diff --git a/build.rs b/build.rs index 5cba388..78703f9 100644 --- a/build.rs +++ b/build.rs @@ -19,7 +19,8 @@ fn main() { // Cargo will look for `libocclum_dcap.a` println!("cargo:rustc-link-search={}", dcap_lib_path); - println!("cargo:rustc-link-lib=static:+whole-archive=occlum_dcap"); + println!("cargo:rustc-link-lib=occlum_dcap"); + // println!("cargo:rustc-link-lib=static:+whole-archive=occlum_dcap"); } #[cfg(feature = "tonic")] diff --git a/examples/sealing.rs b/examples/sealing.rs index d140375..db9154a 100644 --- a/examples/sealing.rs +++ b/examples/sealing.rs @@ -1,12 +1,7 @@ -//use sgx_tseal::SgxSealedData; +use occlum_ratls::prelude::*; fn main() { println!("Example of sealing"); - //let text = "sealed text"; - //let additional_text = "additional"; - //let sealed_data = - // SgxSealedData::<[u8]>::seal_data(additional_text.as_bytes(), text.as_bytes()).unwrap(); - //let unsealed_data = SgxSealedData::<[u8]>::unseal_data(&sealed_data).unwrap(); - //let text: &str = &String::from_utf8_lossy(unsealed_data.get_decrypt_txt()); - //println!("Unsealed text: {}", text); + let config = SealingConfig::new().unwrap(); + config.print_sealing_key(); } diff --git a/src/bindings.rs b/src/bindings.rs index 51bc275..9b17d78 100644 --- a/src/bindings.rs +++ b/src/bindings.rs @@ -1373,7 +1373,7 @@ const _: () = { }; pub type sgx_cpu_svn_t = _sgx_cpu_svn_t; #[repr(C)] -#[derive(Debug, Copy, Clone)] +#[derive(Default, Debug, Copy, Clone)] pub struct _sgx_key_id_t { pub id: [u8; 32usize], } diff --git a/src/config.rs b/src/config.rs index e1cc8dc..b7a7d7a 100644 --- a/src/config.rs +++ b/src/config.rs @@ -3,6 +3,7 @@ use crate::{RaTlsConfigBuilder, RaTlsError}; #[cfg(feature = "occlum")] use crate::quote::{Quote, STATIC_QUOTE}; +use crate::quote::{SealingKeyPolicy, Sgx128BitKey, IOCTL_CLIENT}; use rustls::{ClientConfig, ServerConfig}; pub type Measurement = [u8; 32]; @@ -184,3 +185,38 @@ impl RaTlsConfig { ClientConfig::from_ratls_config(self) } } + +pub struct SealingConfig { + #[cfg(feature = "occlum")] + pub sealing_key: Sgx128BitKey, +} + +impl SealingConfig { + #[cfg(feature = "occlum")] + fn generate_static_empty_quote() -> Result<&'static Quote, RaTlsError> { + Ok(STATIC_QUOTE.as_ref().map_err(|e| e.clone())?) + } + + #[cfg(feature = "occlum")] + pub fn new() -> Result { + let quote = Self::generate_static_empty_quote()?; + let policy = SealingKeyPolicy::MrEnclave; + let sealing_key = IOCTL_CLIENT + .lock() + .unwrap() + .generate_sealing_key(quote, policy)?; + Ok(Self { sealing_key }) + } + + pub fn print_sealing_key(&self) { + #[cfg(feature = "occlum")] + println!("Sealing key: {:?}", self.sealing_key); + #[cfg(not(feature = "occlum"))] + println!("Enable occlum feature"); + } + + #[cfg(not(feature = "occlum"))] + pub fn new() -> Result { + Ok(Self {}) + } +} diff --git a/src/lib.rs b/src/lib.rs index 761c78c..6ebbf2f 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -15,6 +15,7 @@ mod quote; //mod sscert; pub use crate::config::RaTlsConfig; +pub use crate::config::SealingConfig; #[cfg(feature = "occlum")] pub use crate::config::InstanceMeasurement; diff --git a/src/prelude.rs b/src/prelude.rs index c09960d..46b8635 100644 --- a/src/prelude.rs +++ b/src/prelude.rs @@ -1,4 +1,5 @@ pub use crate::RaTlsConfig; +pub use crate::SealingConfig; #[cfg(feature = "occlum")] pub use crate::config::InstanceMeasurement; diff --git a/src/quote.rs b/src/quote.rs index a00b924..f696516 100644 --- a/src/quote.rs +++ b/src/quote.rs @@ -325,7 +325,7 @@ impl IoctlClient { /// Generate a sealing key for the given policy and SGX report /// The sealing key is used to encrypt/decrypt data in the enclave /// The quote must be previously generated using the `generate_quote` - fn generate_sealing_key( + pub fn generate_sealing_key( &mut self, quote: &Quote, policy: SealingKeyPolicy, @@ -348,6 +348,8 @@ impl IoctlClient { xfrm: 0, }; + let mut key_id = sgx_key_id_t::default(); + let misc_mask: sgx_misc_select_t = TSEAL_DEFAULT_MISCMASK; let mut key = sgx_key_128bit_t::default();