diff --git a/tools/toolchains/dcap_lib/inc/occlum_dcap.h b/tools/toolchains/dcap_lib/inc/occlum_dcap.h index 00dfd999..562b976a 100644 --- a/tools/toolchains/dcap_lib/inc/occlum_dcap.h +++ b/tools/toolchains/dcap_lib/inc/occlum_dcap.h @@ -8,32 +8,32 @@ #include "sgx_qve_header.h" #ifdef __cplusplus -extern "C" { +extern "C" +{ #endif -void *dcap_quote_open(void); + void *dcap_quote_open(void); -uint32_t dcap_get_quote_size(void *handle); + uint32_t dcap_get_quote_size(void *handle); -int32_t dcap_generate_quote(void *handle, uint8_t *quote_buf, const sgx_report_data_t *report_data); + int32_t dcap_generate_quote(void *handle, uint8_t *quote_buf, const sgx_report_data_t *report_data); -uint32_t dcap_get_supplemental_data_size(void *handle); + uint32_t dcap_get_supplemental_data_size(void *handle); -int32_t dcap_verify_quote(void *handle, - const uint8_t *quote_buf, - uint32_t quote_size, - uint32_t *collateral_expiration_status, - sgx_ql_qv_result_t *quote_verification_result, - uint32_t supplemental_data_size, - uint8_t *supplemental_data); + int32_t dcap_verify_quote(void *handle, + const uint8_t *quote_buf, + uint32_t quote_size, + uint32_t *collateral_expiration_status, + sgx_ql_qv_result_t *quote_verification_result, + uint32_t supplemental_data_size, + uint8_t *supplemental_data); -int32_t dcap_generate_key(void *handle, sgx_key_128bit_t *key, const sgx_key_request_t *key_request); + // int32_t dcap_generate_key(void *handle, sgx_key_128bit_t *key, const sgx_key_request_t *key_request); -void dcap_quote_close(void *handle); + void dcap_quote_close(void *handle); #ifdef __cplusplus } #endif #endif - diff --git a/tools/toolchains/dcap_lib/src/lib.rs b/tools/toolchains/dcap_lib/src/lib.rs index 3eef58a0..f3f8a182 100644 --- a/tools/toolchains/dcap_lib/src/lib.rs +++ b/tools/toolchains/dcap_lib/src/lib.rs @@ -78,6 +78,7 @@ pub extern "C" fn dcap_verify_quote( dcap.verify_quote(&mut verify_arg).unwrap_or(-1) } +/* #[no_mangle] pub extern "C" fn dcap_generate_key( handle: *mut c_void, @@ -97,6 +98,7 @@ pub extern "C" fn dcap_generate_key( dcap.generate_key(&mut key_arg).unwrap_or(-1) } + */ #[no_mangle] pub extern "C" fn dcap_quote_close(handle: *mut c_void) { diff --git a/tools/toolchains/dcap_lib/src/occlum_dcap.rs b/tools/toolchains/dcap_lib/src/occlum_dcap.rs index 63d60d97..8f9f67ae 100644 --- a/tools/toolchains/dcap_lib/src/occlum_dcap.rs +++ b/tools/toolchains/dcap_lib/src/occlum_dcap.rs @@ -5,7 +5,7 @@ const SGXIOC_GET_DCAP_QUOTE_SIZE: u64 = 0x80047307; const SGXIOC_GEN_DCAP_QUOTE: u64 = 0xc0187308; const SGXIOC_GET_DCAP_SUPPLEMENTAL_SIZE: u64 = 0x80047309; const SGXIOC_VER_DCAP_QUOTE: u64 = 0xc030730a; -const SGXIOC_CMD_NUM_KEY: u64 = 0xc010730b; +// const SGXIOC_CMD_NUM_KEY: u64 = 0xc010730b; cfg_if::cfg_if! { if #[cfg(target_env = "musl")] { @@ -13,13 +13,13 @@ cfg_if::cfg_if! { const IOCTL_GEN_DCAP_QUOTE: i32 = SGXIOC_GEN_DCAP_QUOTE as i32; const IOCTL_GET_DCAP_SUPPLEMENTAL_SIZE: i32 = SGXIOC_GET_DCAP_SUPPLEMENTAL_SIZE as i32; const IOCTL_VER_DCAP_QUOTE: i32 = SGXIOC_VER_DCAP_QUOTE as i32; - const IOCTL_CMD_NUM_KEY: i32 = SGXIOC_CMD_NUM_KEY as i32; + // const IOCTL_CMD_NUM_KEY: i32 = SGXIOC_CMD_NUM_KEY as i32; } else { const IOCTL_GET_DCAP_QUOTE_SIZE: u64 = SGXIOC_GET_DCAP_QUOTE_SIZE; const IOCTL_GEN_DCAP_QUOTE: u64 = SGXIOC_GEN_DCAP_QUOTE; const IOCTL_GET_DCAP_SUPPLEMENTAL_SIZE: u64 = SGXIOC_GET_DCAP_SUPPLEMENTAL_SIZE; const IOCTL_VER_DCAP_QUOTE: u64 = SGXIOC_VER_DCAP_QUOTE; - const IOCTL_CMD_NUM_KEY: u64 = SGXIOC_CMD_NUM_KEY; + // const IOCTL_CMD_NUM_KEY: u64 = SGXIOC_CMD_NUM_KEY; } } @@ -44,6 +44,7 @@ pub struct IoctlVerDCAPQuoteArg { pub supplemental_data: *mut u8, // Output (optional) } +/* // Copy from occlum/src/libos/src/fs/dev_fs/dev_sgx/mod.rs //#[allow(dead_code)] #[repr(C)] @@ -51,6 +52,7 @@ pub struct IoctlGetKeyArg { pub key_request: *const sgx_key_request_t, // Input pub key: *mut sgx_key_128bit_t, // Output } + */ pub struct DcapQuote { fd: c_int, @@ -133,6 +135,7 @@ impl DcapQuote { } } + /* pub fn generate_key(&mut self, key_arg: *mut IoctlGetKeyArg) -> Result { let ret = unsafe { libc::ioctl(self.fd, IOCTL_CMD_NUM_KEY, key_arg) }; if ret < 0 { @@ -143,6 +146,7 @@ impl DcapQuote { Ok(0) } } + */ pub fn close(&mut self) { unsafe { libc::close(self.fd) }; diff --git a/tools/toolchains/dcap_lib/src/prelude.rs b/tools/toolchains/dcap_lib/src/prelude.rs index 75747df2..c223f1fd 100644 --- a/tools/toolchains/dcap_lib/src/prelude.rs +++ b/tools/toolchains/dcap_lib/src/prelude.rs @@ -4,5 +4,9 @@ pub use std::io::Error; // Defined in "occlum/deps/rust-sgx-sdk/sgx_types" pub use sgx_types::{ - sgx_ql_qv_result_t, sgx_quote3_t, sgx_quote_header_t, sgx_report_body_t, sgx_report_data_t, sgx_key_request_t, sgx_key_128bit_t, + sgx_ql_qv_result_t, + sgx_quote3_t, + sgx_quote_header_t, + sgx_report_body_t, + sgx_report_data_t, // sgx_key_request_t, sgx_key_128bit_t, }; diff --git a/tools/toolchains/utils_lib/Cargo.toml b/tools/toolchains/utils_lib/Cargo.toml new file mode 100644 index 00000000..64e57478 --- /dev/null +++ b/tools/toolchains/utils_lib/Cargo.toml @@ -0,0 +1,22 @@ +[package] +name = "occlum_utils" +version = "0.1.0" +authors = ["Zheng, Qi "] +edition = "2021" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +sgx_types = { path = "../../../deps/rust-sgx-sdk/sgx_types" } +libc = "0.2" +cfg-if = "1.0.0" + +[lib] +crate-type = ["cdylib", "rlib", "staticlib"] + + +[[example]] +name = "generate_key" + +[dev-dependencies] +occlum_dcap = { path = "../dcap_lib" } diff --git a/tools/toolchains/utils_lib/build.sh b/tools/toolchains/utils_lib/build.sh new file mode 100755 index 00000000..0422475e --- /dev/null +++ b/tools/toolchains/utils_lib/build.sh @@ -0,0 +1,42 @@ +#!/bin/bash +set -e + +INSTALL_DIR=/opt/occlum/toolchains/utils_lib +SONAME=libocclum_utils.so.0.1.0 + +function build_lib() { + if [[ $1 == "musl" ]]; then + echo "*** Build and install musl-libc utils ***" + CARGO=occlum-cargo + TARGET_PATH=target/x86_64-unknown-linux-musl/release + LIB_PATH=${INSTALL_DIR}/musl/ + else + echo "*** Build and install glibc utils ***" + CARGO=cargo + TARGET_PATH=target/release + LIB_PATH=${INSTALL_DIR}/glibc/ + fi + + # cargo build libs and rust example + $CARGO clean + $CARGO rustc --release -- -Clink-arg=-Wl,-soname,$SONAME + $CARGO build --release --examples + + # Copy files + mkdir -p ${LIB_PATH} + cp ${TARGET_PATH}/libocclum_utils.a ${LIB_PATH} + # cp ${TARGET_PATH}/examples/generate_key ${LIB_PATH} # Not used as library + + # Create SO links + pushd ${TARGET_PATH} + strip libocclum_utils.so + mv libocclum_utils.so $SONAME + ln -s $SONAME libocclum_utils.so + popd + cp -Pf ${TARGET_PATH}/libocclum_utils.so* ${LIB_PATH} +} + +build_lib musl +build_lib glibc + +cp -r inc ${INSTALL_DIR}/ diff --git a/tools/toolchains/utils_lib/examples/generate_key.rs b/tools/toolchains/utils_lib/examples/generate_key.rs new file mode 100644 index 00000000..39492bca --- /dev/null +++ b/tools/toolchains/utils_lib/examples/generate_key.rs @@ -0,0 +1,64 @@ +use occlum_utils::*; +use sgx_types::{ + sgx_attributes_t, sgx_key_id_t, sgx_misc_select_t, SGX_KEYPOLICY_MRSIGNER, SGX_KEYSELECT_SEAL, + SGX_KEY_REQUEST_RESERVED2_BYTES, TSEAL_DEFAULT_FLAGSMASK, TSEAL_DEFAULT_MISCMASK, +}; + +use occlum_dcap::{sgx_quote_header_t, sgx_report_body_t, sgx_report_data_t, DcapQuote}; + +fn main() { + let handle = utils_ioctl_open(); + + let dcap_handle = unsafe { &mut *(handle as *mut DcapQuote) }; + + let quote_size = dcap_handle.get_quote_size().unwrap_or_default(); + + let mut quote_buf: Vec = vec![0; quote_size as usize]; + let report_str = "utils demo sample"; + + let mut report_data = sgx_report_data_t::default(); + report_data.d[..report_str.len()].copy_from_slice(report_str.as_bytes()); + + let report_data = report_data as sgx_report_data_t; + + let _ = dcap_handle + .generate_quote(quote_buf.as_mut_ptr(), &report_data) + .unwrap(); + + println!("==============================="); + + dbg!("e_buf); + + let report_body_offset = std::mem::size_of::(); + let report_body: *const sgx_report_body_t = (quote_buf[report_body_offset..]).as_ptr() as _; + let report_body: sgx_report_body_t = unsafe { *report_body }; + + let key_policy = SGX_KEYPOLICY_MRSIGNER; + + let attribute_mask = sgx_attributes_t { + flags: TSEAL_DEFAULT_FLAGSMASK, + xfrm: 0, + }; + + let misc_mask: sgx_misc_select_t = TSEAL_DEFAULT_MISCMASK; + + let key_id = sgx_key_id_t::default(); + + let mut key = sgx_key_128bit_t::default(); + let key_request = sgx_key_request_t { + key_name: SGX_KEYSELECT_SEAL, + key_policy, + isv_svn: report_body.isv_svn, + reserved1: 0_u16, + cpu_svn: report_body.cpu_svn, + attribute_mask, + key_id, + misc_mask, + config_svn: report_body.config_svn, + reserved2: [0_u8; SGX_KEY_REQUEST_RESERVED2_BYTES], + }; + + utils_gen_key(handle, &mut key, &key_request); + + dbg!(&key); +} diff --git a/tools/toolchains/utils_lib/inc/occlum_utils.h b/tools/toolchains/utils_lib/inc/occlum_utils.h new file mode 100644 index 00000000..b9142da7 --- /dev/null +++ b/tools/toolchains/utils_lib/inc/occlum_utils.h @@ -0,0 +1,25 @@ +#ifndef _OCCLUM_UTILS_H +#define _OCCLUM_UTILS_H + +#include +#include + +#include "sgx_report.h" +#include "sgx_qve_header.h" + +#ifdef __cplusplus +extern "C" +{ +#endif + + void *utils_ioctl_open(void); + + int32_t utils_gen_key(void *handle, sgx_key_128bit_t *key, const sgx_key_request_t *key_request); + + void utils_ioctl_close(void *handle); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/tools/toolchains/utils_lib/rust-toolchain b/tools/toolchains/utils_lib/rust-toolchain new file mode 100644 index 00000000..cd5e8eb2 --- /dev/null +++ b/tools/toolchains/utils_lib/rust-toolchain @@ -0,0 +1 @@ +nightly-2022-10-22 diff --git a/tools/toolchains/utils_lib/src/lib.rs b/tools/toolchains/utils_lib/src/lib.rs new file mode 100644 index 00000000..98fd6a9f --- /dev/null +++ b/tools/toolchains/utils_lib/src/lib.rs @@ -0,0 +1,42 @@ +mod occlum_utils; +mod prelude; + +pub use crate::occlum_utils::*; +pub use crate::prelude::*; + +#[no_mangle] +pub extern "C" fn utils_ioctl_open() -> *mut c_void { + if let Ok(fd) = UtilsIoctl::new() { + Box::into_raw(Box::new(fd)) as *mut c_void + } else { + std::ptr::null_mut::() as *mut c_void + } +} + +#[no_mangle] +pub extern "C" fn utils_gen_key( + handle: *mut c_void, + key: *mut sgx_key_128bit_t, + key_request: *const sgx_key_request_t, +) -> i32 { + if handle.is_null() { + return -1; + } + + let ioctl_dev = unsafe { &mut *(handle as *mut UtilsIoctl) }; + + let mut key_arg = IoctlGetKeyArg { key_request, key }; + + ioctl_dev.generate_key(&mut key_arg).unwrap_or(-1) +} + +#[no_mangle] +pub extern "C" fn utils_ioctl_close(handle: *mut c_void) { + if handle.is_null() { + return; + } + + let ioctl_dev = unsafe { &mut *(handle as *mut UtilsIoctl) }; + + ioctl_dev.close(); +} diff --git a/tools/toolchains/utils_lib/src/occlum_utils.rs b/tools/toolchains/utils_lib/src/occlum_utils.rs new file mode 100644 index 00000000..bf30b3ee --- /dev/null +++ b/tools/toolchains/utils_lib/src/occlum_utils.rs @@ -0,0 +1,59 @@ +use crate::prelude::*; +use std::ffi::CString; + +const SGXIOC_CMD_NUM_KEY: u64 = 0xc010730b; + +cfg_if::cfg_if! { + if #[cfg(target_env = "musl")] { + const IOCTL_CMD_NUM_KEY: i32 = SGXIOC_CMD_NUM_KEY as i32; + } else { + const IOCTL_CMD_NUM_KEY: u64 = SGXIOC_CMD_NUM_KEY; + } +} + +// Copy from occlum/src/libos/src/fs/dev_fs/dev_sgx/mod.rs +#[repr(C)] +pub struct IoctlGetKeyArg { + pub key_request: *const sgx_key_request_t, // Input + pub key: *mut sgx_key_128bit_t, // Output +} + +pub struct UtilsIoctl { + fd: c_int, + // for backward compatibility with DcapQuote + _quote_size: u32, + _supplemental_size: u32, +} + +impl UtilsIoctl { + pub fn new() -> Result { + let path = CString::new("/dev/sgx").unwrap(); + let fd = unsafe { libc::open(path.as_ptr(), O_RDONLY) }; + if fd > 0 { + Ok(Self { + fd, + _quote_size: 0, + _supplemental_size: 0, + }) + } else { + let os_err = Error::last_os_error(); + println!("OS error: {os_err:?}"); + Err(os_err) + } + } + + pub(crate) fn generate_key(&mut self, key_arg: *mut IoctlGetKeyArg) -> Result { + let ret = unsafe { libc::ioctl(self.fd, IOCTL_CMD_NUM_KEY, key_arg) }; + if ret < 0 { + let os_err = Error::last_os_error(); + println!("OS error: {os_err:?}"); + Err(os_err) + } else { + Ok(0) + } + } + + pub fn close(&mut self) { + unsafe { libc::close(self.fd) }; + } +} diff --git a/tools/toolchains/utils_lib/src/prelude.rs b/tools/toolchains/utils_lib/src/prelude.rs new file mode 100644 index 00000000..27f2eaa5 --- /dev/null +++ b/tools/toolchains/utils_lib/src/prelude.rs @@ -0,0 +1,6 @@ +pub use libc::{c_int, c_void, close, ioctl, open, O_RDONLY}; +pub use std::boxed::Box; +pub use std::io::Error; + +// Defined in "occlum/deps/rust-sgx-sdk/sgx_types" +pub use sgx_types::{sgx_key_128bit_t, sgx_key_request_t};