2022 12:33:21 +0000
Subject: [PATCH 24/44] CMakeList
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 周诏盟 <zhaomeng@isrc.iscas.ac.cn>
---
 docker4secgear/encrypt/enclave/CMakeLists.txt | 35 +++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 docker4secgear/encrypt/enclave/CMakeLists.txt

diff --git a/docker4secgear/encrypt/enclave/CMakeLists.txt b/docker4secgear/encrypt/enclave/CMakeLists.txt
new file mode 100644
index 00000000..0f5d3ab8
--- /dev/null
+++ b/docker4secgear/encrypt/enclave/CMakeLists.txt
@@ -0,0 +1,35 @@
+# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+# secGear is licensed under the Mulan PSL v2.
+# You can use this software according to the terms and conditions of the Mulan PSL v2.
+# You may obtain a copy of Mulan PSL v2 at:
+#     http://license.coscl.org.cn/MulanPSL2
+# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+# PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+project(enclave  C)
+
+set(CMAKE_C_STANDARD 99)
+
+set(CURRENT_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR})
+
+#set edl name
+set(EDL_FILE enclave.edl)
+
+if(CC_GP)
+    set(CODETYPE trustzone)
+    set(CODEGEN codegen_arm64)
+    execute_process(COMMAND uuidgen -r OUTPUT_VARIABLE UUID)
+    string(REPLACE "\n" "" UUID ${UUID})
+    add_definitions(-DPATH="/data/${UUID}.sec")
+endif()
+
+if(CC_SGX)
+    set(CODETYPE sgx)
+    set(CODEGEN codegen_x86_64)
+    add_definitions(-DPATH="${CMAKE_CURRENT_BINARY_DIR}/enclave/enclave.signed.so")
+endif()
+
+add_subdirectory(${CURRENT_ROOT_PATH}/enclave)
+add_subdirectory(${CURRENT_ROOT_PATH}/host)
-- 
Gitee


From 434cf7c175ac934152f40eec1f5dbcfb43cdecc3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Sun, 13 Nov 2022 12:33:26 +0000
Subject: [PATCH 25/44] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20do?=
 =?UTF-8?q?cker4secgear/encrypt/enclave/.keep?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docker4secgear/encrypt/enclave/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 delete mode 100644 docker4secgear/encrypt/enclave/.keep

diff --git a/docker4secgear/encrypt/enclave/.keep b/docker4secgear/encrypt/enclave/.keep
deleted file mode 100644
index e69de29b..00000000
-- 
Gitee


From 374cb195feb96596fe958a1cf4b53c0697c68ca1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Sun, 13 Nov 2022 12:33:36 +0000
Subject: [PATCH 26/44] enclave.edl
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 周诏盟 <zhaomeng@isrc.iscas.ac.cn>
---
 docker4secgear/encrypt/enclave/enclave.edl | 28 ++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 docker4secgear/encrypt/enclave/enclave.edl

diff --git a/docker4secgear/encrypt/enclave/enclave.edl b/docker4secgear/encrypt/enclave/enclave.edl
new file mode 100644
index 00000000..77bc7c74
--- /dev/null
+++ b/docker4secgear/encrypt/enclave/enclave.edl
@@ -0,0 +1,28 @@
+/*S
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+ * secGear is licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ *     http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+
+enclave {
+    include "secgear_urts.h"
+    from "secgear_tstdc.edl" import *; 
+    trusted {
+	public int get_int();
+        public int get_string([out, size=80]unsigned char *buf);
+        public void transname([in,size=20]char *name);
+        public void transpsw([in,size=56]char *psw);
+        public void transinfo([in,size=31]char *info);
+        public void transcipher([in,size=64]char *cipher);
+        public void sm3();
+        public void sm4crypt(int len);
+        public void desm4crypt();
+
+    };
+};
-- 
Gitee


From db9a275053107362106f402a5fe3647306108723 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Sun, 13 Nov 2022 12:33:45 +0000
Subject: [PATCH 27/44] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20enclave?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docker4secgear/encrypt/enclave/enclave/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 docker4secgear/encrypt/enclave/enclave/.keep

diff --git a/docker4secgear/encrypt/enclave/enclave/.keep b/docker4secgear/encrypt/enclave/enclave/.keep
new file mode 100644
index 00000000..e69de29b
-- 
Gitee


From e2a05d267c16888084196271313e12deeb184b3a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Sun, 13 Nov 2022 12:33:59 +0000
Subject: [PATCH 28/44] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20host?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docker4secgear/encrypt/enclave/host/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 docker4secgear/encrypt/enclave/host/.keep

diff --git a/docker4secgear/encrypt/enclave/host/.keep b/docker4secgear/encrypt/enclave/host/.keep
new file mode 100644
index 00000000..e69de29b
-- 
Gitee


From 0753b8bde15c5bf61adba503e5a6a1553ae75b6a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Sun, 13 Nov 2022 12:34:24 +0000
Subject: [PATCH 29/44] enclave
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 周诏盟 <zhaomeng@isrc.iscas.ac.cn>
---
 .../encrypt/enclave/enclave/CMakeLists.txt    | 160 +++
 .../enclave/enclave/Enclave.config.xml        |  12 +
 .../encrypt/enclave/enclave/Enclave.lds       |  11 +
 .../encrypt/enclave/enclave/common_utils.h    |  58 ++
 .../encrypt/enclave/enclave/hello.c           | 915 ++++++++++++++++++
 .../encrypt/enclave/enclave/manifest.txt.in   |   8 +
 .../enclave/enclave/rsa_public_key_cloud.pem  |  11 +
 docker4secgear/encrypt/enclave/enclave/sm3.h  | 190 ++++
 docker4secgear/encrypt/enclave/enclave/sm4.h  | 102 ++
 9 files changed, 1467 insertions(+)
 create mode 100644 docker4secgear/encrypt/enclave/enclave/CMakeLists.txt
 create mode 100644 docker4secgear/encrypt/enclave/enclave/Enclave.config.xml
 create mode 100644 docker4secgear/encrypt/enclave/enclave/Enclave.lds
 create mode 100644 docker4secgear/encrypt/enclave/enclave/common_utils.h
 create mode 100644 docker4secgear/encrypt/enclave/enclave/hello.c
 create mode 100644 docker4secgear/encrypt/enclave/enclave/manifest.txt.in
 create mode 100644 docker4secgear/encrypt/enclave/enclave/rsa_public_key_cloud.pem
 create mode 100644 docker4secgear/encrypt/enclave/enclave/sm3.h
 create mode 100644 docker4secgear/encrypt/enclave/enclave/sm4.h

diff --git a/docker4secgear/encrypt/enclave/enclave/CMakeLists.txt b/docker4secgear/encrypt/enclave/enclave/CMakeLists.txt
new file mode 100644
index 00000000..89af399b
--- /dev/null
+++ b/docker4secgear/encrypt/enclave/enclave/CMakeLists.txt
@@ -0,0 +1,160 @@
+# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+# secGear is licensed under the Mulan PSL v2.
+# You can use this software according to the terms and conditions of the Mulan PSL v2.
+# You may obtain a copy of Mulan PSL v2 at:
+#     http://license.coscl.org.cn/MulanPSL2
+# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+# PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+#set auto code prefix
+set(PREFIX enclave)
+
+#set sign key
+set(PEM Enclave_private.pem)
+
+#set sign tool
+set(SIGN_TOOL ${LOCAL_ROOT_PATH}/tools/sign_tool/sign_tool.sh)
+
+#set enclave src code
+set(SOURCE_FILES ${CMAKE_CURRENT_SOURCE_DIR}/hello.c)
+
+#set log level
+set(PRINT_LEVEL 3)
+add_definitions(-DPRINT_LEVEL=${PRINT_LEVEL})
+
+if(CC_GP)
+    #set signed output
+    set(OUTPUT ${UUID}.sec)
+    #set itrustee device key
+    set(DEVICEPEM ${CMAKE_CURRENT_SOURCE_DIR}/rsa_public_key_cloud.pem)
+    #set whilelist. default: /vendor/bin/teec_hello
+    set(WHITE_LIST_0 /vendor/bin/enclave)
+    set(WHITE_LIST_OWNER root)
+    set(WHITE_LIST_1 /vendor/bin/secgear_enclave)
+    set(WHITELIST WHITE_LIST_0 WHITE_LIST_1)
+
+    set(AUTO_FILES  ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h)
+    add_custom_command(OUTPUT ${AUTO_FILES}
+    DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE}
+    COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp)
+endif()
+
+if(CC_SGX)
+    set(OUTPUT enclave.signed.so)
+    set(AUTO_FILES  ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c)
+    add_custom_command(OUTPUT ${AUTO_FILES}
+    DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE}
+    COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SGXSDK}/include)
+endif()
+
+set(COMMON_C_FLAGS "-W -Wall -Werror  -fno-short-enums  -fno-omit-frame-pointer -fstack-protector \
+	-Wstack-protector --param ssp-buffer-size=4 -frecord-gcc-switches -Wextra -nostdinc -nodefaultlibs \
+	-fno-peephole -fno-peephole2 -Wno-main -Wno-error=unused-parameter \
+        -Wno-error=unused-but-set-variable -Wno-error=format-truncation=")
+
+set(COMMON_C_LINK_FLAGS "-Wl,-z,now -Wl,-z,relro -Wl,-z,noexecstack -Wl,-nostdlib -nodefaultlibs -nostartfiles")
+
+if(CC_GP)
+    configure_file("${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt.in" "${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt")
+
+    set(CMAKE_C_FLAGS "${COMMON_C_FLAGS}  -march=armv8-a ")
+    set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS}  -s -fPIC")
+    set(CMAKE_SHARED_LINKER_FLAGS  "${COMMON_C_LINK_FLAGS} -Wl,-s")
+    
+    set(ITRUSTEE_TEEDIR ${iTrusteeSDK}/)
+    set(ITRUSTEE_LIBC ${iTrusteeSDK}/thirdparty/open_source/musl/libc)
+
+    if(${CMAKE_VERSION} VERSION_LESS "3.13.0")
+        link_directories(${CMAKE_BINARY_DIR}/lib/)
+    endif()
+
+    add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES})
+
+    target_include_directories( ${PREFIX} PRIVATE
+	${CMAKE_CURRENT_BINARY_DIR}
+	${LOCAL_ROOT_PATH}/inc/host_inc
+	${LOCAL_ROOT_PATH}/inc/host_inc/gp
+	${LOCAL_ROOT_PATH}/inc/enclave_inc
+	${LOCAL_ROOT_PATH}/inc/enclave_inc/gp
+	${ITRUSTEE_TEEDIR}/include/TA
+	${ITRUSTEE_TEEDIR}/include/TA/huawei_ext
+	${ITRUSTEE_LIBC}/arch/aarch64
+	${ITRUSTEE_LIBC}/
+	${ITRUSTEE_LIBC}/arch/arm/bits
+	${ITRUSTEE_LIBC}/arch/generic
+	${ITRUSTEE_LIBC}/arch/arm
+	${LOCAL_ROOT_PATH}/inc/enclave_inc/gp/itrustee)
+
+    if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0")
+        target_link_directories(${PREFIX} PRIVATE
+	        ${CMAKE_BINARY_DIR}/lib/)
+    endif()
+
+    foreach(WHITE_LIST ${WHITELIST})
+	    add_definitions(-D${WHITE_LIST}="${${WHITE_LIST}}")
+    endforeach(WHITE_LIST)
+    add_definitions(-DWHITE_LIST_OWNER="${WHITE_LIST_OWNER}")
+
+    target_link_libraries(${PREFIX} -lsecgear_tee)
+
+    add_custom_command(TARGET ${PREFIX}
+	      POST_BUILD
+              COMMAND bash ${SIGN_TOOL} -d sign -x trustzone -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -m ${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt 
+	      		-e ${DEVICEPEM} -o ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT})
+
+    install(FILES ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT}  
+        DESTINATION /data
+        PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ GROUP_EXECUTE  WORLD_READ  WORLD_EXECUTE)
+
+endif()
+
+if(CC_SGX)
+    set(SGX_DIR ${SGXSDK})
+    set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -m64 -fvisibility=hidden")
+    set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS}  -s")
+    set(LINK_LIBRARY_PATH ${SGX_DIR}/lib64)
+
+    if(CC_SIM)
+        set(Trts_Library_Name sgx_trts_sim)
+        set(Service_Library_Name sgx_tservice_sim)
+    else()
+        set(Trts_Library_Name sgx_trts)
+        set(Service_Library_Name sgx_tservice)
+    endif()
+
+    set(Crypto_Library_Name sgx_tcrypto)
+
+    set(CMAKE_SHARED_LINKER_FLAGS  "${COMMON_C_LINK_FLAGS} -Wl,-z,defs -Wl,-pie -Bstatic -Bsymbolic -eenclave_entry \
+	-Wl,--export-dynamic -Wl,--defsym,__ImageBase=0 -Wl,--gc-sections -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/Enclave.lds")
+
+    if(${CMAKE_VERSION} VERSION_LESS "3.13.0") 
+        link_directories(${LINK_LIBRARY_PATH})
+    endif()
+
+    add_library(${PREFIX}  SHARED ${SOURCE_FILES} ${AUTO_FILES})
+
+    target_include_directories(${PREFIX} PRIVATE
+	    ${CMAKE_CURRENT_BINARY_DIR}
+	    ${SGX_DIR}/include/tlibc
+	    ${SGX_DIR}/include/libcxx
+	    ${SGX_DIR}/include
+	    ${LOCAL_ROOT_PATH}/inc/host_inc
+	    ${LOCAL_ROOT_PATH}/inc/host_inc/sgx)
+    
+    if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") 
+        target_link_directories(${PREFIX} PRIVATE
+	        ${LINK_LIBRARY_PATH})
+    endif()
+
+    target_link_libraries(${PREFIX}  -Wl,--whole-archive ${Trts_Library_Name} -Wl,--no-whole-archive 
+    		-Wl,--start-group -lsgx_tstdc -lsgx_tcxx -l${Crypto_Library_Name} -l${Service_Library_Name}   -Wl,--end-group)
+    add_custom_command(TARGET ${PREFIX} 
+    POST_BUILD
+    COMMAND umask 0177
+    COMMAND openssl genrsa -3 -out ${PEM} 3072
+    COMMAND bash ${SIGN_TOOL} -d sign -x sgx -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -k ${PEM} -o ${OUTPUT} -c ${CMAKE_CURRENT_SOURCE_DIR}/Enclave.config.xml)
+endif()
+
+set_target_properties(${PREFIX} PROPERTIES SKIP_BUILD_RPATH TRUE)
diff --git a/docker4secgear/encrypt/enclave/enclave/Enclave.config.xml b/docker4secgear/encrypt/enclave/enclave/Enclave.config.xml
new file mode 100644
index 00000000..e94c9bc5
--- /dev/null
+++ b/docker4secgear/encrypt/enclave/enclave/Enclave.config.xml
@@ -0,0 +1,12 @@
+<EnclaveConfiguration>
+  <ProdID>0</ProdID>
+  <ISVSVN>0</ISVSVN>
+  <StackMaxSize>0x40000</StackMaxSize>
+  <HeapMaxSize>0x100000</HeapMaxSize>
+  <TCSNum>10</TCSNum>
+  <TCSPolicy>1</TCSPolicy>
+  <!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
+  <DisableDebug>0</DisableDebug>
+  <MiscSelect>0</MiscSelect>
+  <MiscMask>0xFFFFFFFF</MiscMask>
+</EnclaveConfiguration>
diff --git a/docker4secgear/encrypt/enclave/enclave/Enclave.lds b/docker4secgear/encrypt/enclave/enclave/Enclave.lds
new file mode 100644
index 00000000..ab77e647
--- /dev/null
+++ b/docker4secgear/encrypt/enclave/enclave/Enclave.lds
@@ -0,0 +1,11 @@
+enclave.so
+{
+    global:
+        g_global_data_sim;
+        g_global_data;
+        enclave_entry;
+        g_peak_heap_used;
+    local:
+        *;
+};
+
diff --git a/docker4secgear/encrypt/enclave/enclave/common_utils.h b/docker4secgear/encrypt/enclave/enclave/common_utils.h
new file mode 100644
index 00000000..bd8c6471
--- /dev/null
+++ b/docker4secgear/encrypt/enclave/enclave/common_utils.h
@@ -0,0 +1,58 @@
+#ifndef SECGEAR_SM_COMMON_UTILS
+#define SECGEAR_SM_COMMON_UTILS
+
+#include <ctype.h>
+
+typedef __uint8_t uint8;
+typedef __uint16_t uint16;
+typedef __uint32_t uint32;
+typedef __uint64_t uint64;
+
+#define CONCAT_8x4(x0, x1, x2, x3) ((((uint32)(x0) << 8 | (x1)) << 8 | (x2)) << 8 | (x3)) // X = (x0 || x1 || x2 || x3)
+#define CONCAT_16x2(x0, x1) ((uint32)(x0) << 16 | (x1)) // X = (x0 || x1)
+#define EXTRACT_8_32(X, i) (((X) >> (((i) ^ 3) << 3)) & 0xFF) // X = (x0 || x1 || x2 || x3)
+#define EXTRACT_16_32(X, i) (((X) >> (((i) ^ 1) << 4)) & 0xFFFF) // X = (x0 || x1)
+#define EXTRACT_16H_31(X) (((X) >> 15) & 0xFFFF) // Higher 16-bit from 31-bit
+#define EXTRACT_16L_31(X) ((X) & 0xFFFF) // Lower 16-bit from 31-bit
+
+#define ROTATE(a, n) (((a) << (n)) | (((a) & 0xFFFFFFFF) >> (32 - (n))))
+#define ROTATE_31(a, n) ((((a) << (n)) & 0x7FFFFFFF) | (((a) & 0x7FFFFFFF) >> (31 - (n))))
+
+#define GET_BIT_VALUE_32(x, i) (((x) >> (31 - (i))) & 1)
+
+const uint32 PREFIX_MASK_32[32] = {
+    0x00000000,
+    0x80000000, 
+    0xC0000000, 
+    0xE0000000, 
+    0xF0000000, 
+    0xF8000000, 
+    0xFC000000, 
+    0xFE000000, 
+    0xFF000000, 
+    0xFF800000, 
+    0xFFC00000, 
+    0xFFE00000, 
+    0xFFF00000, 
+    0xFFF80000, 
+    0xFFFC0000, 
+    0xFFFE0000, 
+    0xFFFF0000, 
+    0xFFFF8000, 
+    0xFFFFC000, 
+    0xFFFFE000, 
+    0xFFFFF000, 
+    0xFFFFF800, 
+    0xFFFFFC00, 
+    0xFFFFFE00, 
+    0xFFFFFF00, 
+    0xFFFFFF80, 
+    0xFFFFFFC0, 
+    0xFFFFFFE0, 
+    0xFFFFFFF0, 
+    0xFFFFFFF8, 
+    0xFFFFFFFC, 
+    0xFFFFFFFE
+};
+
+#endif
\ No newline at end of file
diff --git a/docker4secgear/encrypt/enclave/enclave/hello.c b/docker4secgear/encrypt/enclave/enclave/hello.c
new file mode 100644
index 00000000..d2fa5f44
--- /dev/null
+++ b/docker4secgear/encrypt/enclave/enclave/hello.c
@@ -0,0 +1,915 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+ * secGear is licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ *     http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include "enclave_t.h"
+
+#define BUF_MAX 32
+#define Mkey  "admin"  //主密钥，用于生成存储密钥
+char uname[20];//用户名
+char upsw[56];//用户密码
+char buff[80];//用户名与密码相连字符串
+char uinfo[31];//用户机密信息,字符串
+char ucipher[64];//用户十六进制密文字符串
+char c[32];//用户十六进制转字符串
+unsigned char cipt[40];//sm3加密后生成的存储密钥
+int num=0;
+char key[16];//sm4加密密钥
+char acipt[40];//sm4加密后生成的信息密文
+char temp[32];
+int nnn;
+
+
+
+void transname(char *name)//获得用户名
+{
+    strncpy(uname,name, strlen(name));
+}
+void transpsw(char *psw)//获得用户密码
+{
+    strncpy(upsw,psw, strlen(psw));
+}
+void transinfo(char *info)//获得用户机密信息
+{
+    strncpy(uinfo,info, strlen(info));
+}
+void transcipher(char *cipher)//获得用户机密信息
+{
+    strncpy(ucipher,cipher, strlen(cipher));
+}
+
+//SM3
+
+#include "sm3.h"
+
+void sm3()
+{
+	strncpy(buff, uname, strlen(uname));//获得用户名
+	strncat(buff, upsw, strlen(upsw));//连接用户密码
+	strncat(buff, Mkey, strlen(Mkey));//连接用户密码
+    SM3_CTX c;
+    sm3_init(&c);
+    sm3_update(&c, buff, strlen(buff));
+    sm3_final(&c, cipt);
+}
+
+//SM4加密算法
+
+#include "sm4.h"
+
+/**
+ * S盒
+ */
+static const int S[16][16] = 
+{ 
+    {
+        0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 
+        0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76
+    },
+	{
+        0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 
+        0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0
+    },
+	{
+        0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 
+        0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15
+    },
+	{
+        0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 
+        0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75
+    },
+	{
+        0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 
+        0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84
+    },
+	{
+        0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 
+        0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf
+    },
+	{
+        0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 
+        0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8
+    },
+	{
+        0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 
+        0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2
+    },
+	{
+        0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 
+        0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73
+    },
+	{
+        0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 
+        0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb
+    },
+	{
+        0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 
+        0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79
+    },
+	{
+        0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 
+        0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08
+    },
+	{
+        0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 
+        0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a
+    },
+	{
+        0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 
+        0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e
+    },
+	{
+        0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 
+        0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf
+    },
+	{
+        0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 
+        0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
+    }
+};
+/**
+ * 逆S盒
+ */
+static const int S2[16][16] = 
+{ 
+    {
+        0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 
+        0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb
+    },
+	{
+        0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 
+        0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb
+    },
+	{
+        0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 
+        0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e
+    },
+	{
+        0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 
+        0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25
+    },
+	{
+        0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 
+        0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92
+    },
+	{
+        0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 
+        0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84
+    },
+	{
+        0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 
+        0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06
+    },
+	{
+        0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 
+        0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b
+    },
+	{
+        0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 
+        0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73
+    },
+	{
+        0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 
+        0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e
+    },
+	{
+        0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 
+        0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b
+    },
+	{
+        0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 
+        0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4
+    },
+	{
+        0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 
+        0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f
+    },
+	{
+        0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 
+        0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef
+    },
+	{
+        0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 
+        0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61
+    },
+	{
+        0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 
+        0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d
+    } 
+};
+/**
+ * 获取整形数据的低8位的左4个位
+ */
+static int getLeft4Bit(int num) 
+{
+	int left = num & 0x000000f0;
+	return left >> 4;
+}
+/**
+ * 获取整形数据的低8位的右4个位
+ */
+static int getRight4Bit(int num) 
+{
+	return num & 0x0000000f;
+}
+/**
+ * 根据索引，从S盒中获得元素
+ */
+static int getNumFromSBox(int index) 
+{
+	int row = getLeft4Bit(index);
+	int col = getRight4Bit(index);
+	return S[row][col];
+}
+/**
+ * 把一个字符转变成整型
+ */
+static int getIntFromChar(char c) 
+{
+	int result = (int) c;
+	return result & 0x000000ff;
+}
+/**
+ * 把16个字符转变成4X4的数组，
+ * 该矩阵中字节的排列顺序为从上到下，
+ * 从左到右依次排列。
+ */
+static void convertToIntArray(char *str, int pa[4][4]) 
+{
+	int k = 0;
+	for(int i = 0; i < 4; i++)
+		for(int j = 0; j < 4; j++) {
+			pa[j][i] = getIntFromChar(str[k]);
+			k++;
+		}
+}
+/**
+ * 把连续的4个字符合并成一个4字节的整型
+ */
+static int getWordFromStr(char *str) 
+{
+	int one = getIntFromChar(str[0]);
+	one = one << 24;
+	int two = getIntFromChar(str[1]);
+	two = two << 16;
+	int three = getIntFromChar(str[2]);
+	three = three << 8;
+	int four = getIntFromChar(str[3]);
+	return one | two | three | four;
+}
+/**
+ * 把一个4字节的数的第一、二、三、四个字节取出，
+ * 入进一个4个元素的整型数组里面。
+ */
+static void splitIntToArray(int num, int array[4]) 
+{
+	int one = num >> 24;
+	array[0] = one & 0x000000ff;
+	int two = num >> 16;
+	array[1] = two & 0x000000ff;
+	int three = num >> 8;
+	array[2] = three & 0x000000ff;
+	array[3] = num & 0x000000ff;
+}
+/**
+ * 将数组中的元素循环左移step位
+ */
+static void leftLoop4int(int array[4], int step) 
+{
+	int temp[4];
+	for(int i = 0; i < 4; i++)
+    {
+		temp[i] = array[i];
+    }
+	int index = step % 4 == 0 ? 0 : step % 4;
+	for(int i = 0; i < 4; i++)
+    {
+		array[i] = temp[index];
+		index++;
+		index = index % 4;
+	}
+}
+/**
+ * 把数组中的第一、二、三和四元素分别作为
+ * 4字节整型的第一、二、三和四字节，合并成一个4字节整型
+ */
+static int mergeArrayToInt(int array[4]) 
+{
+	int one = array[0] << 24;
+	int two = array[1] << 16;
+	int three = array[2] << 8;
+	int four = array[3];
+	return one | two | three | four;
+}
+/**
+ * 常量轮值表
+ */
+static const int Rcon[10] = 
+{ 
+    0x01000000, 0x02000000,
+	0x04000000, 0x08000000,
+	0x10000000, 0x20000000,
+	0x40000000, 0x80000000,
+	0x1b000000, 0x36000000 
+};
+/**
+ * 密钥扩展中的T函数
+ */
+static int T(int num, int round) 
+{
+	int numArray[4];
+	splitIntToArray(num, numArray);
+	leftLoop4int(numArray, 1);//字循环
+	//字节代换
+	for(int i = 0; i < 4; i++)
+    {
+		numArray[i] = getNumFromSBox(numArray[i]);
+    }
+	int result = mergeArrayToInt(numArray);
+	return result ^ Rcon[round];
+}
+//密钥对应的扩展数组
+static int w[44];
+/**
+ * 扩展密钥，结果是把w[44]中的每个元素初始化
+ */
+static void extendKey(char *key) 
+{
+	for(int i = 0; i < 4; i++)
+    {
+		w[i] = getWordFromStr(key + i * 4);
+    }
+	for(int i = 4, j = 0; i < 44; i++) 
+    {
+		if( i % 4 == 0) 
+        {
+			w[i] = w[i - 4] ^ T(w[i - 1], j);
+			j++;//下一轮
+		}
+        else 
+        {
+			w[i] = w[i - 4] ^ w[i - 1];
+		}
+	}
+}
+/**
+ * 轮密钥加
+ */
+static void addRoundKey(int array[4][4], int round) 
+{
+	int warray[4];
+	for(int i = 0; i < 4; i++) 
+    {
+		splitIntToArray(w[ round * 4 + i], warray);
+		for(int j = 0; j < 4; j++) 
+        {
+			array[j][i] = array[j][i] ^ warray[j];
+		}
+	}
+}
+/**
+ * 字节代换
+ */
+static void subBytes(int array[4][4])
+{
+	for(int i = 0; i < 4; i++)
+    {
+		for(int j = 0; j < 4; j++)
+        {
+			array[i][j] = getNumFromSBox(array[i][j]);
+        }
+    }
+}
+/**
+ * 行移位
+ */
+static void shiftRows(int array[4][4]) 
+{
+	int rowTwo[4], rowThree[4], rowFour[4];
+	//复制状态矩阵的第2,3,4行
+	for(int i = 0; i < 4; i++) 
+    {
+		rowTwo[i] = array[1][i];
+		rowThree[i] = array[2][i];
+		rowFour[i] = array[3][i];
+	}
+	//循环左移相应的位数
+	leftLoop4int(rowTwo, 1);
+	leftLoop4int(rowThree, 2);
+	leftLoop4int(rowFour, 3);
+	//把左移后的行复制回状态矩阵中
+	for(int i = 0; i < 4; i++) 
+    {
+		array[1][i] = rowTwo[i];
+		array[2][i] = rowThree[i];
+		array[3][i] = rowFour[i];
+	}
+}
+/**
+ * 列混合要用到的矩阵
+ */
+static const int colM[4][4] = 
+{ 
+    {2, 3, 1, 1},
+	{1, 2, 3, 1},
+	{1, 1, 2, 3},
+	{3, 1, 1, 2} 
+};
+static int GFMul2(int s) 
+{
+	int result = s << 1;
+	int a7 = result & 0x00000100;
+	if(a7 != 0) 
+    {
+		result = result & 0x000000ff;
+		result = result ^ 0x1b;
+	}
+	return result;
+}
+static int GFMul3(int s) 
+{
+	return GFMul2(s) ^ s;
+}
+static int GFMul4(int s) 
+{
+	return GFMul2(GFMul2(s));
+}
+static int GFMul8(int s) 
+{
+	return GFMul2(GFMul4(s));
+}
+static int GFMul9(int s) 
+{
+	return GFMul8(s) ^ s;
+}
+static int GFMul11(int s) 
+{
+	return GFMul9(s) ^ GFMul2(s);
+}
+static int GFMul12(int s) 
+{
+	return GFMul8(s) ^ GFMul4(s);
+}
+static int GFMul13(int s) 
+{
+	return GFMul12(s) ^ s;
+}
+static int GFMul14(int s) 
+{
+	return GFMul12(s) ^ GFMul2(s);
+}
+/**
+ * GF上的二元运算
+ */
+static int GFMul(int n, int s) 
+{
+	int result;
+	if(n == 1)
+    {
+		result = s;
+    }
+	else if(n == 2)
+    {
+		result = GFMul2(s);
+    }
+	else if(n == 3)
+    {
+		result = GFMul3(s);
+    }
+	else if(n == 0x9)
+    {
+		result = GFMul9(s);
+    }
+	else if(n == 0xb)//11
+    {
+		result = GFMul11(s);
+    }
+	else if(n == 0xd)//13
+    {
+		result = GFMul13(s);
+    }
+	else if(n == 0xe)//14
+    {
+		result = GFMul14(s);
+    }
+	return result;
+}
+/**
+ * 列混合
+ */
+static void mixColumns(int array[4][4]) 
+{
+	int tempArray[4][4];
+	for(int i = 0; i < 4; i++)
+    {
+		for(int j = 0; j < 4; j++)
+        {
+			tempArray[i][j] = array[i][j];
+        }
+    }
+	for(int i = 0; i < 4; i++)
+    {
+		for(int j = 0; j < 4; j++)
+        {
+			array[i][j] = GFMul(colM[i][0],tempArray[0][j]) ^ 
+                                GFMul(colM[i][1],tempArray[1][j]) 
+				                ^ GFMul(colM[i][2],tempArray[2][j]) 
+                                ^ GFMul(colM[i][3], tempArray[3][j]);
+		}
+    }
+}
+/**
+ * 把4X4数组转回字符串
+ */
+static void convertArrayToStr(int array[4][4], char *str) {
+	for(int i = 0; i < 4; i++)
+    {
+		for(int j = 0; j < 4; j++)
+        {
+			*str++ = (char)array[j][i];	
+        }
+    }
+}
+/**
+ * 参数 p: 明文的字符串数组。
+ * 参数 plen: 明文的长度。
+ * 参数 key: 密钥的字符串数组。
+ */
+void sm4(char *p, int plen, char *key)
+{
+	extendKey(key);//扩展密钥
+	int pArray[4][4];
+	for(int k = 0; k < plen; k += 16) 
+    {	
+		convertToIntArray(p + k, pArray);
+		addRoundKey(pArray, 0);//一开始的轮密钥加
+		for(int i = 1; i < 10; i++)
+        {//前9轮
+			subBytes(pArray);//字节代换
+			shiftRows(pArray);//行移位
+			mixColumns(pArray);//列混合
+			addRoundKey(pArray, i);
+		}
+		//第10轮
+		subBytes(pArray);//字节代换
+		shiftRows(pArray);//行移位
+		addRoundKey(pArray, 10);
+		convertArrayToStr(pArray, p + k);
+	}
+}
+/**
+ * 根据索引从逆S盒中获取值
+ */
+static int getNumFromS1Box(int index) 
+{
+	int row = getLeft4Bit(index);
+	int col = getRight4Bit(index);
+	return S2[row][col];
+}
+/**
+ * 逆字节变换
+ */
+static void deSubBytes(int array[4][4]) 
+{
+	for(int i = 0; i < 4; i++)
+    {
+		for(int j = 0; j < 4; j++)
+        {
+			array[i][j] = getNumFromS1Box(array[i][j]);
+        }
+    }
+}
+/**
+ * 把4个元素的数组循环右移step位
+ */
+static void rightLoop4int(int array[4], int step) 
+{
+	int temp[4];
+	for(int i = 0; i < 4; i++)
+    {
+		temp[i] = array[i];
+    }
+	int index = step % 4 == 0 ? 0 : step % 4;
+	index = 3 - index;
+	for(int i = 3; i >= 0; i--) 
+    {
+		array[i] = temp[index];
+		index--;
+		index = index == -1 ? 3 : index;
+	}
+}
+/**
+ * 逆行移位
+ */
+static void deShiftRows(int array[4][4]) 
+{
+	int rowTwo[4], rowThree[4], rowFour[4];
+	for(int i = 0; i < 4; i++) 
+    {
+		rowTwo[i] = array[1][i];
+		rowThree[i] = array[2][i];
+		rowFour[i] = array[3][i];
+	}
+	rightLoop4int(rowTwo, 1);
+	rightLoop4int(rowThree, 2);
+	rightLoop4int(rowFour, 3);
+	for(int i = 0; i < 4; i++) 
+    {
+		array[1][i] = rowTwo[i];
+		array[2][i] = rowThree[i];
+		array[3][i] = rowFour[i];
+	}
+}
+/**
+ * 逆列混合用到的矩阵
+ */
+static const int deColM[4][4] = 
+{ 
+    {0xe, 0xb, 0xd, 0x9},
+	{0x9, 0xe, 0xb, 0xd},
+	{0xd, 0x9, 0xe, 0xb},
+	{0xb, 0xd, 0x9, 0xe} 
+};
+/**
+ * 逆列混合
+ */
+static void deMixColumns(int array[4][4]) 
+{
+	int tempArray[4][4];
+	for(int i = 0; i < 4; i++)
+    {
+		for(int j = 0; j < 4; j++)
+        {
+			tempArray[i][j] = array[i][j];
+        }
+    }
+	for(int i = 0; i < 4; i++)
+    {
+		for(int j = 0; j < 4; j++)
+        {
+			array[i][j] = GFMul(deColM[i][0],tempArray[0][j]) ^ 
+                                GFMul(deColM[i][1],tempArray[1][j]) ^ 
+                                GFMul(deColM[i][2],tempArray[2][j]) ^ 
+                                GFMul(deColM[i][3], tempArray[3][j]);
+		}
+    }
+}
+/**
+ * 把两个4X4数组进行异或
+ */
+static void addRoundTowArray(int aArray[4][4],int bArray[4][4]) 
+{
+	for(int i = 0; i < 4; i++)
+    {
+		for(int j = 0; j < 4; j++)
+        {
+			aArray[i][j] = aArray[i][j] ^ bArray[i][j];
+        }
+    }
+}
+/**
+ * 从4个32位的密钥字中获得4X4数组，
+ * 用于进行逆列混合
+ */
+static void getArrayFrom4W(int i, int array[4][4]) 
+{
+	int index = i * 4;
+	int colOne[4], colTwo[4], colThree[4], colFour[4];
+	splitIntToArray(w[index], colOne);
+	splitIntToArray(w[index + 1], colTwo);
+	splitIntToArray(w[index + 2], colThree);
+	splitIntToArray(w[index + 3], colFour);
+	for(int i = 0; i < 4; i++) 
+    {
+		array[i][0] = colOne[i];
+		array[i][1] = colTwo[i];
+		array[i][2] = colThree[i];
+		array[i][3] = colFour[i];
+	}
+}
+/**
+ * 参数 c: 密文的字符串数组。
+ * 参数 clen: 密文的长度。
+ * 参数 key: 密钥的字符串数组。
+ */
+void desm4(char *c, int clen, char *key) 
+{
+	extendKey(key);//扩展密钥
+	int cArray[4][4];
+	for(int k = 0; k < clen; k += 16) 
+    {
+		convertToIntArray(c + k, cArray);
+		addRoundKey(cArray, 10);
+		int wArray[4][4];
+		for(int i = 9; i >= 1; i--) 
+        {
+			deSubBytes(cArray);
+			deShiftRows(cArray);
+			deMixColumns(cArray);
+			getArrayFrom4W(i, wArray);
+			deMixColumns(wArray);
+			addRoundTowArray(cArray, wArray);
+		}
+		deSubBytes(cArray);
+		deShiftRows(cArray);
+		addRoundKey(cArray, 0);
+		convertArrayToStr(cArray, c + k);
+	}
+}
+
+#define MAXLEN 1024
+
+void printASCII(char *str, int len) {//字符串转16进制
+	for(int i = 0; i < len; i++) {
+		acipt[i] = (int)*str++;
+		acipt[i] = acipt[i] & 0x000000ff;
+	}
+}
+
+void hex32_str(char *data,char *input)//将16进制串转字符串
+{
+	int i=0,sum;
+	char t;
+	for(i=0;i<32;i=i+2)
+	{
+		sum=0;
+		t=data[i];
+		if(t<='9')
+		{
+			sum=((int)t-48)*16;
+		}
+		else
+		{
+			switch(t)
+			{
+			case 'a':sum=10*16;break;
+			case 'b':sum=11*16;break;
+			case 'c':sum=12*16;break;
+			case 'd':sum=13*16;break;
+			case 'e':sum=14*16;break;
+			case 'f':sum=15*16;break;
+			}
+		}
+		t=data[i+1];
+		if(t<='9')
+		{
+			sum=sum+((int)t-48);
+		}
+		else
+		{
+			switch(t)
+			{
+			case 'a':sum=sum+10;break;
+			case 'b':sum=sum+11;break;
+			case 'c':sum=sum+12;break;
+			case 'd':sum=sum+13;break;
+			case 'e':sum=sum+14;break;
+			case 'f':sum=sum+15;break;
+			}
+		}
+		input[i/2]=(char)sum;
+	}
+}
+
+void hex16_str(char *data,char *output,int len)//将16进制转字符串
+{
+	for(int i = 0; i < len; i++) {
+		output[i] = (char)data[i];//data中每个元素为字符对应的十进制数
+	}	
+}
+
+
+/**
+ * 使用PKCS#7 填充字符串
+ p：要填充的明文字符串
+ len：明文字符串长度
+ */
+int PKCS7Padding(char *p, int len)
+{
+	//ascii码转16进制，temp中每个元素为字符对应的十进制数,方便填充
+	for(int i = 0; i < len; i++) {
+		temp[i] = (int)*p++;
+		temp[i] = temp[i] & 0x000000ff;//temp中为字符转数字，即a=97
+	}
+	
+	int i;
+    int block = len/16;//数据分组的组数
+    int start = len;//开始补码的地址
+    int end=(block+1)*16;//补码后总长度
+    int t=16-len%16;//要补的位数,也即要补的字符
+    if(t<10)
+    {
+    	for(i = start; i < end; i++)
+        {
+            temp[i] = t;
+        };
+    }
+    else if(t<=15)
+    {
+    	for(i = start; i < end; i++)
+        {
+            temp[i] = t;
+        }
+    }
+    else if(t==16)//error
+    {
+    	for(i = start; i < end; i++)
+        {
+            temp[i] = 16;
+        }
+    }
+    
+    hex16_str(temp,uinfo,end);//将temp中的每个元素对应的十进制数转为字符，方便后续对字符串加密
+    nnn=end;
+    return end;
+}
+
+/**
+ * 删除PKCS#7 填充字符串
+ c：要删除填充的解密后的字符串
+ len：解密后字符串长度
+ padlen:删除填充后字符串长度
+ */
+int dePKCS7Padding(char *c, int len)
+{
+//送进来的为字符串，每个元素为字符，需要先获取最后一个字符，将字符转int，如0a=10，再从len-10开始置0到最后，返回重置后的字符串
+    int padlen=(int)c[len-1];
+    nnn=len-padlen;
+    for(int i=len-padlen;i<len;i++)
+    {
+    	c[i]='0';
+    }
+    return len-padlen;
+}
+
+
+
+void sm4crypt(int len)//sm4加密
+{
+	int t=strlen((char *)cipt);
+    for(int i=0;i<t;i++)
+    {
+    	key[i]=cipt[i];
+    }
+    
+    len=PKCS7Padding(uinfo,len);//将真实加密支付串值代入，防止二次加密产生错误
+	sm4(uinfo,len,key);
+	printASCII(uinfo, len);
+}
+
+
+void desm4crypt()
+{
+	int t=strlen((char *)cipt);
+    for(int i=0;i<t;i++)
+    {
+    	key[i]=cipt[i];
+    }
+    hex32_str(ucipher,c);
+    int clen=strlen(c);
+    desm4(c, clen, key);
+    nnn=clen;
+    int delen=dePKCS7Padding(c, clen);
+    printASCII(c, delen);
+    
+}
+
+int get_int()
+{
+	return nnn;
+}
+
+int get_string(unsigned char *buf)
+{
+	if(num==0)
+	{
+    	int t=strlen((char *)cipt);
+    	for(int i=0;i<t;i++)
+    	{
+    		buf[i]=cipt[i];
+    	}
+    	num++;
+    	return 0;
+	}
+	else
+	{
+		int tt=strlen((char *)acipt);
+    	for(int i=0;i<tt;i++)
+    	{
+    		buf[i]=acipt[i];
+    	}
+    	return 0;
+	}
+}
diff --git a/docker4secgear/encrypt/enclave/enclave/manifest.txt.in b/docker4secgear/encrypt/enclave/enclave/manifest.txt.in
new file mode 100644
index 00000000..7b8ecf59
--- /dev/null
+++ b/docker4secgear/encrypt/enclave/enclave/manifest.txt.in
@@ -0,0 +1,8 @@
+gpd.ta.appID:	@UUID@
+gpd.ta.service_name:	test0108
+gpd.ta.singleInstance:	true
+gpd.ta.multiSession:	false
+gpd.ta.multiCommand:	false
+gpd.ta.instanceKeepAlive:	false
+gpd.ta.dataSize:	16384
+gpd.ta.stackSize:	20480
diff --git a/docker4secgear/encrypt/enclave/enclave/rsa_public_key_cloud.pem b/docker4secgear/encrypt/enclave/enclave/rsa_public_key_cloud.pem
new file mode 100644
index 00000000..a321f63e
--- /dev/null
+++ b/docker4secgear/encrypt/enclave/enclave/rsa_public_key_cloud.pem
@@ -0,0 +1,11 @@
+-----BEGIN PUBLIC KEY-----
+MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAzAPwbnbgBg7JgXERA9Bx
+p7GLI1S3e1zL83RMd2+GXb6kO4yMKUL3NUCE2HhA2BtQYmLyGovx59UUcKnU58is
+Xux++kH+A2shmOPjYvEFuX0Kt8tc19b8M9b/iHsY8ZmKykqia2a5U+IrECRFJo5p
+DWUnl7jrHVtq78BSR1c7iXG1frrEC0AYCuqKJo/fxfmOKL0Y9mENCB3nAwjn9unD
+BsO/OhkqvvB3nkeuMfNKPh4wCqtQPve13eTojbuxjX/3ePijplTI5X2Gr+n6Ximn
+fYRlytQmMgMl/db0ARSKNApq9bmwzVNrnGWWZWJksdRvf6iL7t17Gs4L9AApOuC9
+WkzxPvwp5ZUqjsGd4oJGWeC6ZE6BTw2vxE+xMFI9uAKHxq9pBKkcGMa0g4fANNNV
++W+8JZGanxEXKB3y/M7BCyQAPCWOHC/RNjmRA1gczLYCPzC4pWu935UZdF1RR6zY
+CD3t+FoOGGET/g4CwWgyhb5qkp65Hs6ayYt/DUAqo+yBAgMBAAE=
+-----END PUBLIC KEY-----
diff --git a/docker4secgear/encrypt/enclave/enclave/sm3.h b/docker4secgear/encrypt/enclave/enclave/sm3.h
new file mode 100644
index 00000000..3f5b02b1
--- /dev/null
+++ b/docker4secgear/encrypt/enclave/enclave/sm3.h
@@ -0,0 +1,190 @@
+#ifndef SECGEAR_SM3_H
+#define SECGEAR_SM3_H
+
+#include <string.h>
+#include "common_utils.h"
+
+#define SM3_DIGEST_LENGTH 32
+#define SM3_WORD uint32
+
+#define SM3_CBLOCK 64
+#define SM3_LBLOCK (SM3_CBLOCK/4)
+
+typedef struct SM3state_st {
+    SM3_WORD A, B, C, D, E, F, G, H;
+    SM3_WORD Nl, Nh;
+    SM3_WORD data[SM3_LBLOCK];
+    unsigned int num;
+} SM3_CTX;
+
+#define ROTATE(a, n) (((a) << (n)) | (((a) & 0xFFFFFFFF) >> (32 - (n))))
+
+# define HOST_c2l(c,l)  (l =(((unsigned long)(*((c)++)))<<24),          \
+                         l|=(((unsigned long)(*((c)++)))<<16),          \
+                         l|=(((unsigned long)(*((c)++)))<< 8),          \
+                         l|=(((unsigned long)(*((c)++)))    )           )
+# define HOST_l2c(l,c)  (*((c)++)=(unsigned char)(((l)>>24)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>>16)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)>> 8)&0xff),      \
+                         *((c)++)=(unsigned char)(((l)    )&0xff),      \
+                         l)
+
+#define P0(X) (X ^ ROTATE(X, 9) ^ ROTATE(X, 17))
+#define P1(X) (X ^ ROTATE(X, 15) ^ ROTATE(X, 23))
+
+#define FF(J,X,Y,Z) (J<16 ? (X ^ Y ^ Z) : ((X & Y) | (X & Z) | (Y & Z)))
+#define GG(J,X,Y,Z) (J<16 ? (X ^ Y ^ Z) : ((X & Y) | ((~X) & Z)))
+
+#define T(J) (J<16 ? 0x79cc4519 : 0x7a879d8a)
+
+#define EXPAND(W0,W7,W13,W3,W10) \
+    (P1(W0 ^ W7 ^ ROTATE(W13, 15)) ^ ROTATE(W3, 7) ^ W10)
+
+#define SM3_A 0x7380166fUL
+#define SM3_B 0x4914b2b9UL
+#define SM3_C 0x172442d7UL
+#define SM3_D 0xda8a0600UL
+#define SM3_E 0xa96f30bcUL
+#define SM3_F 0x163138aaUL
+#define SM3_G 0xe38dee4dUL
+#define SM3_H 0xb0fb0e4eUL
+
+#define SM3_MAKE_STRING(c, s)               \
+    do {                                    \
+        unsigned long ll;                   \
+        ll=(c)->A; (void)HOST_l2c(ll, (s)); \
+        ll=(c)->B; (void)HOST_l2c(ll, (s)); \
+        ll=(c)->C; (void)HOST_l2c(ll, (s)); \
+        ll=(c)->D; (void)HOST_l2c(ll, (s)); \
+        ll=(c)->E; (void)HOST_l2c(ll, (s)); \
+        ll=(c)->F; (void)HOST_l2c(ll, (s)); \
+        ll=(c)->G; (void)HOST_l2c(ll, (s)); \
+        ll=(c)->H; (void)HOST_l2c(ll, (s)); \
+    } while (0)
+
+void sm3_block_data_order(SM3_CTX *ctx, const void *p, size_t num) {
+    const unsigned char *data = p;
+    SM3_WORD A, B, C, D, E, F, G, H;
+    SM3_WORD w[68]={}, ww[64]={};
+    while (num--) {
+        A = ctx->A;
+        B = ctx->B;
+        C = ctx->C;
+        D = ctx->D;
+        E = ctx->E;
+        F = ctx->F;
+        G = ctx->G;
+        H = ctx->H;
+        for (int j = 0; j < 16; ++j) {
+            HOST_c2l(data, w[j]);
+        }
+        for (int j = 16; j < 68; ++j) {
+            w[j] = EXPAND(w[j-16], w[j-9], w[j-3], w[j-13], w[j-6]);
+        }
+        for (int j = 0; j < 64; ++j) {
+            ww[j] = w[j] ^ w[j+4];
+        }
+        for (int j = 0; j < 64; j++) {
+            SM3_WORD SS1, SS2, TT1, TT2;
+            SS1 = ROTATE(ROTATE(A, 12) + E + ROTATE(T(j), j&31), 7);
+            SS2 = SS1 ^ ROTATE(A, 12);
+            TT1 = FF(j, A, B, C) + D + SS2 + ww[j];
+            TT2 = GG(j, E, F, G) + H + SS1 + w[j];
+            D = C;
+            C = ROTATE(B,9);
+            B = A;
+            A = TT1;
+            H = G;
+            G = ROTATE(F, 19);
+            F = E;
+            E = P0(TT2);
+        }
+        ctx->A ^= A;
+        ctx->B ^= B;
+        ctx->C ^= C;
+        ctx->D ^= D;
+        ctx->E ^= E;
+        ctx->F ^= F;
+        ctx->G ^= G;
+        ctx->H ^= H;
+    }
+}
+
+int sm3_init(SM3_CTX *c) {
+    memset(c, 0, sizeof(*c));
+    c->A = SM3_A;
+    c->B = SM3_B;
+    c->C = SM3_C;
+    c->D = SM3_D;
+    c->E = SM3_E;
+    c->F = SM3_F;
+    c->G = SM3_G;
+    c->H = SM3_H;
+    return 1;
+}
+
+int sm3_update(SM3_CTX *c, const void *data_, size_t len) {
+    const unsigned char *data = data_;
+    unsigned char *p;
+    SM3_WORD l;
+    size_t n;
+    if (len == 0) return 1;
+    l = (c->Nl + (((SM3_WORD) len) << 3)) & 0xffffffffUL;
+    if (l < c->Nl) c->Nh++;
+    c->Nh += (SM3_WORD) (len >> 29); 
+    c->Nl = l;
+    n = c->num;
+    if (n != 0) {
+        p = (unsigned char *)c->data;
+        if (len >= SM3_CBLOCK || len + n >= SM3_CBLOCK) {
+            memcpy(p + n, data, SM3_CBLOCK - n);
+            sm3_block_data_order(c, p, 1);
+            n = SM3_CBLOCK - n;
+            data += n;
+            len -= n;
+            c->num = 0;
+            memset(p, 0, SM3_CBLOCK);
+        } 
+        else {
+            memcpy(p + n, data, len);
+            c->num += (unsigned int)len;
+            return 1;
+        }
+    }
+    n = len / SM3_CBLOCK;
+    if (n > 0) {
+        sm3_block_data_order(c, data, n);
+        n *= SM3_CBLOCK;
+        data += n;
+        len -= n;
+    }
+    if (len != 0) {
+        p = (unsigned char *)c->data;
+        c->num = (unsigned int)len;
+        memcpy(p, data, len);
+    }
+    return 1;
+}
+
+int sm3_final(unsigned char *md, SM3_CTX *c) {
+    unsigned char *p = (unsigned char *)c->data;
+    size_t n = c->num;
+    p[n] = 0x80;
+    n++;
+    if (n > (SM3_CBLOCK - 8)) {
+        memset(p + n, 0, SM3_CBLOCK - n);
+        n = 0;
+        sm3_block_data_order(c, p, 1);
+    }
+    memset(p + n, 0, SM3_CBLOCK - 8 - n);
+    p += SM3_CBLOCK - 8;
+    (void)HOST_l2c(c->Nh, p);
+    (void)HOST_l2c(c->Nl, p);
+    p -= SM3_CBLOCK;
+    sm3_block_data_order(c, p, 1);
+    c->num = 0;
+    SM3_MAKE_STRING(c, md);
+    return 1;
+}
+
+#endif
\ No newline at end of file
diff --git a/docker4secgear/encrypt/enclave/enclave/sm4.h b/docker4secgear/encrypt/enclave/enclave/sm4.h
new file mode 100644
index 00000000..39ec1e27
--- /dev/null
+++ b/docker4secgear/encrypt/enclave/enclave/sm4.h
@@ -0,0 +1,102 @@
+#ifndef SECGEAR_SM4_H
+#define SECGEAR_SM4_H
+
+#include <string.h>
+#include "common_utils.h"
+
+#define ENCRYPT 0
+#define DECRYPT 1
+const uint8 Sbox[256] = {
+    0xD6, 0x90, 0xE9, 0xFE, 0xCC, 0xE1, 0x3D, 0xB7, 0x16, 0xB6, 0x14, 0xC2, 0x28, 0xFB, 0x2C, 0x05, 
+    0x2B, 0x67, 0x9A, 0x76, 0x2A, 0xBE, 0x04, 0xC3, 0xAA, 0x44, 0x13, 0x26, 0x49, 0x86, 0x06, 0x99, 
+    0x9C, 0x42, 0x50, 0xF4, 0x91, 0xEF, 0x98, 0x7A, 0x33, 0x54, 0x0B, 0x43, 0xED, 0xCF, 0xAC, 0x62, 
+    0xE4, 0xB3, 0x1C, 0xA9, 0xC9, 0x08, 0xE8, 0x95, 0x80, 0xDF, 0x94, 0xFA, 0x75, 0x8F, 0x3F, 0xA6, 
+    0x47, 0x07, 0xA7, 0xFC, 0xF3, 0x73, 0x17, 0xBA, 0x83, 0x59, 0x3C, 0x19, 0xE6, 0x85, 0x4F, 0xA8, 
+    0x68, 0x6B, 0x81, 0xB2, 0x71, 0x64, 0xDA, 0x8B, 0xF8, 0xEB, 0x0F, 0x4B, 0x70, 0x56, 0x9D, 0x35, 
+    0x1E, 0x24, 0x0E, 0x5E, 0x63, 0x58, 0xD1, 0xA2, 0x25, 0x22, 0x7C, 0x3B, 0x01, 0x21, 0x78, 0x87, 
+    0xD4, 0x00, 0x46, 0x57, 0x9F, 0xD3, 0x27, 0x52, 0x4C, 0x36, 0x02, 0xE7, 0xA0, 0xC4, 0xC8, 0x9E, 
+    0xEA, 0xBF, 0x8A, 0xD2, 0x40, 0xC7, 0x38, 0xB5, 0xA3, 0xF7, 0xF2, 0xCE, 0xF9, 0x61, 0x15, 0xA1, 
+    0xE0, 0xAE, 0x5D, 0xA4, 0x9B, 0x34, 0x1A, 0x55, 0xAD, 0x93, 0x32, 0x30, 0xF5, 0x8C, 0xB1, 0xE3, 
+    0x1D, 0xF6, 0xE2, 0x2E, 0x82, 0x66, 0xCA, 0x60, 0xC0, 0x29, 0x23, 0xAB, 0x0D, 0x53, 0x4E, 0x6F, 
+    0xD5, 0xDB, 0x37, 0x45, 0xDE, 0xFD, 0x8E, 0x2F, 0x03, 0xFF, 0x6A, 0x72, 0x6D, 0x6C, 0x5B, 0x51, 
+    0x8D, 0x1B, 0xAF, 0x92, 0xBB, 0xDD, 0xBC, 0x7F, 0x11, 0xD9, 0x5C, 0x41, 0x1F, 0x10, 0x5A, 0xD8, 
+    0x0A, 0xC1, 0x31, 0x88, 0xA5, 0xCD, 0x7B, 0xBD, 0x2D, 0x74, 0xD0, 0x12, 0xB8, 0xE5, 0xB4, 0xB0, 
+    0x89, 0x69, 0x97, 0x4A, 0x0C, 0x96, 0x77, 0x7E, 0x65, 0xB9, 0xF1, 0x09, 0xC5, 0x6E, 0xC6, 0x84, 
+    0x18, 0xF0, 0x7D, 0xEC, 0x3A, 0xDC, 0x4D, 0x20, 0x79, 0xEE, 0x5F, 0x3E, 0xD7, 0xCB, 0x39, 0x48, 
+};
+const uint32 FK[4] = {
+    0xA3B1BAC6, 0x56AA3350, 0x677D9197, 0xB27022DC, 
+};
+const uint32 CK[32] = {
+    0x00070E15, 0x1C232A31, 0x383F464D, 0x545B6269, 
+    0x70777E85, 0x8C939AA1, 0xA8AFB6BD, 0xC4CBD2D9, 
+    0xE0E7EEF5, 0xFC030A11, 0x181F262D, 0x343B4249, 
+    0x50575E65, 0x6C737A81, 0x888F969D, 0xA4ABB2B9, 
+    0xC0C7CED5, 0xDCE3EAF1, 0xF8FF060D, 0x141B2229, 
+    0x30373E45, 0x4C535A61, 0x686F767D, 0x848B9299, 
+    0xA0A7AEB5, 0xBCC3CAD1, 0xD8DFE6ED, 0xF4FB0209, 
+    0x10171E25, 0x2C333A41, 0x484F565D, 0x646B7279, 
+};
+#define L(B) ((B) ^ (ROTATE((B), 2)) ^ (ROTATE((B), 10)) ^ (ROTATE((B), 18)) ^ (ROTATE((B), 24)))
+#define LP(B) ((B) ^ (ROTATE((B), 13)) ^ (ROTATE((B), 23)))
+#define S(X) (((uint32)Sbox[((X) >> 24) & 0xFF] << 24) | \
+              ((uint32)Sbox[((X) >> 16) & 0xFF] << 16) | \
+              ((uint32)Sbox[((X) >> 8) & 0xFF] << 8) |   \
+              ((uint32)Sbox[(X) & 0xFF]))
+#define T(X) L(S(X))
+#define TP(X) LP(S(X))
+#define F(X0, X1, X2, X3, rk) ((X0) ^ T((X1) ^ (X2) ^ (X3) ^ (rk))) 
+
+typedef struct sm4_ctx_st {
+    uint32 M[4];
+    uint32 rk[32];
+} SM4_CTX;
+
+int sm4_init(SM4_CTX *ctx, const uint32 *M, const uint32 *MK) {
+    memset(ctx, 0, sizeof(*ctx));
+    uint32 K[36];
+    memset(K, 0, sizeof(K));
+    int i;
+    for (i = 0; i < 4; ++i) {
+        K[i] = MK[i] ^ FK[i];
+        ctx->M[i] = M[i];
+    }
+    for (i = 0; i < 32; ++i) {
+        ctx->rk[i] = K[i+4] = K[i] ^ TP(K[i+1] ^ K[i+2] ^ K[i+3] ^ CK[i]);
+    }
+    return 1;
+}
+
+int sm4_round(SM4_CTX *ctx, int crypt_flag) {
+    int offset = (crypt_flag ? 31 : 0), i;
+    uint32 X[36];
+    memset(X, 0, sizeof(X));
+    for (i = 0; i < 4; ++i) {
+        X[i] = ctx->M[i];
+    }
+    for (i = 0; i < 32; ++i) {
+        X[i+4] = F(X[i], X[i+1], X[i+2], X[i+3], ctx->rk[i^offset]);
+    }
+    ctx->M[0] = X[35];
+    ctx->M[1] = X[34];
+    ctx->M[2] = X[33];
+    ctx->M[3] = X[32];
+    return 1;
+}
+
+int sm4_encrypt(SM4_CTX *ctx) {
+    return sm4_round(ctx, ENCRYPT);
+}
+
+int sm4_decrypt(SM4_CTX *ctx) {
+    return sm4_round(ctx, DECRYPT);
+}
+
+int sm4_final(uint32 *out, SM4_CTX *ctx) {
+    if (!memcpy(out, ctx->M, sizeof(ctx->M))) {
+        return 0;
+    }
+    return 1;
+}
+
+#endif
\ No newline at end of file
-- 
Gitee


From 41b1bed492fdef840c51fad6bfca3aca341ee89d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Sun, 13 Nov 2022 12:34:30 +0000
Subject: [PATCH 30/44] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20do?=
 =?UTF-8?q?cker4secgear/encrypt/enclave/enclave/.keep?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docker4secgear/encrypt/enclave/enclave/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 delete mode 100644 docker4secgear/encrypt/enclave/enclave/.keep

diff --git a/docker4secgear/encrypt/enclave/enclave/.keep b/docker4secgear/encrypt/enclave/enclave/.keep
deleted file mode 100644
index e69de29b..00000000
-- 
Gitee


From f2674b6be4d66d6e7dc3a2fb76898607285698ed Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Sun, 13 Nov 2022 12:37:40 +0000
Subject: [PATCH 31/44] host
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 周诏盟 <zhaomeng@isrc.iscas.ac.cn>
---
 .../encrypt/enclave/host/CMakeLists.txt       |  85 +++++++
 docker4secgear/encrypt/enclave/host/db.sh     |  29 +++
 docker4secgear/encrypt/enclave/host/dbend.sh  |  23 ++
 docker4secgear/encrypt/enclave/host/main.c    | 230 ++++++++++++++++++
 4 files changed, 367 insertions(+)
 create mode 100644 docker4secgear/encrypt/enclave/host/CMakeLists.txt
 create mode 100644 docker4secgear/encrypt/enclave/host/db.sh
 create mode 100644 docker4secgear/encrypt/enclave/host/dbend.sh
 create mode 100644 docker4secgear/encrypt/enclave/host/main.c

diff --git a/docker4secgear/encrypt/enclave/host/CMakeLists.txt b/docker4secgear/encrypt/enclave/host/CMakeLists.txt
new file mode 100644
index 00000000..2ba74ff8
--- /dev/null
+++ b/docker4secgear/encrypt/enclave/host/CMakeLists.txt
@@ -0,0 +1,85 @@
+# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+# secGear is licensed under the Mulan PSL v2.
+# You can use this software according to the terms and conditions of the Mulan PSL v2.
+# You may obtain a copy of Mulan PSL v2 at:
+#     http://license.coscl.org.cn/MulanPSL2
+# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+# PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+#set auto code prefix
+set(PREFIX enclave)
+#set host exec name
+set(OUTPUT secgear_enclave)
+#set host src code
+set(SOURCE_FILE ${CMAKE_CURRENT_SOURCE_DIR}/main.c)
+
+#set auto code
+if(CC_GP)
+    set(AUTO_FILES  ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h)
+    add_custom_command(OUTPUT ${AUTO_FILES}
+    DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE}
+    COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp)
+endif()
+    
+if(CC_SGX)
+    set(AUTO_FILES  ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c)
+    add_custom_command(OUTPUT ${AUTO_FILES}
+    DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE}
+    COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx  --search-path ${SGXSDK}/include)
+endif()
+
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-error -fPIE")
+set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS}  -s")
+
+if(CC_GP)
+    if(${CMAKE_VERSION} VERSION_LESS "3.13.0")
+        link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
+    endif()
+    add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES})
+    target_include_directories(${OUTPUT} PRIVATE  
+                    ${LOCAL_ROOT_PATH}/inc/host_inc
+                    ${LOCAL_ROOT_PATH}/inc/host_inc/gp
+                    ${CMAKE_CURRENT_BINARY_DIR})
+    if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0")
+        target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
+    endif()
+endif()
+
+if(CC_SGX)
+    if(${CMAKE_VERSION} VERSION_LESS "3.13.0")
+        link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
+    endif()
+    add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES})
+    target_include_directories(${OUTPUT} PRIVATE
+			${LOCAL_ROOT_PATH}/inc/host_inc 
+			${LOCAL_ROOT_PATH}/inc/host_inc/sgx
+			${CMAKE_CURRENT_BINARY_DIR})
+    if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0")
+        target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
+    endif()
+endif()
+
+if(CC_SIM)
+    target_link_libraries(${OUTPUT} secgearsim)
+else()
+    target_link_libraries(${OUTPUT} secgear)
+endif()
+set_target_properties(${OUTPUT} PROPERTIES SKIP_BUILD_RPATH TRUE)
+
+if(CC_GP)
+	#itrustee install whitelist /vender/bin/teec_hello 
+	install(TARGETS  ${OUTPUT}
+        	RUNTIME
+        	DESTINATION /vendor/bin/
+       	 	PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ)  
+endif()
+
+if(CC_SGX)
+	install(TARGETS  ${OUTPUT}
+        	RUNTIME
+        	DESTINATION ${CMAKE_BINARY_DIR}/bin/
+       	 	PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ)  
+endif()
+	
diff --git a/docker4secgear/encrypt/enclave/host/db.sh b/docker4secgear/encrypt/enclave/host/db.sh
new file mode 100644
index 00000000..30f650ae
--- /dev/null
+++ b/docker4secgear/encrypt/enclave/host/db.sh
@@ -0,0 +1,29 @@
+#! /bin/bash
+#test
+echo "read start"
+echo ""
+
+docker -v
+echo "docker start"
+echo "========================================================"
+systemctl start docker
+docker ps -a
+echo "container start"
+echo "========================================================"
+docker start opengauss
+docker ps -a
+docker exec -it opengauss sh
+echo "container stop"
+echo "========================================================"
+docker stop opengauss
+docker ps -a
+
+
+echo "grinfo copy to host and wait to settle"
+sudo cp /var/lib/docker/volumes/dbvol/_data/omm/grinfo  /opt/secGear/debug/examples/helloworld/host
+sudo chmod 777 /opt/secGear/debug/examples/helloworld/host/grinfo
+
+
+echo ""
+echo "read stop"
+
diff --git a/docker4secgear/encrypt/enclave/host/dbend.sh b/docker4secgear/encrypt/enclave/host/dbend.sh
new file mode 100644
index 00000000..8c11f0ac
--- /dev/null
+++ b/docker4secgear/encrypt/enclave/host/dbend.sh
@@ -0,0 +1,23 @@
+#! /bin/bash
+#test
+echo "write start"
+echo ""
+
+echo "grinfo copy to docker and wait to wirte"
+sudo docker cp grinfo opengauss:/home/omm
+echo "container start"
+echo "========================================================"
+docker start opengauss
+docker ps -a
+docker exec -it opengauss sh
+
+echo "container stop"
+echo "========================================================"
+docker stop opengauss
+docker ps -a
+echo "docker stop"
+echo "========================================================"
+systemctl stop docker
+
+echo ""
+echo "write stop"
diff --git a/docker4secgear/encrypt/enclave/host/main.c b/docker4secgear/encrypt/enclave/host/main.c
new file mode 100644
index 00000000..47c142b3
--- /dev/null
+++ b/docker4secgear/encrypt/enclave/host/main.c
@@ -0,0 +1,230 @@
+/*
+ * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+ * secGear is licensed under the Mulan PSL v2.
+ * You can use this software according to the terms and conditions of the Mulan PSL v2.
+ * You may obtain a copy of Mulan PSL v2 at:
+ *     http://license.coscl.org.cn/MulanPSL2
+ * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+ * PURPOSE.
+ * See the Mulan PSL v2 for more details.
+ */
+
+#include <stdio.h>
+#include <unistd.h>
+#include <string.h>
+#include <stdlib.h>
+#include "enclave.h"
+#include "enclave_u.h"
+#define MAXLEN 64
+#define idoffset 41
+#define phoneoffset  74
+
+
+
+/**
+* 从文件中读取字符串，加密字符串小于32B，解密字符串（16进制）小于64B
+*/
+int readStrFromFile(char *filename, char *str,int offset) {
+	FILE *fp = fopen(filename, "r");
+	if(fp == NULL) {
+		printf("打开文件出错，请确认文件存在当前目录下！\n");
+		exit(0);
+	}
+	
+	int val=1;
+	char sym[4]={'C','O','P','Y'};
+	char temp[150];
+	memset(temp,'0',sizeof(temp));
+	while(1)
+	{
+		fgets(temp,150,fp);
+		val=strncmp(sym,temp,4);
+		if(val==0)
+		  break;
+	}
+	memset(temp,'0',sizeof(temp));
+	fgets(temp,150,fp);
+	char t[32];
+	for(int i=offset;i<(offset+32);i++)//id:41~73,phone:74~106
+	{
+		if(temp[i]==' ')  break;
+		t[i-offset]=temp[i];
+	}
+	
+	strncpy(str,t,strlen(t));
+	fclose(fp);
+	return 0;
+}
+
+/**
+ * 把字符串写进文件
+ */
+void writeStrToFile(unsigned char *str, char *filename,int offset) {
+	FILE *fp;
+	fp = fopen(filename, "r+");
+	char temp[100];
+	for(int i=0;i<1;)
+	{
+		while(fgetc(fp)!='\n')
+		i++;
+	}
+	fprintf(fp,"\ndrop table grinfo;      \n");//写回数据时对原有数据表清除，防止表内数据不唯一出现差错
+	
+	int val=1;
+	char sym[4]={'C','O','P','Y'};
+	memset(temp,'0',sizeof(temp));
+	while(1)
+	{
+		fgets(temp,100,fp);
+		val=strncmp(sym,temp,4);
+		if(val==0)
+		  break;
+	}
+	int size=ftell (fp);//返回文件指针相对于起始位置的偏移量
+	memset(temp,'0',sizeof(temp));
+	fgets(temp,100,fp);
+	size=size+offset;//id:offset 40,phone:offset 73
+	fseek(fp,size,SEEK_SET);//根据文件指针的位置和偏移量来定位文件指针
+	
+	
+	for(int i = 0; i < 16; i++)
+	{
+		fprintf(fp,"%02x",str[i]);
+	}
+	fclose(fp);
+}
+
+
+int main()
+{
+    int  retval = 0;
+    char *path = PATH;
+    unsigned char buf[80];
+    int rvalue;
+    char name[20];
+    char psw[56];
+    char fname[17];//文件名
+    char info[31];//文件中要加密信息
+    char cipher[64];//文件中要解密信息
+    int tag;
+    cc_enclave_t *context = NULL;
+    cc_enclave_result_t res;
+    cc_enclave_result_t rres;
+
+    printf("Create secgear enclave\n");
+
+    
+	res = cc_enclave_create(path, AUTO_ENCLAVE_TYPE, 0, SECGEAR_DEBUG_FLAG, NULL, 0, &context);
+    if (res != CC_SUCCESS) {
+        printf("Create enclave error\n");
+        return res;
+    }
+    
+	//清空原内存中数据
+	/*memset(fname,'0',sizeof(fname));
+	memset(info,'0',sizeof(info));
+	memset(cipher,'0',sizeof(cipher));*/
+	
+
+	//SM3生成存储密钥
+	printf("请输入用户名:\n");//获得用户名
+	gets(name);
+    transname(context,name);
+    printf("请输入密码 :\n");//获得用户密码
+	gets(psw);
+    transpsw(context,psw);
+    sm3(context);
+    printf("加密成功！密文如下：\n");
+    res = get_string(context, &retval, buf);
+    if (res != CC_SUCCESS || retval != (int)CC_SUCCESS) {
+        printf("Ecall enclave error\n");
+    } 
+    else {
+		for(int i=0;i<16;i++)
+		{
+			printf("%02x",buf[i]);
+		}
+		printf("\n");
+    }
+    
+    system("./db.sh");//通过脚本登陆数据库获取个人信息进行复制提取工作
+    
+
+    //SM4对文件加解密
+    printf("选择加密输入1，选择解密输入2：");
+    scanf("%d",&tag);
+    char gg=getchar();//取走缓存区的回车符
+    int offset,len;
+    if(tag==1){
+    	printf("请输入要加密的文件名：（该文件必须和本程序在同一目录）\n");//传输要加密的用户信息
+    	gets(fname);
+    	printf("\n");
+    	for(int i=0;i<2;i++)
+    	{
+    		if(i==0)
+    			offset=idoffset;
+    		else
+    			offset=phoneoffset;
+    		readStrFromFile(fname,info,offset);//取出要加密字符串
+    		printf("将要加密的信息：\n");
+    		puts(info);
+    		len=strlen(info);//识别要机密字符串长度
+    		transinfo(context,info);//传送到安全区进行加密
+    		sm4crypt(context,len);
+    		printf("加密成功！密文如下：\n");
+    		res = get_string(context, &retval, buf);    
+    		if (res != CC_SUCCESS || retval != (int)CC_SUCCESS) {
+        		printf("Ecall enclave error\n");
+    		} else {
+				for(int i=0;i<strlen(buf);i++)
+				{
+					printf("%02x",buf[i]);//输出将无符号字符串以16进制形式输出
+				}
+				printf("\n");
+    		}
+    		printf("密文将写回原文件中！\n");
+    		writeStrToFile(buf,fname,offset);
+    		printf("第%d加密写回完成！\n\n",i+1);
+    	}
+    }
+    else if(tag==2){
+    	printf("请输入要解密的文件名：（该文件必须和本程序在同一目录）\n");
+    	gets(fname);
+    	printf("\n");
+    	for(int i=0;i<2;i++)
+    	{
+    		if(i==0)
+    			offset=idoffset;
+    		else
+    			offset=phoneoffset;
+    		readStrFromFile(fname,cipher,offset);//取出要解密的字符串
+    		transcipher(context,cipher);//传送到安全区解密
+    		desm4crypt(context);
+    		printf("第%d解密成功！明文如下：\n",i+1);
+    		res = get_string(context, &retval, buf);
+    		if (res != CC_SUCCESS || retval != (int)CC_SUCCESS) {
+        		printf("Ecall enclave error\n");
+    		} else {
+    		for(int i=0;i<strlen(buf);i++)
+			{
+				printf("%c",buf[i]);//输出将无符号字符串以16进制形式输出
+			}
+			rres=get_int(context,&rvalue);
+			printf("\n明文长度为：%d",rvalue);
+			printf("\n\n");
+    		}
+    	}
+    }
+    
+    //操作结束，将修改文件写回数据库
+    system("./dbend.sh");
+    
+    if (context != NULL) {
+        res = cc_enclave_destroy(context);
+        if(res != CC_SUCCESS) {
+            printf("Destroy enclave error\n");
+        }
+    }
+    return res;
+}
-- 
Gitee


From d1c62e8c303c9ae757b29c7b59fd92bf77474230 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Sun, 13 Nov 2022 12:37:46 +0000
Subject: [PATCH 32/44] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20do?=
 =?UTF-8?q?cker4secgear/encrypt/enclave/host/.keep?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docker4secgear/encrypt/enclave/host/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 delete mode 100644 docker4secgear/encrypt/enclave/host/.keep

diff --git a/docker4secgear/encrypt/enclave/host/.keep b/docker4secgear/encrypt/enclave/host/.keep
deleted file mode 100644
index e69de29b..00000000
-- 
Gitee


From 096e45f82fb4cc127aeec85c5be0234b5d6247b8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Sun, 13 Nov 2022 12:38:24 +0000
Subject: [PATCH 33/44] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20enclabe?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docker4secgear/verify/enclabe/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 docker4secgear/verify/enclabe/.keep

diff --git a/docker4secgear/verify/enclabe/.keep b/docker4secgear/verify/enclabe/.keep
new file mode 100644
index 00000000..e69de29b
-- 
Gitee


From 28db392a1f6f34abe3f1745c79eaac608cd2b5a1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Sun, 13 Nov 2022 12:38:33 +0000
Subject: [PATCH 34/44] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20enclave?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docker4secgear/verify/enclave/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 docker4secgear/verify/enclave/.keep

diff --git a/docker4secgear/verify/enclave/.keep b/docker4secgear/verify/enclave/.keep
new file mode 100644
index 00000000..e69de29b
-- 
Gitee


From 3338ed9035e53f30e800af36b4a08d6733081ffd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Sun, 13 Nov 2022 12:38:40 +0000
Subject: [PATCH 35/44] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20do?=
 =?UTF-8?q?cker4secgear/verify/enclabe?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docker4secgear/verify/enclabe/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 delete mode 100644 docker4secgear/verify/enclabe/.keep

diff --git a/docker4secgear/verify/enclabe/.keep b/docker4secgear/verify/enclabe/.keep
deleted file mode 100644
index e69de29b..00000000
-- 
Gitee


From 6b6248d650c4b6759416eb911fe501686526ee7e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Sun, 13 Nov 2022 12:38:49 +0000
Subject: [PATCH 36/44] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20enclave?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docker4secgear/verify/enclave/enclave/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 docker4secgear/verify/enclave/enclave/.keep

diff --git a/docker4secgear/verify/enclave/enclave/.keep b/docker4secgear/verify/enclave/enclave/.keep
new file mode 100644
index 00000000..e69de29b
-- 
Gitee


From 794e644d679e236ec59334765df8ba72d3340c7c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Sun, 13 Nov 2022 12:38:57 +0000
Subject: [PATCH 37/44] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20host?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docker4secgear/verify/enclave/host/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 docker4secgear/verify/enclave/host/.keep

diff --git a/docker4secgear/verify/enclave/host/.keep b/docker4secgear/verify/enclave/host/.keep
new file mode 100644
index 00000000..e69de29b
-- 
Gitee


From 7f84a7149b6c11739b933b87395d4a342bb57ec7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Sun, 13 Nov 2022 12:39:05 +0000
Subject: [PATCH 38/44] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20do?=
 =?UTF-8?q?cker4secgear/verify/enclave/.keep?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docker4secgear/verify/enclave/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 delete mode 100644 docker4secgear/verify/enclave/.keep

diff --git a/docker4secgear/verify/enclave/.keep b/docker4secgear/verify/enclave/.keep
deleted file mode 100644
index e69de29b..00000000
-- 
Gitee


From 60b09e04f502817819b79863468720839081af48 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Sun, 13 Nov 2022 12:39:21 +0000
Subject: [PATCH 39/44] enclave
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 周诏盟 <zhaomeng@isrc.iscas.ac.cn>
---
 docker4secgear/verify/enclave/.DS_Store      | Bin 0 -> 6148 bytes
 docker4secgear/verify/enclave/CMakeLists.txt |  38 +++++++++++++++++++
 docker4secgear/verify/enclave/enclave.edl    |  28 ++++++++++++++
 3 files changed, 66 insertions(+)
 create mode 100644 docker4secgear/verify/enclave/.DS_Store
 create mode 100644 docker4secgear/verify/enclave/CMakeLists.txt
 create mode 100644 docker4secgear/verify/enclave/enclave.edl

diff --git a/docker4secgear/verify/enclave/.DS_Store b/docker4secgear/verify/enclave/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..df5e54687d8fa32b7fa9c55f53a9e9493cda0f96
GIT binary patch
literal 6148
zcmeHK&2G~`5T0!fb%KB#5cIegZc&xAQ6&xqlZHbjkdTbv0I0QNtFdsrQS3A=A;{v&
z6TnOG5F8K>fOrZd-T-EHSHX4waVdgoN1FY1cYap;O}v{00M?xZZGZ*<*r<e79h;vB
z*-4jVMbBJDWHLtxcOillGE^gm0mHz*&H#P8mtYs}fd|i^`2B9+S9}cFUM%{4EPV8%
zL*h2-#y2V016aeD1o{wT{1Jo|?{~lV_NVDc=l<xA;wa5pt<P*_)jD^6&9>`y{bK#8
zI}lSh^Rh|W^~R5Bbl=MczV1H|B3|@8|6vqP_ZwGsMUr_@5{_kX6olyV<WZCaV%imx
zBuHf*R~c-(X4m!`>$6#>z1igL&i1^?XE!!mP2Snsp3iIcwd?Jjy@TP&^Vy5}%Qte{
z!0^D6LIf7&Ee<NA#D{ISFNP!K_Ug;B$58Zong}{+Ki%AVPefPp3`Ot<UZX*AwXd{j
zCC`yNPGXT9qJ?&0!2kpu+U4T0*Jvx2df|6g%eL5HxnNg66iKR-irrGBTEte0v}7-r
zhhyp=1*jB;Y^N#uCv0Ch%|%RZ!+>Gnzhr>U2aZbUXv`JLqXQfH1VFTKS_<~*Zvw?|
zjgH1#AzDzF3Pn_*Og}N03deb_{Tz+CLKO~7KR%dVnduh_ldEHXF5Q7S3QcPmFbtF#
zSXILY-T!xf{r)cpnUP_@FmR?AU{=rVb#Y7jZe7|O-L)L`0F{LNa)mMk8+{$i4qe6T
cs8Z0zse|Zf%oXAciuofTX)ujp;IA_99cE+kegFUf

literal 0
HcmV?d00001

diff --git a/docker4secgear/verify/enclave/CMakeLists.txt b/docker4secgear/verify/enclave/CMakeLists.txt
new file mode 100644
index 00000000..b7d578a6
--- /dev/null
+++ b/docker4secgear/verify/enclave/CMakeLists.txt
@@ -0,0 +1,38 @@
+# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+# secGear is licensed under the Mulan PSL v2.
+# You can use this software according to the terms and conditions of the Mulan PSL v2.
+# You may obtain a copy of Mulan PSL v2 at:
+#     http://license.coscl.org.cn/MulanPSL2
+# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+# PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+cmake_minimum_required(VERSION 3.10 FATAL_ERROR)
+project(enclave)
+
+set(CMAKE_C_STANDARD 99)
+
+set(CURRENT_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR})
+
+#set edl name
+set(EDL_FILE enclave.edl)
+#set(LOCAL_ROOT_PATH "$ENV{CC_SDK}")
+#set(SECGEAR_INSTALL_PATH /usr/lib64/)
+
+if(CC_GP)
+    set(CODETYPE trustzone)
+    set(CODEGEN codegen_arm64)
+    execute_process(COMMAND uuidgen -r OUTPUT_VARIABLE UUID)
+    string(REPLACE "\n" "" UUID ${UUID})
+    add_definitions(-DPATH="/data/${UUID}.sec")
+endif()
+
+if(CC_SGX)
+    set(CODETYPE sgx)
+	set(CODEGEN codegen_x86_64)
+    add_definitions(-DPATH="${CMAKE_CURRENT_BINARY_DIR}/enclave/enclave.signed.so")
+endif()
+
+add_subdirectory(${CURRENT_ROOT_PATH}/enclave)
+add_subdirectory(${CURRENT_ROOT_PATH}/host)
diff --git a/docker4secgear/verify/enclave/enclave.edl b/docker4secgear/verify/enclave/enclave.edl
new file mode 100644
index 00000000..b9f61710
--- /dev/null
+++ b/docker4secgear/verify/enclave/enclave.edl
@@ -0,0 +1,28 @@
+enclave {
+	include "secgear_urts.h"
+    from "secgear_tstdc.edl" import *;
+
+    trusted {
+		public void setRSAsource([in, size=len] char* src, size_t len);
+		public void getRSAresult([out, size=len] char* buf, size_t len);
+		public void calcEmbeddingResult();
+		public void initKeys([in] uint32_t *src);
+		public void registerSeed([in] uint32_t *src);
+		public void setKeys([in,count=2] uint32_t *K);
+		public void getKeys([out,count=2] uint32_t *K);
+		public void setD([in, size=len] char* src, size_t len);
+		public void setCD([in, size=len] char* src, size_t len);
+		public void setN([in, size=len] char* src, size_t len);
+		public void getCD([out, size=len] char* buf, size_t len);
+		public void getX([out, size=len] char* buf, size_t len);
+		public void getMu([out, size=len] char* buf, size_t len);
+		public void getK([out, size=len] char* buf, size_t len);
+		public void getNWID([out, size=len] char* buf, size_t len);
+		public void setNPW([in, size=len] char* src, size_t len);
+
+    };
+
+    untrusted {
+
+    };
+};
-- 
Gitee


From c5bac060c17c46ed11fed089fffb79dee0379f90 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Sun, 13 Nov 2022 12:39:59 +0000
Subject: [PATCH 40/44] enclave
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 周诏盟 <zhaomeng@isrc.iscas.ac.cn>
---
 .../verify/enclave/enclave/.DS_Store          | Bin 0 -> 6148 bytes
 .../verify/enclave/enclave/CMakeLists.txt     | 162 ++++
 .../verify/enclave/enclave/Enclave.config.xml |  12 +
 .../verify/enclave/enclave/Enclave.lds        |  11 +
 .../verify/enclave/enclave/enclave.cpp        | 705 ++++++++++++++++++
 .../verify/enclave/enclave/manifest.txt.in    |   8 +
 .../enclave/enclave/rsa_public_key_cloud.pem  |  11 +
 7 files changed, 909 insertions(+)
 create mode 100644 docker4secgear/verify/enclave/enclave/.DS_Store
 create mode 100644 docker4secgear/verify/enclave/enclave/CMakeLists.txt
 create mode 100644 docker4secgear/verify/enclave/enclave/Enclave.config.xml
 create mode 100644 docker4secgear/verify/enclave/enclave/Enclave.lds
 create mode 100644 docker4secgear/verify/enclave/enclave/enclave.cpp
 create mode 100644 docker4secgear/verify/enclave/enclave/manifest.txt.in
 create mode 100644 docker4secgear/verify/enclave/enclave/rsa_public_key_cloud.pem

diff --git a/docker4secgear/verify/enclave/enclave/.DS_Store b/docker4secgear/verify/enclave/enclave/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..94e84638876e8a16ea214fdd5c3ae3defb164e68
GIT binary patch
literal 6148
zcmeHK%Sr<=6g?R$R0>*LbtB9d6#Rp+whKX5en9QZGC1uN+e+QdANhT*^xWi9oSC{6
zD)++8$?M!CCt)%H;CkEXHP8moqzgu8Ob(c|i`OjDnp2|lF=n_&iZwQLvtv*|_U;_F
zc)$oR__=>w?&1!cyDXoKvwX~ca!79I-7jy<0hbtHi3u|D-^lMWpR?wf=U~p#4hv+J
z7$21wty+u>Q>@D@cU56sF!G2ar5tPK&z#Pfqo!C^*q;@42e0IeFvJR5j5+_5Gaq^l
z-iflJoGnvETQUBk950$z;<0FE3YY?>z|kncJ6o*T3TUY*U<#N5dj;hC5Yq({#Uh~p
zbTIKx0AhpH-k6u)MB&7WiDD6uEi@OX#6WfW#BhPm`dIrVibcRchttQ0(~+INP@Er~
z@nhc|E(vI<DPRhe6*vjSw%q@N-{1dbl9fyWQ{Z1I;2QnMeveDiyS27Bxoczk6J1RD
n6#@4YX8cvmzH$|J=-yZ#ONN*z76Dm9vmXI3gC(ZGpDOSTMrvMk

literal 0
HcmV?d00001

diff --git a/docker4secgear/verify/enclave/enclave/CMakeLists.txt b/docker4secgear/verify/enclave/enclave/CMakeLists.txt
new file mode 100644
index 00000000..17c5826f
--- /dev/null
+++ b/docker4secgear/verify/enclave/enclave/CMakeLists.txt
@@ -0,0 +1,162 @@
+# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+# secGear is licensed under the Mulan PSL v2.
+# You can use this software according to the terms and conditions of the Mulan PSL v2.
+# You may obtain a copy of Mulan PSL v2 at:
+#     http://license.coscl.org.cn/MulanPSL2
+# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+# PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+#set auto code prefix
+set(PREFIX enclave)
+
+set(CMAKE_CXX_STANDARD 11)
+#set sign key
+set(PEM Enclave_private.pem)
+
+#set sign tool
+set(SIGN_TOOL ${LOCAL_ROOT_PATH}/tools/sign_tool/sign_tool.sh)
+
+#set enclave src code
+set(SOURCE_FILES ${CMAKE_CURRENT_SOURCE_DIR}/enclave.cpp)
+
+#set log level
+set(PRINT_LEVEL 3)
+add_definitions(-DPRINT_LEVEL=${PRINT_LEVEL})
+
+if(CC_GP)
+    #set signed output
+    set(OUTPUT ${UUID}.sec)
+    #set itrustee device key
+    set(DEVICEPEM ${CMAKE_CURRENT_SOURCE_DIR}/rsa_public_key_cloud.pem)
+    #set whilelist. default: /vendor/bin/teec_hello
+    set(WHITE_LIST_0 /vendor/bin/enclave)
+    set(WHITE_LIST_OWNER root)
+    set(WHITE_LIST_1 /vendor/bin/secgear_enclave)
+    set(WHITELIST WHITE_LIST_0 WHITE_LIST_1)
+
+    set(AUTO_FILES  ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h)
+    add_custom_command(OUTPUT ${AUTO_FILES}
+    DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE}
+    COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp)
+endif()
+
+if(CC_SGX)
+    set(OUTPUT enclave.signed.so)
+    set(AUTO_FILES  ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c)
+    add_custom_command(OUTPUT ${AUTO_FILES}
+    DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE}
+    COMMAND ${CODEGEN} --${CODETYPE} --trusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx --search-path ${SGXSDK}/include)
+endif()
+
+set(COMMON_C_FLAGS "-W -Wall  -fno-short-enums  -fno-omit-frame-pointer -fstack-protector \
+	-Wstack-protector --param ssp-buffer-size=4 -frecord-gcc-switches -Wextra -nostdinc -nodefaultlibs \
+	-fno-peephole -fno-peephole2 -Wno-main -Wno-error=unused-parameter \
+        -Wno-error=unused-but-set-variable -Wno-error=format-truncation=")
+
+set(COMMON_C_LINK_FLAGS "-Wl,-z,now -Wl,-z,relro -Wl,-z,noexecstack -Wl,-nostdlib -nodefaultlibs -nostartfiles")
+set(COMMON_CXX_FLAGS "${COMMON_C_FLAGS}")
+
+if(CC_GP)
+    configure_file("${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt.in" "${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt")
+
+    set(CMAKE_C_FLAGS "${COMMON_C_FLAGS}  -march=armv8-a ")
+    set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS}  -s -fPIC")
+    set(CMAKE_SHARED_LINKER_FLAGS  "${COMMON_C_LINK_FLAGS} -Wl,-s")
+    
+    set(ITRUSTEE_TEEDIR ${iTrusteeSDK}/)
+    set(ITRUSTEE_LIBC ${iTrusteeSDK}/thirdparty/open_source/musl/libc)
+
+    if(${CMAKE_VERSION} VERSION_LESS "3.13.0")
+        link_directories(${SECGEAR_INSTALL_PATH})
+    endif()
+
+    add_library(${PREFIX} SHARED ${SOURCE_FILES} ${AUTO_FILES})
+
+    target_include_directories( ${PREFIX} PRIVATE
+	${CMAKE_CURRENT_BINARY_DIR}
+	${LOCAL_ROOT_PATH}/inc/host_inc
+	${LOCAL_ROOT_PATH}/inc/host_inc/gp
+	${LOCAL_ROOT_PATH}/inc/enclave_inc
+	${LOCAL_ROOT_PATH}/inc/enclave_inc/gp
+	${ITRUSTEE_TEEDIR}/include/TA
+	${ITRUSTEE_TEEDIR}/include/TA/huawei_ext
+	${ITRUSTEE_LIBC}/arch/aarch64
+	${ITRUSTEE_LIBC}/
+	${ITRUSTEE_LIBC}/arch/arm/bits
+	${ITRUSTEE_LIBC}/arch/generic
+	${ITRUSTEE_LIBC}/arch/arm
+	${LOCAL_ROOT_PATH}/inc/enclave_inc/gp/itrustee)
+
+    if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0")
+        target_link_directories(${PREFIX} PRIVATE ${SECGEAR_INSTALL_PATH})
+    endif()
+
+    foreach(WHITE_LIST ${WHITELIST})
+	    add_definitions(-D${WHITE_LIST}="${${WHITE_LIST}}")
+    endforeach(WHITE_LIST)
+    add_definitions(-DWHITE_LIST_OWNER="${WHITE_LIST_OWNER}")
+
+    target_link_libraries(${PREFIX} -lsecgear_tee)
+
+    add_custom_command(TARGET ${PREFIX}
+	      POST_BUILD
+              COMMAND bash ${SIGN_TOOL} -d sign -x trustzone -i /home/sunny/secGear/debug/lib/lib${PREFIX}.so -c ${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt -m ${CMAKE_CURRENT_SOURCE_DIR}/config_cloud.ini
+	      		-o ${CMAKE_CURRENT_BINARY_DIR}/${OUTPUT})
+
+    install(FILES ${CMAKE_CURRENT_BINARY_DIR}/${OUTPUT}  
+        DESTINATION /data
+        PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ GROUP_EXECUTE  WORLD_READ  WORLD_EXECUTE)
+
+endif()
+
+if(CC_SGX)
+    set(SGX_DIR ${SGXSDK})
+    set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -m64 -fvisibility=hidden")
+    set(CMAKE_CXX_FLAGS "${CMAKE_C_FLAGS} -std=c++11 -O2 -nostdinc++")
+    set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS}  -s")
+    set(LINK_LIBRARY_PATH ${SGX_DIR}/lib64)
+
+    if(CC_SIM)
+        set(Trts_Library_Name sgx_trts_sim)
+        set(Service_Library_Name sgx_tservice_sim)
+    else()
+        set(Trts_Library_Name sgx_trts)
+        set(Service_Library_Name sgx_tservice)
+    endif()
+
+    set(Crypto_Library_Name sgx_tcrypto)
+
+    set(CMAKE_SHARED_LINKER_FLAGS  "${COMMON_C_LINK_FLAGS} -Wl,-z,defs -Wl,-pie -Bstatic -Bsymbolic -eenclave_entry \
+		-Wl,--export-dynamic -Wl,--defsym,__ImageBase=0 -Wl,--gc-sections -Wl,--version-script=${CMAKE_CURRENT_SOURCE_DIR}/Enclave.lds")
+
+    if(${CMAKE_VERSION} VERSION_LESS "3.13.0") 
+        link_directories(${LINK_LIBRARY_PATH})
+    endif()
+
+    add_library(${PREFIX}  SHARED ${SOURCE_FILES} ${AUTO_FILES})
+
+    target_include_directories(${PREFIX} PRIVATE
+	    ${CMAKE_CURRENT_BINARY_DIR}
+	    ${SGX_DIR}/include/tlibc
+	    ${SGX_DIR}/include/libcxx
+	    ${SGX_DIR}/include
+	    ${LOCAL_ROOT_PATH}/inc/host_inc
+	    ${LOCAL_ROOT_PATH}/inc/host_inc/sgx)
+    
+    if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") 
+        target_link_directories(${PREFIX} PRIVATE
+	        ${LINK_LIBRARY_PATH})
+    endif()
+
+    target_link_libraries(${PREFIX}  -Wl,--whole-archive ${Trts_Library_Name} -Wl,--no-whole-archive 
+    		-Wl,--start-group -lsgx_tstdc -lsgx_tcxx -l${Crypto_Library_Name} -l${Service_Library_Name}   -Wl,--end-group)
+    add_custom_command(TARGET ${PREFIX} 
+    POST_BUILD
+    COMMAND umask 0177
+    COMMAND openssl genrsa -3 -out ${PEM} 3072
+    COMMAND bash ${SIGN_TOOL} -d sign -x sgx -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -k ${PEM} -o ${OUTPUT} -c ${CMAKE_CURRENT_SOURCE_DIR}/Enclave.config.xml)
+endif()
+
+set_target_properties(${PREFIX} PROPERTIES SKIP_BUILD_RPATH TRUE)
diff --git a/docker4secgear/verify/enclave/enclave/Enclave.config.xml b/docker4secgear/verify/enclave/enclave/Enclave.config.xml
new file mode 100644
index 00000000..a5e05e01
--- /dev/null
+++ b/docker4secgear/verify/enclave/enclave/Enclave.config.xml
@@ -0,0 +1,12 @@
+<EnclaveConfiguration>
+  <ProdID>0</ProdID>
+  <ISVSVN>0</ISVSVN>
+  <StackMaxSize>0x100000</StackMaxSize>
+  <HeapMaxSize>0x80000</HeapMaxSize>
+  <TCSNum>10</TCSNum>
+  <TCSPolicy>1</TCSPolicy>
+  <!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
+  <DisableDebug>1</DisableDebug>
+  <MiscSelect>0</MiscSelect>
+  <MiscMask>0xFFFFFFFF</MiscMask>
+</EnclaveConfiguration>
diff --git a/docker4secgear/verify/enclave/enclave/Enclave.lds b/docker4secgear/verify/enclave/enclave/Enclave.lds
new file mode 100644
index 00000000..ab77e647
--- /dev/null
+++ b/docker4secgear/verify/enclave/enclave/Enclave.lds
@@ -0,0 +1,11 @@
+enclave.so
+{
+    global:
+        g_global_data_sim;
+        g_global_data;
+        enclave_entry;
+        g_peak_heap_used;
+    local:
+        *;
+};
+
diff --git a/docker4secgear/verify/enclave/enclave/enclave.cpp b/docker4secgear/verify/enclave/enclave/enclave.cpp
new file mode 100644
index 00000000..4cbaf6f8
--- /dev/null
+++ b/docker4secgear/verify/enclave/enclave/enclave.cpp
@@ -0,0 +1,705 @@
+#include "Enclave1_t.h"
+#include <string.h>
+#include <string>
+#include <vector>
+#include <cstdlib>
+#define MAX_LEN 1024
+
+using namespace std;
+
+namespace calc {
+	const int L = 16;
+	const std::string hexChars = "0123456789abcdef";
+	int dec(char ch) {
+		if ('0' <= ch && ch <= '9') {
+			return ch - '0';
+		}
+		if ('a' <= ch && ch <= 'f') {
+			return ch - 'a' + 10;
+		}
+		if ('A' <= ch && ch <= 'F') {
+			return ch - 'A' + 10;
+		}
+		return -1;
+	}
+	std::string hex(unsigned int x) {
+		std::string result = "";
+		for (int j = 28; j >= 0; j -= 4) {
+			result += hexChars[x >> j & 0x0F];
+		}
+		return result;
+	}
+	std::string hex(unsigned long long x) {
+		std::string result = "";
+		for (int j = 60; j >= 0; j -= 4) {
+			result += hexChars[x >> j & 0x0F];
+		}
+		return result;
+	}
+	std::string bin(unsigned int x) {
+		std::string result = "";
+		for (int j = 31; j >= 0; j--) {
+			result += hexChars[x >> j & 0x01];
+		}
+		return result;
+	}
+	std::string bin(unsigned long long x) {
+		std::string result = "";
+		for (int j = 63; j >= 0; j--) {
+			result += hexChars[x >> j & 0x01];
+		}
+		return result;
+	}
+	unsigned int rightRotate(unsigned int x, int u) {
+		unsigned long long xx = (unsigned long long)x << 32 | x;
+		return (unsigned int)((xx >> u)&(unsigned int)-1);
+	}
+	unsigned int LeftRotate(unsigned int x, int u) {
+		u &= 31;
+		unsigned long long xx = (unsigned long long)x << 32 | x;
+		return (unsigned int)((xx >> (32 - u))&(unsigned int)-1);
+	}
+	struct bigNum {
+		int siz, hexLen;
+		std::vector<unsigned long long>num;
+		bigNum(int _siz = L) {
+			siz = _siz; hexLen = siz << 4;
+			num.resize(_siz, 0);
+		}
+		bigNum(std::string src) {
+			int len = src.length(); hexLen = src.length();
+			siz = (len + 15) >> 4;
+			num.resize(siz, 0);
+			for (int i = 0, cnt = 0; i < len; i++, cnt++) {
+				num[cnt >> 4] |= (unsigned long long)dec(src[i]) << (((cnt & 0x0F) ^ 15) << 2);
+			}
+		}
+		bigNum FromU32(uint32_t src) {
+			bigNum result = bigNum(1);
+			result.num[0] = src;
+			return result;
+		}
+		std::string hex() {
+			std::string result = "";
+			for (int i = 0; i < siz; i++) {
+				for (int j = 60; j >= 0; j -= 4) {
+					result += hexChars[num[i] >> j & 0x0F];
+				}
+			}
+			result.erase(hexLen);
+			return result;
+		}
+		std::string bin() {
+			std::string result = "b";
+			for (int i = 0; i < siz; i++) {
+				for (int j = 63; j >= 0; j--) {
+					result += hexChars[num[i] >> j & 0x01];
+				}
+			}
+			result.erase(hexLen << 2);
+			return result;
+		}
+		bigNum& operator^=(const bigNum &rhs) {
+			bigNum result = *this;
+			int lmt = siz;
+			if (rhs.siz < lmt) lmt = rhs.siz;
+			for (int i = 0; i < lmt; i++) {
+				result.num[i] ^= rhs.num[i];
+			}
+			return *this = result;
+		}
+		friend bigNum operator^(const bigNum& lhs, const bigNum& rhs) {
+			if(lhs.siz>=rhs.siz) return bigNum(lhs) ^= rhs;
+			else return bigNum(rhs) ^= lhs;
+		}
+		friend bigNum operator||(const bigNum& lhs, const bigNum& rhs) {
+			bigNum result = bigNum(bigNum(lhs).hex() + bigNum(rhs).hex());
+			return result;
+		}
+	};
+	
+	unsigned int P0(unsigned int x) {
+		return x ^ LeftRotate(x, 9) ^ LeftRotate(x, 17);
+	}
+	unsigned int P1(unsigned int x) {
+		return x ^ LeftRotate(x, 15) ^ LeftRotate(x, 23);
+	}
+	unsigned int FF(unsigned int j, unsigned int x, unsigned int y, unsigned int z) {
+		if (j < 16) return x ^ y ^ z;
+		else return (x&y) | (x&z) | (y&z);
+	}
+	unsigned int GG(unsigned int j, unsigned int x, unsigned int y, unsigned int z) {
+		if (j < 16) return x ^ y ^ z;
+		else return (x&y) | ((~x)&z) ;
+	}
+	bigNum SM3(bigNum src) {
+		const unsigned int T[64] = {
+			0x79cc4519, 0x79cc4519, 0x79cc4519, 0x79cc4519, 0x79cc4519, 0x79cc4519, 0x79cc4519, 0x79cc4519,
+			0x79cc4519, 0x79cc4519, 0x79cc4519, 0x79cc4519, 0x79cc4519, 0x79cc4519, 0x79cc4519, 0x79cc4519,
+			0x7a879d8a, 0x7a879d8a, 0x7a879d8a, 0x7a879d8a, 0x7a879d8a, 0x7a879d8a, 0x7a879d8a, 0x7a879d8a,
+			0x7a879d8a, 0x7a879d8a, 0x7a879d8a, 0x7a879d8a, 0x7a879d8a, 0x7a879d8a, 0x7a879d8a, 0x7a879d8a,
+			0x7a879d8a, 0x7a879d8a, 0x7a879d8a, 0x7a879d8a, 0x7a879d8a, 0x7a879d8a, 0x7a879d8a, 0x7a879d8a,
+			0x7a879d8a, 0x7a879d8a, 0x7a879d8a, 0x7a879d8a, 0x7a879d8a, 0x7a879d8a, 0x7a879d8a, 0x7a879d8a,
+			0x7a879d8a, 0x7a879d8a, 0x7a879d8a, 0x7a879d8a, 0x7a879d8a, 0x7a879d8a, 0x7a879d8a, 0x7a879d8a,
+			0x7a879d8a, 0x7a879d8a, 0x7a879d8a, 0x7a879d8a, 0x7a879d8a, 0x7a879d8a, 0x7a879d8a, 0x7a879d8a, };
+		unsigned int h[8] = {
+			0x7380166f, 0x4914b2b9, 0x172442d7, 0xda8a0600, 0xa96f30bc, 0x163138aa, 0xe38dee4d, 0xb0fb0e4e };
+		std::string tmpstr = bigNum(src).hex();
+		tmpstr += "8";
+		while (tmpstr.length() % 128 != 112) {
+			tmpstr += "0";
+		}
+		tmpstr += hex((unsigned long long)src.hexLen << 2);
+		bigNum tmpnum = bigNum(tmpstr);
+
+		for (int i = 0; i < tmpnum.siz; i += 8) {
+			unsigned int w[68] = {}, ww[64] = {};
+			for (int j = 0; j < 16; j += 2) {
+				w[j] = (unsigned int)(tmpnum.num[i + (j >> 1)] >> 32);
+				w[j + 1] = (unsigned int)(tmpnum.num[i + (j >> 1)]);
+			}
+			for (int j = 16; j < 68; j++) {
+				w[j] = P1(w[j - 16] ^ w[j - 9] ^ LeftRotate(w[j - 3], 15)) ^ LeftRotate(w[j - 13], 7) ^ w[j - 6];
+			}
+			for (int j = 0; j < 64; j++) {
+				ww[j] = w[j] ^ w[j + 4];
+			}
+			unsigned int t[8] = {};
+			for (int j = 0; j < 8; j++) {
+				t[j] = h[j];
+			}
+			for (int j = 0; j < 64; j++) {
+				unsigned int SS1, SS2, TT1, TT2;
+				SS1 = LeftRotate(LeftRotate(t[0], 12) + t[4] + LeftRotate(T[j], j), 7);
+				SS2 = SS1 ^ LeftRotate(t[0], 12);
+				TT1 = FF(j, t[0], t[1], t[2]) + t[3] + SS2 + ww[j];
+				TT2 = GG(j, t[4], t[5], t[6]) + t[7] + SS1 + w[j];
+				t[7] = t[6];
+				t[6] = LeftRotate(t[5], 19);
+				t[5] = t[4];
+				t[4] = P0(TT2);
+				t[3] = t[2];
+				t[2] = LeftRotate(t[1],9);
+				t[1] = t[0];
+				t[0] = TT1;
+			}
+			for (int j = 0; j < 8; j++) {
+				h[j] = h[j] ^ t[j];
+			}
+		}
+
+		bigNum result = bigNum(4);
+		result.num[0] = ((unsigned long long)h[0] << 32) | h[1];
+		result.num[1] = ((unsigned long long)h[2] << 32) | h[3];
+		result.num[2] = ((unsigned long long)h[4] << 32) | h[5];
+		result.num[3] = ((unsigned long long)h[6] << 32) | h[7];
+		return result;
+	}
+
+	struct smallNum {
+		int siz;
+		std::vector<unsigned long long>num;
+		smallNum(int _siz = 1) {
+			siz = _siz;
+			num.resize(_siz, 0);
+		}
+		smallNum(char ch) {
+			siz = 1;
+			num.push_back(ch - '0');
+		}
+		smallNum(std::string src) {
+			int len = src.length();
+			siz = (len + 15) >> 4;
+			num.resize(siz, 0);
+			for (int i = len - 1, cnt = 0; i >= 0; i--, cnt++) {
+				num[cnt >> 4] |= (unsigned long long)dec(src[i]) << ((cnt & 0x0F) << 2);
+			}
+		}
+		smallNum fromBin(std::string src) {
+			smallNum result = smallNum();
+			int len = src.length();
+			if (!len) {
+				return smallNum();
+			}
+			result.siz = (len + 63) >> 6;
+			result.num.resize(result.siz, 0);
+			for (int i = len - 1, cnt = 0; i >= 0; i--, cnt++) {
+				result.num[cnt >> 6] |= (unsigned long long)dec(src[i]) << (cnt & 0x3F);
+			}
+			return result;
+		}
+		smallNum(bigNum src) {
+			std::string srcstr = src.hex();
+			*this = smallNum(srcstr);
+		}
+		smallNum fromBigNum(bigNum src) {
+			std::string srcstr = src.hex();
+			return smallNum(srcstr);
+		}
+		bigNum toBigNum(smallNum src, int minHexLength = 0) {
+			std::string srcstr = src.hex();
+			return bigNum(srcstr);
+		}
+		smallNum e() {
+			smallNum result = smallNum(1);
+			result.num[0] = 1;
+			return result;
+		}
+		smallNum FromU32(uint32_t src) {
+			smallNum result = smallNum(1);
+			result.num[0] = src;
+			return result;
+		}
+		std::string hex() {
+			std::string result = "";
+			for (int i = siz - 1; i >= 0; i--) {
+				for (int j = 60; j >= 0; j -= 4) {
+					result += hexChars[num[i] >> j & 0x0F];
+				}
+			}
+			return result;
+		}
+		std::string bin() {
+			std::string result = "";
+			for (int i = siz - 1; i >= 0; i--) {
+				for (int j = 63; j >= 0; j--) {
+					result += hexChars[num[i] >> j & 0x01];
+				}
+			}
+			return result;
+		}
+		smallNum& operator^=(const smallNum &rhs) {
+			smallNum result = *this;
+			int lmt = rhs.siz;
+			for (int i = 0; i < lmt; i++) {
+				result.num[i] ^= rhs.num[i];
+			}
+			return *this = result;
+		}
+		friend smallNum operator^(const smallNum& lhs, const smallNum& rhs) {
+			if(lhs.siz>rhs.siz) return smallNum(lhs) ^= rhs;
+			else return smallNum(rhs) ^= lhs;
+		}
+		friend bool operator<(const smallNum& lhs, const smallNum& rhs) {
+			if (lhs.siz^rhs.siz) {
+				return lhs.siz < rhs.siz;
+			}
+			for (int i = lhs.siz - 1; i >= 0; i--) {
+				if (lhs.num[i] ^ rhs.num[i]) {
+					return lhs.num[i] < rhs.num[i];
+				}
+			}
+			return 0;
+		}
+		friend bool operator<=(const smallNum& lhs, const smallNum& rhs) {
+			if (lhs.siz^rhs.siz) {
+				return lhs.siz < rhs.siz;
+			}
+			for (int i = lhs.siz - 1; i >= 0; i--) {
+				if (lhs.num[i] ^ rhs.num[i]) {
+					return lhs.num[i] < rhs.num[i];
+				}
+			}
+			return 1;
+		}
+		friend bool operator>(const smallNum& lhs, const smallNum& rhs) {
+			return smallNum(rhs) < smallNum(lhs);
+		}
+		friend bool operator>=(const smallNum& lhs, const smallNum& rhs) {
+			return smallNum(rhs) <= smallNum(lhs);
+		}
+		friend bool operator==(const smallNum& lhs, const smallNum& rhs) {
+			if (lhs.siz^rhs.siz) {
+				return 0;
+			}
+			for (int i = lhs.siz - 1; i >= 0; i--) {
+				if (lhs.num[i] ^ rhs.num[i]) {
+					return 0;
+				}
+			}
+			return 1;
+		}
+		friend bool operator!=(const smallNum& lhs, const smallNum& rhs) {
+			if (lhs.siz^rhs.siz) {
+				return 1;
+			}
+			for (int i = lhs.siz - 1; i >= 0; i--) {
+				if (lhs.num[i] ^ rhs.num[i]) {
+					return 1;
+				}
+			}
+			return 0;
+		}
+		smallNum& operator+=(const smallNum& rhs) {
+			while (siz < rhs.siz) {
+				++siz; num.push_back(0ULL);
+			}
+			unsigned long long carry0 = 0ULL, carry1 = 0ULL;
+			for (int i = 0; i < rhs.siz; i++) {
+				if (((num[i] >> 1) + (rhs.num[i] >> 1) + (((num[i] & 1ULL) + (rhs.num[i] & 1ULL) + carry0) >> 1)) >> 63) {
+					if (i + 1 == siz) {
+						++siz; num.push_back(0ULL);
+					}
+					carry1 = 1ULL;
+				}
+				num[i] += rhs.num[i] + carry0;
+				carry0 = carry1;
+				carry1 = 0ULL;
+			}
+			for (int i = rhs.siz; i < siz; i++) {
+				if (((num[i] >> 1) + (((num[i] & 1ULL) + carry0) >> 1)) >> 63) {
+					if (i + 1 == siz) {
+						++siz; num.push_back(0ULL);
+					}
+					carry1 = 1ULL;
+				}
+				num[i] += carry0;
+				carry0 = carry1;
+				carry1 = 0ULL;
+			}
+			return *this;
+		}
+		friend smallNum operator+(const smallNum& lhs, const smallNum&rhs) {
+			return smallNum(lhs) += rhs;
+		}
+		smallNum& operator-=(const smallNum& rhs){
+            unsigned long long tmp,carry0=0,carry1=0;
+            for(int i=0;i<rhs.siz;i++){
+                tmp=num[i];
+                num[i]-=rhs.num[i];
+                if(num[i]>tmp){
+                    carry1=1;
+                }
+                tmp=num[i];
+                num[i]-=carry0;
+                if(num[i]>tmp){
+                    carry1=1;
+                }
+                carry0=carry1;
+                carry1=0;
+            }
+            for(int i=rhs.siz;i<siz;i++){
+                tmp=num[i];
+                num[i]-=carry0;
+                if(num[i]>tmp){
+                    carry1=1;
+                }
+                carry0=carry1;
+                carry1=0;
+            }
+            while(siz>1&&!num[siz-1]){
+                --siz;num.pop_back();
+            }
+            return *this;
+        }
+		friend smallNum operator-(const smallNum& lhs, const smallNum&rhs) {
+			return smallNum(lhs) -= rhs;
+		}
+		void _add(unsigned long long u,unsigned long long v,unsigned long long &x,unsigned long long &y,unsigned long long &z){
+            x+=u; if(x<u) {++y; if(!y) ++z; }
+            y+=v; if(y<v) ++z;
+        }
+        smallNum& operator*=(const smallNum& rhs){
+            int SIZ=siz+rhs.siz;
+            smallNum result=smallNum(SIZ);
+            result.num.push_back(0ULL);
+            for(int k=0;k<SIZ;++k){
+                for(int i=(k>=rhs.siz?k-rhs.siz+1:0),j=k-i;i<siz&&~j;--j,++i){
+                    __uint128_t tmp=(__uint128_t)num[i]*(__uint128_t)rhs.num[j];
+                    _add((unsigned long long)(tmp&(-1ULL)),(unsigned long long)((tmp>>64)&(-1ULL)),result.num[k],result.num[k+1],result.num[k+2]);
+                }
+            }
+            result.num.pop_back();
+            if(result.siz>1&&!result.num[SIZ-1]){
+                --result.siz;
+                result.num.pop_back();
+            }
+            return *this=result;
+        }
+
+		friend smallNum operator*(const smallNum& lhs, const smallNum&rhs) {
+			return smallNum(lhs) *= rhs;
+		}
+		smallNum pow(unsigned long long rhs) {
+			smallNum result = smallNum().e(), u = smallNum(*this);
+			while (rhs) {
+				if (rhs & 1) {
+					result *= u;
+				}
+				u *= u;
+				rhs >>= 1;
+			}
+			return result;
+		}
+		smallNum& operator%=(const smallNum& rhs) {
+			smallNum result = smallNum();
+			std::string lhsBin = smallNum(*this).bin();
+			int lhsLen = lhsBin.length();
+			for (int i = 0; i < lhsLen; i++) {
+				result = result + result;
+				if (lhsBin[i] & 1) {
+					result.num[0] |= 1;
+				}
+				if (rhs <= result) {
+					result = result - rhs;
+				}
+			}
+			return *this = result;
+		}
+		friend smallNum operator%(const smallNum& lhs, const smallNum&rhs) {
+			return smallNum(lhs) %= rhs;
+		}
+		smallNum pow_mod(unsigned long long rhs, smallNum _mod) {
+			smallNum result = smallNum().e(), u = smallNum(*this);
+			while (rhs) {
+				if (rhs & 1) {
+					result = (result*u) % _mod;
+				}
+				u = (u*u) % _mod;
+				rhs >>= 1;
+			}
+			return result;
+		}
+		smallNum pow_mod(smallNum rhs, smallNum _mod) {
+			smallNum result = smallNum().e(), u = smallNum(*this);
+			std::string rhsstr = rhs.bin();
+			int rhsLen = rhsstr.length();
+			for (int i = rhsLen - 1; i >= 0; i--) {
+				if (rhsstr[i] & 1) {
+					result = (result*u) % _mod;
+				}
+				u = (u*u) % _mod;
+			}
+			return result;
+		}
+		smallNum fromDec(std::string src) {
+			if (src == "") {
+				return smallNum();
+			}
+			smallNum result = smallNum();
+			int siz = src.length();
+			for (int i = 0; i < siz; i++) {
+				result *= smallNum("a");
+				result += smallNum(src[i]);
+			}
+			return result;
+		}
+	};
+	smallNum big2Small(bigNum src) {
+		std::string srcstr = src.hex();
+		return smallNum(srcstr);
+	}
+	bigNum small2Big(smallNum src, int minHexLength = 0) {
+		std::string srcstr = src.hex();
+		return bigNum(srcstr);
+	}
+}
+
+namespace interface {
+	using namespace calc;
+	smallNum rsa_d(smallNum rsa_e, smallNum d, smallNum n) {
+		return rsa_e.pow_mod(d, n);
+	}
+}
+
+char tmpresult[512];
+char* transferFromString(string src) {
+	int siz = src.length();
+	if (siz < 512) {
+		for (int i = 0; i <= siz; i++) {
+			tmpresult[i] = src[i];
+		}
+	}
+	return tmpresult;
+}
+
+string transferToString(char* src) {
+	string result;
+	for (int i = 0; src[i]; i++) {
+		result += src[i];
+	}
+	return result;
+}
+
+unsigned int randSeed = 0;
+
+unsigned int getNextRand(unsigned int preRand) {
+	if (!preRand) return -1;
+	unsigned x = preRand;
+	x ^= x << 13;
+	x ^= x >> 17;
+	x ^= x << 5;
+	return x;
+}
+
+unsigned int getNextRand(unsigned int preRand,int rounds) {
+	if (!preRand) return -1;
+	unsigned x = preRand;
+	for (int i = 0; i < rounds; i++) {
+		x = getNextRand(x);
+	}
+	return x;
+}
+
+uint32_t Keys[2];
+
+void sealKeys() {
+	Keys[0] ^= getNextRand(12345678, 32);
+	Keys[1] ^= getNextRand(87654321, 32);
+}
+
+void decryptKeys(uint32_t *keybuf) {
+	keybuf[0] = Keys[0] ^ getNextRand(12345678, 32);
+	keybuf[1] = Keys[1] ^ getNextRand(87654321, 32);
+}
+
+void initKeys(uint32_t *src) {
+	randSeed = src[0];
+	randSeed ^= getNextRand(randSeed, 16);
+	Keys[0] = getNextRand(randSeed, 555); // Ku
+	Keys[1] = getNextRand(randSeed, 777); // Kw
+	sealKeys();
+}
+
+void setKeys(uint32_t *K) {
+	memcpy(Keys, K, sizeof Keys);
+}
+
+void getKeys(uint32_t *K) {
+	memcpy(K, Keys, sizeof Keys);
+}
+
+using namespace calc;
+string DebugStr;
+string Dstr, Nstr, CDstr, NPWstr;
+
+void encryptD() {
+	uint32_t Dkeys[2] = {};
+	decryptKeys(Dkeys);
+	CDstr = (smallNum(Dstr) ^ big2Small(SM3(bigNum().FromU32(Dkeys[0]) || bigNum(Nstr)))).hex();
+	Dstr = "";
+}
+
+void decryptD() {
+	uint32_t Dkeys[2] = {};
+	decryptKeys(Dkeys);
+	Dstr = (smallNum(CDstr) ^ big2Small(SM3(bigNum().FromU32(Dkeys[0]) || bigNum(Nstr)))).hex();
+}
+
+void setCD(char* src, size_t len) {
+	char source[MAX_LEN];
+	if (len < MAX_LEN) {
+		memcpy(source, src, len + 1);
+	}
+	CDstr = transferToString(source);
+}
+
+void setD(char* src, size_t len){
+	char source[MAX_LEN];
+	if (len < MAX_LEN) {
+		memcpy(source, src, len + 1);
+	}
+	Dstr = transferToString(source);
+	encryptD();
+}
+
+void setN(char* src, size_t len){
+	char source[MAX_LEN];
+	if (len < MAX_LEN) {
+		memcpy(source, src, len + 1);
+	}
+	Nstr = transferToString(source);
+}
+
+void getCD(char *buf, size_t len) {
+	char* result = transferFromString(CDstr);
+	if (len > strlen(result)) {
+		memcpy(buf, result, strlen(result) + 1);
+	}
+}
+
+string RSAsource;
+
+void setRSAsource(char* src, size_t len) {
+	char source[MAX_LEN];
+	if (len < MAX_LEN) {
+		memcpy(source, src, len + 1);
+	}
+	RSAsource = transferToString(source);
+}
+
+void getRSAresult(char *buf, size_t len) {
+	decryptD();
+	string hpw = interface::rsa_d(smallNum(RSAsource), smallNum(Dstr), smallNum(Nstr)).hex();
+	uint32_t Dkeys[2] = {};
+	decryptKeys(Dkeys);
+	string npw = (smallNum(hpw) ^ big2Small(SM3(bigNum().FromU32(Dkeys[0]) || bigNum(Dstr)))).hex();
+	char* result = transferFromString(npw);
+	Dstr = "";
+	if (len > strlen(result)) {
+		memcpy(buf, result, strlen(result) + 1);
+	}
+}
+
+uint32_t _uints[3];
+
+void registerSeed(uint32_t *src){
+	randSeed = src[0];
+	randSeed ^= getNextRand(randSeed, 16);
+	_uints[0] = getNextRand(randSeed, 111) % 2001 + 2000; // x
+	_uints[1] = getNextRand(randSeed, 222) % 1001 + 2000; // mu
+	_uints[2] = getNextRand(randSeed, 333) % 15 + 1; // k
+}
+
+void setNPW(char* src, size_t len) {
+	char source[MAX_LEN];
+	if (len < MAX_LEN) {
+		memcpy(source, src, len + 1);
+	}
+	NPWstr = transferToString(source);
+}
+
+string _xStr, _muStr, _kStr,_nwidStr;
+
+void calcEmbeddingResult() {
+	decryptD();
+	string hwid = interface::rsa_d(smallNum(RSAsource), smallNum(Dstr), smallNum(Nstr)).hex();
+	uint32_t Dkeys[2] = {};
+	decryptKeys(Dkeys);
+	_nwidStr = (smallNum(hwid) ^ big2Small(SM3(bigNum().FromU32(Dkeys[1]) || bigNum(Dstr)))).hex();
+	string hpw = (smallNum(NPWstr) ^ big2Small(SM3(bigNum().FromU32(Dkeys[0]) || bigNum(Dstr)))).hex();
+	smallNum hashPart = big2Small(SM3(bigNum(hpw) || bigNum(hwid)).hex());
+	_xStr = (smallNum().FromU32(_uints[0])*smallNum("001001001001001001001001001001001001001001001001001001001001001") ^ hashPart).hex();
+	_muStr = (smallNum().FromU32(_uints[1])*smallNum("001001001001001001001001001001001001001001001001001001001001001") ^ hashPart).hex();
+	_kStr = (smallNum().FromU32(_uints[2])*smallNum("1111111111111111111111111111111111111111111111111111111111111111") ^ hashPart).hex();
+	Dstr = "";
+	NPWstr = "";
+}
+
+void getX(char *buf, size_t len) {
+	char* result = transferFromString(_xStr);
+	if (len > strlen(result)) {
+		memcpy(buf, result, strlen(result) + 1);
+	}
+}
+
+void getMu(char *buf, size_t len) {
+	char* result = transferFromString(_muStr);
+	if (len > strlen(result)) {
+		memcpy(buf, result, strlen(result) + 1);
+	}
+}
+
+void getK(char *buf, size_t len) {
+	char* result = transferFromString(_kStr);
+	if (len > strlen(result)) {
+		memcpy(buf, result, strlen(result) + 1);
+	}
+}
+
+void getNWID(char *buf, size_t len) {
+	char* result = transferFromString(_nwidStr);
+	if (len > strlen(result)) {
+		memcpy(buf, result, strlen(result) + 1);
+	}
+}
diff --git a/docker4secgear/verify/enclave/enclave/manifest.txt.in b/docker4secgear/verify/enclave/enclave/manifest.txt.in
new file mode 100644
index 00000000..7b8ecf59
--- /dev/null
+++ b/docker4secgear/verify/enclave/enclave/manifest.txt.in
@@ -0,0 +1,8 @@
+gpd.ta.appID:	@UUID@
+gpd.ta.service_name:	test0108
+gpd.ta.singleInstance:	true
+gpd.ta.multiSession:	false
+gpd.ta.multiCommand:	false
+gpd.ta.instanceKeepAlive:	false
+gpd.ta.dataSize:	16384
+gpd.ta.stackSize:	20480
diff --git a/docker4secgear/verify/enclave/enclave/rsa_public_key_cloud.pem b/docker4secgear/verify/enclave/enclave/rsa_public_key_cloud.pem
new file mode 100644
index 00000000..a321f63e
--- /dev/null
+++ b/docker4secgear/verify/enclave/enclave/rsa_public_key_cloud.pem
@@ -0,0 +1,11 @@
+-----BEGIN PUBLIC KEY-----
+MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAzAPwbnbgBg7JgXERA9Bx
+p7GLI1S3e1zL83RMd2+GXb6kO4yMKUL3NUCE2HhA2BtQYmLyGovx59UUcKnU58is
+Xux++kH+A2shmOPjYvEFuX0Kt8tc19b8M9b/iHsY8ZmKykqia2a5U+IrECRFJo5p
+DWUnl7jrHVtq78BSR1c7iXG1frrEC0AYCuqKJo/fxfmOKL0Y9mENCB3nAwjn9unD
+BsO/OhkqvvB3nkeuMfNKPh4wCqtQPve13eTojbuxjX/3ePijplTI5X2Gr+n6Ximn
+fYRlytQmMgMl/db0ARSKNApq9bmwzVNrnGWWZWJksdRvf6iL7t17Gs4L9AApOuC9
+WkzxPvwp5ZUqjsGd4oJGWeC6ZE6BTw2vxE+xMFI9uAKHxq9pBKkcGMa0g4fANNNV
++W+8JZGanxEXKB3y/M7BCyQAPCWOHC/RNjmRA1gczLYCPzC4pWu935UZdF1RR6zY
+CD3t+FoOGGET/g4CwWgyhb5qkp65Hs6ayYt/DUAqo+yBAgMBAAE=
+-----END PUBLIC KEY-----
-- 
Gitee


From 12a602f1cd581f8a0962b9ad61b8c1eebb3eb295 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Sun, 13 Nov 2022 12:40:07 +0000
Subject: [PATCH 41/44] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20do?=
 =?UTF-8?q?cker4secgear/verify/enclave/enclave/.keep?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docker4secgear/verify/enclave/enclave/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 delete mode 100644 docker4secgear/verify/enclave/enclave/.keep

diff --git a/docker4secgear/verify/enclave/enclave/.keep b/docker4secgear/verify/enclave/enclave/.keep
deleted file mode 100644
index e69de29b..00000000
-- 
Gitee


From 4f7a2218757643ae38f5acef80a2f22890746895 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Sun, 13 Nov 2022 12:40:26 +0000
Subject: [PATCH 42/44] host
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: 周诏盟 <zhaomeng@isrc.iscas.ac.cn>
---
 .../verify/enclave/host/CMakeLists.txt        |  88 +++++++++++++++
 docker4secgear/verify/enclave/host/main.cpp   | 101 ++++++++++++++++++
 2 files changed, 189 insertions(+)
 create mode 100644 docker4secgear/verify/enclave/host/CMakeLists.txt
 create mode 100644 docker4secgear/verify/enclave/host/main.cpp

diff --git a/docker4secgear/verify/enclave/host/CMakeLists.txt b/docker4secgear/verify/enclave/host/CMakeLists.txt
new file mode 100644
index 00000000..bc273397
--- /dev/null
+++ b/docker4secgear/verify/enclave/host/CMakeLists.txt
@@ -0,0 +1,88 @@
+# Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved.
+# secGear is licensed under the Mulan PSL v2.
+# You can use this software according to the terms and conditions of the Mulan PSL v2.
+# You may obtain a copy of Mulan PSL v2 at:
+#     http://license.coscl.org.cn/MulanPSL2
+# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
+# PURPOSE.
+# See the Mulan PSL v2 for more details.
+
+#set auto code prefix
+set(PREFIX enclave)
+#set host exec name
+set(OUTPUT secgear_enclave)
+#set host src code
+set(SOURCE_FILE ${CMAKE_CURRENT_SOURCE_DIR}/main.cpp)
+
+set(CMAKE_CXX_STANDARD 11)
+
+#set auto code
+if(CC_GP)
+    set(AUTO_FILES  ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h)
+    add_custom_command(OUTPUT ${AUTO_FILES}
+    DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE}
+    COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/gp)
+endif()
+    
+if(CC_SGX)
+    set(AUTO_FILES  ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_u.c)
+    add_custom_command(OUTPUT ${AUTO_FILES}
+    DEPENDS ${CURRENT_ROOT_PATH}/${EDL_FILE}
+    COMMAND ${CODEGEN} --${CODETYPE} --untrusted ${CURRENT_ROOT_PATH}/${EDL_FILE} --search-path ${LOCAL_ROOT_PATH}/inc/host_inc/sgx  --search-path ${SGXSDK}/include)
+endif()
+
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIE")
+set(CMAKE_CXX_FLAGS "${CMAKE_C_FLAGS} -O2 -fPIE")
+set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS}  -s")
+
+if(CC_GP)
+    if(${CMAKE_VERSION} VERSION_LESS "3.13.0")
+        link_directories(${SECGEAR_INSTALL_PATH})
+    endif()
+    add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES})
+    target_include_directories(${OUTPUT} PRIVATE  
+                    ${LOCAL_ROOT_PATH}/inc/host_inc
+                    ${LOCAL_ROOT_PATH}/inc/host_inc/gp
+                    ${CMAKE_CURRENT_BINARY_DIR})
+    if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0")
+        target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
+    endif()
+endif()
+
+if(CC_SGX)
+    if(${CMAKE_VERSION} VERSION_LESS "3.13.0")
+        link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
+    endif()
+    add_executable(${OUTPUT} ${SOURCE_FILE} ${AUTO_FILES})
+    target_include_directories(${OUTPUT} PRIVATE
+			${LOCAL_ROOT_PATH}/inc/host_inc 
+			${LOCAL_ROOT_PATH}/inc/host_inc/sgx
+			${CMAKE_CURRENT_BINARY_DIR})
+    if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0")
+        target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY})
+    endif()
+endif()
+
+if(CC_SIM)
+    target_link_libraries(${OUTPUT} secgearsim)
+else()
+    target_link_libraries(${OUTPUT} secgear)
+endif()
+set_target_properties(${OUTPUT} PROPERTIES SKIP_BUILD_RPATH TRUE)
+
+if(CC_GP)
+	#itrustee install whitelist /vender/bin/teec_hello 
+	install(TARGETS  ${OUTPUT}
+        	RUNTIME
+        	DESTINATION /vendor/bin/
+       	 	PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ)  
+endif()
+
+if(CC_SGX)
+	install(TARGETS  ${OUTPUT}
+        	RUNTIME
+        	DESTINATION ${CMAKE_BINARY_DIR}/bin/
+       	 	PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ)  
+endif()
+	
diff --git a/docker4secgear/verify/enclave/host/main.cpp b/docker4secgear/verify/enclave/host/main.cpp
new file mode 100644
index 00000000..a74a5ce6
--- /dev/null
+++ b/docker4secgear/verify/enclave/host/main.cpp
@@ -0,0 +1,101 @@
+#include<stdio.h>
+#include"enclave.h"
+#include<string.h>
+#include<string>
+#include"Enclave1_u.h"
+
+#define MAX_LEN 1024
+
+using namespace std;
+
+const char hexChars[] = "0123456789abcdef";
+int dec(char ch) {
+	if ('0' <= ch && ch <= '9') {
+		return ch - '0';
+	}
+	if ('a' <= ch && ch <= 'f') {
+		return ch - 'a' + 10;
+	}
+	if ('A' <= ch && ch <= 'F') {
+		return ch - 'A' + 10;
+	}
+	return -1;
+}
+uint32_t transferToU32(char* src,int base=10) {
+	uint32_t result = 0;
+	for (int i = 0; src[i]; i++) {
+		result = result * base + dec(src[i]);
+	}
+	return result;
+}
+
+char tmpresult[512];
+char* transferFromString(string src) {
+	int siz = src.length();
+	if (siz < 512) {
+		for (int i = 0; i <= siz; i++) {
+			tmpresult[i] = src[i];
+		}
+	}
+	return tmpresult;
+}
+
+int main(int argc, char* argv[]) {
+	cc_enclave_t *eid;
+	cc_enclave_result_t ret;
+	char *path = transferFromString(PATH);
+	
+	ret = cc_enclave_create(path, AUTO_ENCLAVE_TYPE, 0, SECGEAR_DEBUG_FLAG, NULL, 0, &eid);
+	if (ret != CC_SUCCESS) {
+		printf("ERR: %#x ,failed to create enclave.\n", ret);
+		return -1;
+	}
+	char buffer[MAX_LEN];
+	uint32_t uints[2] = {};
+	if (argc > 1) {
+		if(strcmp(argv[1],"initServer")==0){
+			uints[0] = transferToU32(argv[4]);
+			initKeys(eid, uints);
+			setN(eid, argv[3], strlen(argv[3]) + 1);
+			setD(eid, argv[2], strlen(argv[2]) + 1);
+			getCD(eid, buffer, MAX_LEN); 
+			printf("%s\n", buffer); 
+			getKeys(eid, uints); 
+			printf("%u\n%u\n", uints[0], uints[1]); 
+		}
+		else if(strcmp(argv[1], "passwordEncryption") == 0){
+			setN(eid, argv[4], strlen(argv[4]) + 1);
+			setCD(eid, argv[3], strlen(argv[3]) + 1);
+			setRSAsource(eid, argv[2], strlen(argv[2]) + 1);
+			uints[0] = transferToU32(argv[5]);
+			setKeys(eid, uints);
+			getRSAresult(eid, buffer, MAX_LEN);
+			printf("%s\n", buffer);
+		}
+		else if(strcmp(argv[1], "embedding") == 0){
+			setN(eid, argv[5], strlen(argv[5]) + 1);
+			setCD(eid, argv[4], strlen(argv[4]) + 1);
+			setNPW(eid, argv[3], strlen(argv[3]) + 1);
+			setRSAsource(eid, argv[2], strlen(argv[2]) + 1);
+			uints[0] = transferToU32(argv[8]);
+			registerSeed(eid, uints);
+			uints[0] = transferToU32(argv[6]);
+			uints[1] = transferToU32(argv[7]);
+			setKeys(eid, uints);
+			calcEmbeddingResult(eid);
+			getX(eid, buffer, MAX_LEN);
+			printf("%s\n", buffer);
+			getMu(eid, buffer, MAX_LEN);
+			printf("%s\n", buffer);
+			getK(eid, buffer, MAX_LEN);
+			printf("%s\n", buffer);
+			getNWID(eid, buffer, MAX_LEN);
+			printf("%s\n", buffer);
+		}
+	}
+
+	if (CC_SUCCESS != cc_enclave_destroy(eid)) {
+		return -1;
+	}
+	return 0;
+}
-- 
Gitee


From e053421dcb14719a92838c189f272933f1cf2a42 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Sun, 13 Nov 2022 12:40:32 +0000
Subject: [PATCH 43/44] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20do?=
 =?UTF-8?q?cker4secgear/verify/enclave/host/.keep?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docker4secgear/verify/enclave/host/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 delete mode 100644 docker4secgear/verify/enclave/host/.keep

diff --git a/docker4secgear/verify/enclave/host/.keep b/docker4secgear/verify/enclave/host/.keep
deleted file mode 100644
index e69de29b..00000000
-- 
Gitee


From 8b5cbe57a308f3cf61db973f29350cfbde53b592 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=91=A8=E8=AF=8F=E7=9B=9F?= <zhaomeng@isrc.iscas.ac.cn>
Date: Sun, 13 Nov 2022 12:40:45 +0000
Subject: [PATCH 44/44] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=96=87=E4=BB=B6=20do?=
 =?UTF-8?q?cker4secgear/verify/.keep?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docker4secgear/verify/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 delete mode 100644 docker4secgear/verify/.keep

diff --git a/docker4secgear/verify/.keep b/docker4secgear/verify/.keep
deleted file mode 100644
index e69de29b..00000000
-- 
Gitee