sealing example

build.rs

@@ -19,7 +19,8 @@ fn main() {
 
         // Cargo will look for `libocclum_dcap.a`
         println!("cargo:rustc-link-search={}", dcap_lib_path);
-        println!("cargo:rustc-link-lib=static:+whole-archive=occlum_dcap");
+        println!("cargo:rustc-link-lib=occlum_dcap");
+        // println!("cargo:rustc-link-lib=static:+whole-archive=occlum_dcap");
     }
 
     #[cfg(feature = "tonic")]

examples/sealing.rs

@@ -1,12 +1,7 @@
-//use sgx_tseal::SgxSealedData;
+use occlum_ratls::prelude::*;
 
 fn main() {
     println!("Example of sealing");
-    //let text = "sealed text";
+    let config = SealingConfig::new().unwrap();
-    //let additional_text = "additional";
+    config.print_sealing_key();
-    //let sealed_data =
-    //    SgxSealedData::<[u8]>::seal_data(additional_text.as_bytes(), text.as_bytes()).unwrap();
-    //let unsealed_data = SgxSealedData::<[u8]>::unseal_data(&sealed_data).unwrap();
-    //let text: &str = &String::from_utf8_lossy(unsealed_data.get_decrypt_txt());
-    //println!("Unsealed text: {}", text);
 }

src/bindings.rs

@@ -1373,7 +1373,7 @@ const _: () = {
 };
 pub type sgx_cpu_svn_t = _sgx_cpu_svn_t;
 #[repr(C)]
-#[derive(Debug, Copy, Clone)]
+#[derive(Default, Debug, Copy, Clone)]
 pub struct _sgx_key_id_t {
     pub id: [u8; 32usize],
 }

src/config.rs

@@ -3,6 +3,7 @@ use crate::{RaTlsConfigBuilder, RaTlsError};
 #[cfg(feature = "occlum")]
 use crate::quote::{Quote, STATIC_QUOTE};
 
+use crate::quote::{SealingKeyPolicy, Sgx128BitKey, IOCTL_CLIENT};
 use rustls::{ClientConfig, ServerConfig};
 
 pub type Measurement = [u8; 32];
@@ -184,3 +185,38 @@ impl RaTlsConfig {
         ClientConfig::from_ratls_config(self)
     }
 }
+
+pub struct SealingConfig {
+    #[cfg(feature = "occlum")]
+    pub sealing_key: Sgx128BitKey,
+}
+
+impl SealingConfig {
+    #[cfg(feature = "occlum")]
+    fn generate_static_empty_quote() -> Result<&'static Quote, RaTlsError> {
+        Ok(STATIC_QUOTE.as_ref().map_err(|e| e.clone())?)
+    }
+
+    #[cfg(feature = "occlum")]
+    pub fn new() -> Result<Self, RaTlsError> {
+        let quote = Self::generate_static_empty_quote()?;
+        let policy = SealingKeyPolicy::MrEnclave;
+        let sealing_key = IOCTL_CLIENT
+            .lock()
+            .unwrap()
+            .generate_sealing_key(quote, policy)?;
+        Ok(Self { sealing_key })
+    }
+
+    pub fn print_sealing_key(&self) {
+        #[cfg(feature = "occlum")]
+        println!("Sealing key: {:?}", self.sealing_key);
+        #[cfg(not(feature = "occlum"))]
+        println!("Enable occlum feature");
+    }
+
+    #[cfg(not(feature = "occlum"))]
+    pub fn new() -> Result<Self, RaTlsError> {
+        Ok(Self {})
+    }
+}

src/lib.rs

@@ -15,6 +15,7 @@ mod quote;
 //mod sscert;
 
 pub use crate::config::RaTlsConfig;
+pub use crate::config::SealingConfig;
 
 #[cfg(feature = "occlum")]
 pub use crate::config::InstanceMeasurement;

src/prelude.rs

@@ -1,4 +1,5 @@
 pub use crate::RaTlsConfig;
+pub use crate::SealingConfig;
 
 #[cfg(feature = "occlum")]
 pub use crate::config::InstanceMeasurement;

src/quote.rs

@@ -325,7 +325,7 @@ impl IoctlClient {
     /// Generate a sealing key for the given policy and SGX report
     /// The sealing key is used to encrypt/decrypt data in the enclave
     /// The quote must be previously generated using the `generate_quote`
-    fn generate_sealing_key(
+    pub fn generate_sealing_key(
         &mut self,
         quote: &Quote,
         policy: SealingKeyPolicy,
@@ -348,6 +348,8 @@ impl IoctlClient {
             xfrm: 0,
         };
 
+        let mut key_id = sgx_key_id_t::default();
+
         let misc_mask: sgx_misc_select_t = TSEAL_DEFAULT_MISCMASK;
 
         let mut key = sgx_key_128bit_t::default();